How to create a Kubernetes cluster on Azure in minutes !

If sometimes you’ve asked yourself how are containers platforms are built in Azure PaaS solution like ACS (Azure Container Service) here is a tool you want to take a look at ! The name of this tools is acs-engine !

[su_quote url=”https://github.com/Azure/acs-engine”]The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DCOS, Kubernetes, or Swarm orchestrators. The input to the tool is a cluster definition. The cluster definition is very similar to (in many cases the same as) the ARM template syntax used to deploy a Microsoft Azure Container Service cluster.[/su_quote]

On the Github page you’ll find everything needed to build it and install the soft behind the entire Azure Container Service which is a very great news for both of us.

It also means that we can deploy from scratch our Containers in Swarm, Mesos and Kubernetes as we want, without using any UI !

In this blog post, we’ll focus on Kubernetes. So, what is Kubernetes? Taking from Kubernetes.io here is the definition

[su_quote url=”http://kubernetes.io”]is an open-source system for automating deployment, scaling, and management of containerized applications. [/su_quote]

So, in order to build a Kubernetes on Azure, let’s start from the beginning 🙂

Installing ACS Engine

The goal of this post isn’t to reuse every single command of the Github page previously mentioned, but to offers you another way for installing ACS Engine.

In order to install build ACSE, you need Git and Go… So, let’s install them using PowerShell!

Remember that you need to change location of binaries as well as the Workplace….

Configuration PrepACSE {
    Node localhost {
        package Golang {
            Ensure = 'Present'
            Name = 'Go Programming Language amd64 go1.7.3'
            Path = 'D:\Downloads\go1.7.3.windows-amd64.msi'
            ProductId = 'EDB95B47-64F4-4D6C-9C41-2ED290E583E9'
            Arguments = '/quiet /norestart'
        }

        Package Git {
            Ensure = 'Present'
            Name = 'Git'
            Path = 'D:\Downloads\Git-2.10.2-64-bit.exe'
            ProductId = ''
            Arguments = '/VERYSILENT /NORESTART'
        }

        File Workplace {
            Type = 'Directory'
            DestinationPath = 'D:\Workplace'
            Ensure = "Present"
        }

        Environment Path {
            Ensure = 'Present'
            Name = 'GOPATH'
            Value = "D:\Workplace"
        }

        Registry Path {
            Ensure = 'Present'
            Key = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\'
            ValueName = 'Path'
            ValueData = $env:Path + ";C:\Go\Bin\;C:\Program Files\Git\Bin"
            ValueType = "String"
        }
    }
}

PrepACSE

 

And After that let’s apply the wanted configuration to our computer. Note that I use -Force because i tried multiple installation and some of them have failed before, the -wait is here to make us wait reading the verbose message generated.

Start-DscConfiguration -Path .\PrepACSE -Verbose -Wait -ComputerName localhost -Force

DSC Azure Container Service Engine preparation installation

Ok now we have our server fully prepared to build with Go.

 

Build the ACS Engine

In a fresh console execute theses lines in order to get sources and build using go. We need to use a fresh console to have the environment variables correctly settled up.

$Workplace = 'D:\Workplace'
Push-Location $Workplace
go get github.com/Azure/acs-engine
go get all
Push-Location ($Workplace + "\src\github.com\Azure\acs-engine")
go build

 

You now have acs-engine.exe in the root of the dir. Let’s continue the funny things 🙂

 

Create a Kubernetes cluster on Azure

You first need an SSH Key. Use this link to create one for Putty and now you can use the dirty script below. The script will connect you to your Azure tenant, create an AD Application. Please note that URLs are settled because they are mandatory, but they’re not validated by the script, so feel free to use what you want. Once we have our application, we’ll build a SPN around it, with a Contributor role. After that we’ll generate a json template to use it with acs-engine.exe at the end.

