Skip to content

Commit

Permalink
Add getting_started/azure.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@kenji-cloudnatix
kenji-cloudnatix committed Dec 11, 2020
1 parent e985da2 commit 412f237
Showing 1 changed file with 214 additions and 0 deletions.
214 changes: 214 additions & 0 deletions docs/getting_started/azure.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
# Getting Started with kOps on Azure

Azure support on kOps is currently in-progress. The original issue
ticket is [#3957](https://github.com/kubernetes/kops/issues/3957) and
the remaining items are tracked in
[#10412](https://github.com/kubernetes/kops/issues/10412).

# Create Creation Steps

## Step 1. Install Azure CLI

First, install Azure CLI.

```bash
$ curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
```

Then type the following command to login to Azure. This will redirect
you to the browser login.

```bash
$ az login

...

You have logged in. Now let us find all the subscriptions to which you have access...
[
{
"cloudName": "AzureCloud",
"homeTenantId": "76253...",
"id": "7e232...",
"isDefault": true,
"managedByTenants": [],
"name": "Your name...",
"state": "Enabled",
"tenantId": "76253...",
"user": {
"name": "...",
"type": "user"
}
},
...
]
```

One Azure account has one or more than one “subscription”, which
serves as a single billing unit for Azure resources. Set the env var
`AZURE_SUBSCRIPTION_ID` to the ID of the subscription you want to
use.

```bash
$ export AZURE_SUBSCRIPTION_ID=7e232...
```

## Step 2. Create a Container in Azure Blob

Next, create a container in Azure Blob storage, which is S3 equivalent service in Azure, to store kOps cluster configs.

First, you need to create a resource group, which provides an isolated
namespace for resources.

```bash
$ az group create --name kops-test --location eastus
{
"id": "/subscriptions/7e232.../resourceGroups/kops-test",
"location": "eastus",
"managedBy": null,
"name": "kops-test",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}
```

Then create a storage account for the resource group. The storage
account provides an isolated namespace for all storage resources. The
name must be unique among across multiple different Azure accounts.

```bash
$ az storage account create --name kopstest --resource-group kops-test
```

Set the env var `AZURE_STORAGE_ACCOUNT` to the storage account name for later use.

```bash
$ export AZURE_STORAGE_ACCOUNT=kopstest
```

Get an access key of the account and set it in env var `AZURE_STORAGE_KEY` for later use.

```bash
$ az storage account keys list --account-name kopstest
[
{
"keyName": "key1",
"permissions": "Full",
"value": "RHWWn..."
},
{
"keyName": "key2",
"permissions": "Full",
"value": "..."
}

]

$ export AZURE_STORAGE_KEY="RHWWn...“
```
Then create a container.
```bash
$ az storage container create --name cluster-configs
{
"created": true
}
```
You can confirm that the container has been successfully created from
Storage Exporter or by typing “az storage container list”.
```bash
$ az storage container list --output table
Name Lease Status Last Modified
--------------- -------------- -------------------------
cluster-configs unlocked 2020-10-06T21:12:36+00:00
```
## Step 3. Set up Credentials for kOps
Type the following commands to generate credentials used for kOps.
First, create a service principal in Active Directory.
```bash
$ az ad sp create-for-rbac --name kops-test --role owner --sdk-auth
{
"clientId": "8c6fddb5...",
"clientSecret": "dUFzX1...",
"subscriptionId": "7e232...",
"tenantId": "76253...",
...
}
```
Set corresponding env vars:
- Set `AZURE_TENANT_ID` to the `tenantId` of the output
- Set `AZURE_CLIENT_ID` to the `clienteId` of the output
- Set `AZURE_CLIENT_SECRET` to the `clientSecret` of the output.
```bash
$ export AZURE_TENANT_ID="76253..."
$ export AZURE_CLIENT_ID="8c6fddb5..."
$ export AZURE_CLIENT_SECRET="dUFzX1..."
```
## Step 4. Run kOps Commands
Type the following command to create cluster configs and push them to
Azure blob storage. `--state` specifies the container where cluster
configs are stored. The command line flags starting from `--azure-`
are for Azure specific configurations.
```bash
$ export KOPS_FEATURE_FLAGS=AlphaAllowAzure
$ kops create cluster \
--cloud azure \
--name my-azure.k8s.local \
--state azureblob://cluster-configs \
--zones eastus-1 \
--network-cidr 172.16.0.0/16 \
--networking calico \
--azure-subscription-id "${AZURE_SUBSCRIPTION_ID}" \
--azure-tenant-id "${AZURE_TENANT_ID}" \
--azure-resource-group-name kops-test \
--azure-route-table-name kops-test \
--azure-admin-user ubuntu
```
We can confirm that config files are created in Blob storage.
```bash
$ az storage blob list --container-name cluster-configs --output table
```
Type the following command to build a k8s cluster.
```
$ kops update cluster \
--name my-azure.k8s.local \
--state azureblob://cluster-configs \
--yes
```
Currently kOps creates the following resources in Azure:
- Virtual Machine Scale Sets (equivalent to AWS Auto Scaling Groups)
- Managed Disks (equivalent to AWS Elastic Volume Storage)
- Virtual network
- Subnet
- Route Table
- Role Assignment
By default, kOps create two VM Scale Sets - one for the k8s master and the
other for worker nodes. Managed Disks are used as etcd volumes ("main"
database and "event" database) and attached to the K8s master
VMs. Role assignments are needed to grant API access and Blob storage
access to the VMs.

0 comments on commit 412f237

Please sign in to comment.