From 412f237bd253f6c0175c71297987a0364b4e6291 Mon Sep 17 00:00:00 2001 From: Kenji Kaneda Date: Fri, 11 Dec 2020 10:31:38 -0800 Subject: [PATCH] Add getting_started/azure.md --- docs/getting_started/azure.md | 214 ++++++++++++++++++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 docs/getting_started/azure.md diff --git a/docs/getting_started/azure.md b/docs/getting_started/azure.md new file mode 100644 index 0000000000000..dca1d71dcd1f8 --- /dev/null +++ b/docs/getting_started/azure.md @@ -0,0 +1,214 @@ +# Getting Started with kOps on Azure + +Azure support on kOps is currently in-progress. The original issue +ticket is [#3957](https://github.com/kubernetes/kops/issues/3957) and +the remaining items are tracked in +[#10412](https://github.com/kubernetes/kops/issues/10412). + +# Create Creation Steps + +## Step 1. Install Azure CLI + +First, install Azure CLI. + +```bash +$ curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash +``` + +Then type the following command to login to Azure. This will redirect +you to the browser login. + +```bash +$ az login + +... + +You have logged in. Now let us find all the subscriptions to which you have access... +[ + { + "cloudName": "AzureCloud", + "homeTenantId": "76253...", + "id": "7e232...", + "isDefault": true, + "managedByTenants": [], + "name": "Your name...", + "state": "Enabled", + "tenantId": "76253...", + "user": { + "name": "...", + "type": "user" + } + }, + ... +] +``` + +One Azure account has one or more than one “subscription”, which +serves as a single billing unit for Azure resources. Set the env var +`AZURE_SUBSCRIPTION_ID` to the ID of the subscription you want to +use. + +```bash +$ export AZURE_SUBSCRIPTION_ID=7e232... +``` + +## Step 2. Create a Container in Azure Blob + +Next, create a container in Azure Blob storage, which is S3 equivalent service in Azure, to store kOps cluster configs. + +First, you need to create a resource group, which provides an isolated +namespace for resources. + +```bash +$ az group create --name kops-test --location eastus +{ + "id": "/subscriptions/7e232.../resourceGroups/kops-test", + "location": "eastus", + "managedBy": null, + "name": "kops-test", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +Then create a storage account for the resource group. The storage +account provides an isolated namespace for all storage resources. The +name must be unique among across multiple different Azure accounts. + +```bash +$ az storage account create --name kopstest --resource-group kops-test +``` + +Set the env var `AZURE_STORAGE_ACCOUNT` to the storage account name for later use. + +```bash +$ export AZURE_STORAGE_ACCOUNT=kopstest +``` + +Get an access key of the account and set it in env var `AZURE_STORAGE_KEY` for later use. + +```bash +$ az storage account keys list --account-name kopstest +[ + { + "keyName": "key1", + "permissions": "Full", + "value": "RHWWn..." + }, + { + "keyName": "key2", + "permissions": "Full", + "value": "..." + } + +] + +$ export AZURE_STORAGE_KEY="RHWWn...“ +``` + + +Then create a container. + +```bash +$ az storage container create --name cluster-configs +{ + "created": true +} +``` + +You can confirm that the container has been successfully created from +Storage Exporter or by typing “az storage container list”. + +```bash +$ az storage container list --output table +Name Lease Status Last Modified +--------------- -------------- ------------------------- +cluster-configs unlocked 2020-10-06T21:12:36+00:00 +``` + +## Step 3. Set up Credentials for kOps + +Type the following commands to generate credentials used for kOps. + +First, create a service principal in Active Directory. + +```bash +$ az ad sp create-for-rbac --name kops-test --role owner --sdk-auth + +{ + "clientId": "8c6fddb5...", + "clientSecret": "dUFzX1...", + "subscriptionId": "7e232...", + "tenantId": "76253...", + ... +} +``` + +Set corresponding env vars: + +- Set `AZURE_TENANT_ID` to the `tenantId` of the output +- Set `AZURE_CLIENT_ID` to the `clienteId` of the output +- Set `AZURE_CLIENT_SECRET` to the `clientSecret` of the output. + +```bash +$ export AZURE_TENANT_ID="76253..." +$ export AZURE_CLIENT_ID="8c6fddb5..." +$ export AZURE_CLIENT_SECRET="dUFzX1..." +``` + +## Step 4. Run kOps Commands + +Type the following command to create cluster configs and push them to +Azure blob storage. `--state` specifies the container where cluster +configs are stored. The command line flags starting from `--azure-` +are for Azure specific configurations. + +```bash +$ export KOPS_FEATURE_FLAGS=AlphaAllowAzure + +$ kops create cluster \ + --cloud azure \ + --name my-azure.k8s.local \ + --state azureblob://cluster-configs \ + --zones eastus-1 \ + --network-cidr 172.16.0.0/16 \ + --networking calico \ + --azure-subscription-id "${AZURE_SUBSCRIPTION_ID}" \ + --azure-tenant-id "${AZURE_TENANT_ID}" \ + --azure-resource-group-name kops-test \ + --azure-route-table-name kops-test \ + --azure-admin-user ubuntu +``` + +We can confirm that config files are created in Blob storage. + +```bash +$ az storage blob list --container-name cluster-configs --output table +``` + +Type the following command to build a k8s cluster. + +``` +$ kops update cluster \ + --name my-azure.k8s.local \ + --state azureblob://cluster-configs \ + --yes +``` + +Currently kOps creates the following resources in Azure: + +- Virtual Machine Scale Sets (equivalent to AWS Auto Scaling Groups) +- Managed Disks (equivalent to AWS Elastic Volume Storage) +- Virtual network +- Subnet +- Route Table +- Role Assignment + +By default, kOps create two VM Scale Sets - one for the k8s master and the +other for worker nodes. Managed Disks are used as etcd volumes ("main" +database and "event" database) and attached to the K8s master +VMs. Role assignments are needed to grant API access and Blob storage +access to the VMs.