Cloud Infrastructure Community's Space

AKS #1: Create Azure Kubernetes Service cluster

This is instruction series for beginner who is being working with Kubernetes on Azure Cloud. Azure Kubernetes Service aka AKS is one of managed Kubernetes service running on Azure Cloud. Going though this series, you learn how to create an AKS service, deploy simple service using helm chart, learn how to implement ArgoCD to automatically deploy your service as workload and how to use Azure in monitoring k8s service.

Prerequisites

  • An Azure account with an active subscription
  • Azure CLI see Install Azure CLI on Ubuntu 22.04
  • Knowledge base about Azure Virtual Network, Azure Cloud fundamental
  • A terminal (Ubuntu, WSL2 or Terminal for macOS)

How to create an Azure Kubernetes Service (AKS)

We’re going to use Azure CLI and its commands to create Azure resources, you can use Azure Portal but in this series, we prefer Azure CLI to. By using command lines interface, you can easily integrate your works to CICD such as Github action workflow to have better automatically tasks.

Let’s open your favorite terminal on your machine which contains az cli installed and follow below steps:

1. Define variables for az commands

First of all, we need to describe some variables which will be used in all steps, make sure you’ll your information as bellow:

# define variables
export TENANT_ID="<your Azure AD tenant>"
export SUBSCRIPTION_ID="<your subscription id>"

export LOCATION="northeurope"
export AKS_NAME="cli-aks"
export AKS_RG="cli-aks"
export AKS_NODE_RG="cli-aks-rg"
export NODE_COUNT="3"
export NODE_POOL="linuxpool"
export NODE_OS_SKU="Ubuntu"

# for networking
export VNET_NAME="cli-vnet"
export VNET_PREFIX="10.80.0.0/16"
export AKS_SUBNET_NAME="cli-aks"
export AKS_SUBNET_PREFIX="10.80.1.0/24"
export PIP_NAME="cli-pip"
export PIP_DNS_NAME="cli-pip-dns"
export APPGW_NAME="cli-appgw"

2. Login to Azure using az cli

Let’s authenticate against Azure Cloud using az cli module by az login commands

# login into Azure using cli
az login -t $TENANT_ID

This command will open your browser and allow you enter your Azure credentials. You can use your service principal to login without providing credential manually. See Azure CLI login with Service Principal.

After logged in successfully, let’s set your working subscription by

# set active subscription
az account set -s $SUBSCRIPTION_ID

# optional command
az config set extension.use_dynamic_install=yes_without_prompt

3. Create azure resource groups for AKS services

A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.

After logged in and have your subscription activated, run following az command to create your resource group

# create Azure resource group
az group create --name $AKS_RG --location $LOCATION

You can now get your resource group information by running another az command:

# get Azure resource group by name
az group list

:: Expected Output

[
  {
    "id": "/subscriptions/c3f3aa63-3fdc-402f-xxx-30fe0xxxf3ef/resourceGroups/cli-aks-rg",
    "location": "northeurope",
    "managedBy": null,
    "name": "cli-aks",
    "properties": {
      "provisioningState": "Succeeded"
    },
    "tags": null,
    "type": "Microsoft.Resources/resourceGroups"
  }
]

4. Preparing Network resources

Virtual Network

Azure Virtual Network (VNET) is the fundamental building block for your private network in Azure. VNET enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNET is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

We’re going to create a Virtual Network called cli-vnet inside a resource group cli-aks created in previous step. This VNET has 10.80.0.0/16 addresses and contains one subnet for our Kubernetes cluster (10.80.1.0/24)

# create Azure Virtual Network aka VNET
az network vnet create -g $AKS_RG -n $VNET_NAME --address-prefix $VNET_PREFIX

export AKS_SUBNET_ID=$(az network vnet subnet create -g $AKS_RG --vnet-name $VNET_NAME --name $AKS_SUBNET_NAME --address-prefixes $AKS_SUBNET_PREFIX --query "id" -o tsv | tr -d '\r')
Public IP Address

Public IP Address was identified as endpoint address for our Kubernetes cluster. Traffics to our service running on cluster needs an address.

# create Azure Public Ip Address
az network public-ip create -g $AKS_RG -n $PIP_NAME --sku Standard --tier Regional --allocation-method Static --dns-name $PIP_DNS_NAME
Azure Application Gateway

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

# create Azure Application Gateway
vnetBlock1=$(echo $VNET_PREFIX | awk -F . '{print $1}')
vnetBlock2=$(echo $VNET_PREFIX | awk -F . '{print $2}')
az network vnet subnet create -g $AKS_RG --vnet-name $VNET_NAME -n $APPGW_NAME --address-prefixes "${vnetBlock1}.${vnetBlock2}.15.208/28"

az network application-gateway create -g $AKS_RG -n $APPGW_NAME --capacity 2 --sku Standard_v2 --vnet-name $VNET_NAME --subnet $APPGW_NAME --priority 1001 --http-settings-cookie-based-affinity Enabled --public-ip-address $PIP_NAME

It takes from 5 to 10 minutes to complete Application Gateway creating, time to relax

5. Create Azure Kubernetes Service (AKS) Cluster

Now it’s time to create an AKS cluster with above Azure resources. 

# create AKS cluster
az aks create --name $AKS_NAME --resource-group $AKS_RG --kubernetes-version 1.22.11 --node-resource-group $AKS_NODE_RG --nodepool-name $NODE_POOL \
--os-sku $NODE_OS_SKU --node-count $NODE_COUNT \
--vnet-subnet-id $AKS_SUBNET_ID \
--load-balancer-sku Standard --outbound-type loadBalancer --generate-ssh-keys \
--network-plugin azure --network-policy azure --enable-managed-identity \
--tags "cluster=$AKS_NAME" --yes

Again, time to relax, take a cup of coffee. I takes 5 to 10 minutes to complete AKS setup.

:: Expected Output

{
  "aadProfile": null,
  "addonProfiles": null,
  "agentPoolProfiles": [
    {
      "availabilityZones": null,
      "capacityReservationGroupId": null,
      "count": 3,
   ...
    },
    "loadBalancerSku": "Standard",
    "natGatewayProfile": null,
    "networkMode": null,
    "networkPlugin": "azure",
    "networkPluginMode": null,
    "networkPolicy": "azure",
    "outboundType": "loadBalancer",
    "podCidr": null,
    "podCidrs": null,
    "serviceCidr": "10.0.0.0/16",
    "serviceCidrs": [
      "10.0.0.0/16"
    ]
  },
  "nodeResourceGroup": "cli-aks-rg",
  "oidcIssuerProfile": {
    "enabled": false,
    "issuerUrl": null
  },
  "podIdentityProfile": null,
  "powerState": {
    "code": "Running"
  },
  "privateFqdn": null,
  "privateLinkResources": null,
  "provisioningState": "Succeeded",
  ...
}

Conclusions

We’ve just created a simple Azure Kubernetes Cluster which was connected to a VNET. In the next article, we’re going to add some special Add-Ons for our K8S cluster and Deploy a simple NodeJS application to see how it works on Kubernetes.

Source Code

Source code for this article available at Github epiHATR/azurekubernetes/create_aks.sh

Leave a Reply

Your email address will not be published. Required fields are marked *

Press ESC to close