$SSHPublicKey = "<put_you_ssh_public_key_here>"
$DNSPrefix = "k8sdemo01"
$Password = "S0m3Str0ngP4sS"

# Connect to your Azure tenant
Add-AzureRmAccount

# We don't care avout URLs here :)
# Create the application
$app = New-AzureRmADApplication -DisplayName $DNSPrefix -HomePage "https://www.contoso.org/example" -IdentifierUris "https://www.contoso.org/example" -Password $Password

# Create the Sevice Principal
New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId


# Assign correct right for the SPN 
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $app.ApplicationId.Guid

# Generate the k8s template file
# Source: https://github.com/Azure/acs-engine/blob/master/examples/kubernetes.json
$k8sTemplate = @"
{
  "apiVersion": "vlabs",
  "properties": {
    "orchestratorProfile": {
      "orchestratorType": "Kubernetes"
    },
    "masterProfile": {
      "count": 1,
      "dnsPrefix": "$DNSPrefix",
      "vmSize": "Standard_D2_v2"
    },
    "agentPoolProfiles": [
      {
        "name": "agentpool1",
        "count": 3,
        "vmSize": "Standard_D2_v2",
        "availabilityProfile": "AvailabilitySet"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "$SSHPublicKey"
          }
        ]
      }
    },
    "servicePrincipalProfile": {
      "servicePrincipalClientID": "$($app.ApplicationId.Guid)",
      "servicePrincipalClientSecret": "$Password"
    }
  }
}
"@

$k8sTemplate | Out-File D:\Workplace\Kubernetes.json -Encoding ANSI

# Generate the ARM template
Push-Location D:\Workplace\src\github.com\Azure\acs-engine
.\acs-engine.exe D:\Workplace\kubernetes.json

 

You may have some errors in the output of acs-engine.exe… I don’t know why because everything is perfectly generated there.

ACSE generated files

And now let’s build the resource group and populate it !

We need to connect to our tenant, create the resource group and initiate a deployment.

# Connect to your Azure tenant
Add-AzureRmAccount

Push-Location D:\Workplace\src\github.com\Azure\acs-engine

Select-AzureRmSubscription -SubscriptionID 35034310-d309-4bff-8c85-86b74b709ca6

New-AzureRmResourceGroup -Name "k8sDemo02" -Location "West Europe"

New-AzureRmResourceGroupDeployment -Name k8sDemo02 -ResourceGroupName k8sDemo02 `
    -TemplateFile _output\Kubernetes-33948742\azuredeploy.json -TemplateParameterFile _output\Kubernetes-33948742\azuredeploy.parameters.json

 

At the end of the deployment you should have this OutputString message giving you the FQDN of your Kubernetes Master.

Azure Container Service Engine

Use your Kubernetes cluster

You need to install kubectl client for Windows here and Pageant as well.

Configure Pageant

After Pageant download is finished, double click on it and you should now have it running on the background

Azure Container Service Pageant

Right click on it, click on Add Key, select you private key and enter your passphrase, nothing more easy

Configure Kubectl client

In order to have kubectl client working on your OS, you must downlaod the configuration stored on your Kubernetes Master. In order to do that you have many possibilities, the easier one is to use WinSCP to grab it. In the WinSCP go to /home/azureuser/.kube and download the config file. Store it to the folder where kuctl is located and run SET KUBECONFIG=config.

Now you can use your kubectl client smoothly 😀

kubectl get nodes

Azure Container Serivce Kubectl working

Now let’s run a Nginx pod and take a look at the pod list on our Kubernetes cluster

kubectl run nginx --image nginx
kubectl get pods
kubectl expose deployment nginx --port=80

Now if you edit the service using the command below, changing the Type from ClusterIP to LoadBalancer will create a load balancer in Azure!

kubectl edit svc/nginx

Use the dashboard

The first thing to do is to launch the command that will launch a proxy in order you can access Kubernetes resources locally and run your favorite navigator to http://127.0.0.1:8001/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard

kubectl proxy

 

Here you go !!

Azure Container Service Kubernetes Dashboard

 

 

Now you can play with Kubernetes on your Azure subscription 🙂

Hope you like it