Create and Configure Azure Kubernetes Service Cluster
Mayank Vaish
Digital Transformation Architect | Generative AI Solution Architect | Sr. Enterprise Architect
Azure Kubernetes Cluster is very much in demand, because of hyper scale, capability, and hosting Multiple different container on single AKS Cluster, where you can have 1000 of Nodes per node pool (per cluster with VM Scale Set and Standard Load Balancer) and 100,000s of Pods servicing your requests concurrently from across the globe. Azure Kubernetes Service can have 10 Node Pools and each node pool can have max 1000 nodes, potentially and theoretically having a maximum limit of 10K VMs for each AKS Cluster, to handle all the user spike you may get. Assuming you have 100 pods on each VM you can have 10,000 X100 = 10,00,000 Pods for a day or for full year, theoretically, subject to Quota and regional limits.
- You can have Traffic Manager in front of AKS Cluster, so that you can have multiple AKS cluster in different regions.
- You can have Azure Front Door in front of Azure Traffic Manager to route traffic to nearest region Traffic Manager.
Above Deployment Architecture have below Benefits.
- Each Service is independent of up stream or downstream Service. Hence no dependency on external service or tight coupling.
- Single Responsibility Principle. (Each layer does only one thing)
- Hyperscale capability. (Each layer is independently Hyper Scalable)
- Resiliency (If region goes down, traffic will be routed to other region)
- Redundancy across Deployment Architecture. (Each Layer have it own Redundancy Mechanism)
- Can host multiple Websites on Same Infrastructure. (Using App Gateway Capabilities)
- Each Service have their own VNet and firewall, white listed VNET and hence own security.
- Low Latency (Azure Front Door provides 100s of edge location in multiple regions across globe) . Azure front door can cache static content on edge locations. It is same WAN Edges/Infrastructure, deployed across globally distributed edge locations, Microsoft uses for serving office365 and Bing requests. If one region is down for any reason, Azure Front Door can Route traffic to another region.
- SSL Offloading
- Global HTTP load balancing with instant failover
- Web Application Firewall and DDoS Protection
- Central control plane for traffic orchestration
- Above solution is Globally Distributed, Highly Scalable, Low Latency, Elastic Hyper Scale and using Globally-Distributed Multi-Model(Relational DB, NoSQL, Graph, Key Value, Document, Column-Family), Database system.
- Implementing Serverless Architecture. (Where you need not provision and maintain servers)
- Globally distributed Microservices applications to support any scale SaaS, Multi-Tenant solution.
Microsoft WAN (Image courtesy: Microsoft)
This article is part of Five Part Series on Azure Kubernetes Service. Let's see in this article how to create and configure Azure Kubernetes Service Cluster.
Five Part Series
1. Create and Configure Azure Kubernetes Service Cluster
2. Deploy your Application to Azure Kubernetes Service Cluster
3. Manual and Automatic Scaling in Azure Kubernetes Service Cluster
4. Yaml based CICD Pipeline for Azure Kubernetes Service Cluster
5. Monitoring Azure Kubernetes Service Cluster
Step 1: Install Docker on your Desktop
Enable Windows feature Containers and Microsoft-Hyper-V
Start Windows PowerShell as Administrator and run these commands to activate the features.
Enable-WindowsOptionalFeature -Online -FeatureName containers –All
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V –All
Or Enable from GUI
https://docs.docker.com/docker-for-windows/install-windows-home/
Step 2: Install .NET Core 5
Install .Net Core 5.0.101 SDK or Higher from - https://dotnet.microsoft.com/download/dotnet-core
https://dotnet.microsoft.com/download/dotnet/5.0
Re-Start (Update and Re-start) Machine
Step 3: Install Kubernetes Lens.
Step 4: Install PowerShell
https://github.com/PowerShell/PowerShell/releases/tag/v7.1.0
Verify Version - $PSVersionTable.PSVersion
Step 5: Install PowerShell Az Module
Run Below Command on Powershell
if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
'Az modules installed at the same time is not supported.')
} else {
Install-Module -Name Az -AllowClobber -Scope AllUsers}
OR
https://portal.azure.com/ >> Open Azure CLI >> PowerShell (Select from Dropdown)
Step 6: Create Resource Group in Subscription
az group create -l westus2 -n ResourceGroupAKS --subscription "xxxxxxxxxx-xxxxxxxxxxx"
Open Azure CLI in https://portal.azure.com/ and then select PowerShell from dropdown.
Step 7: Create AKS in ResourceGroup and location
az aks get-versions --location eastus --output table
Use the Latest Version from above command output for creating AKS Cluster
az aks create -g ResourceGroupAKS --location eastus -n AKSDemoCluster --kubernetes-version 1.19.3 --generate-ssh-keys --subscription "xxxxxxxxxxx-xxxxxxxxxx" --load-balancer-sku Standard --windows-admin-password 'Password12345$' --windows-admin-username azure --network-plugin azure --enable-ahub
Now you have AKS Cluster with Linux Node Pool and Windows Profile too. But no Windows Node Pool yet. Run below Command to create Windows Node Pool.
az aks nodepool add --resource-group ResourceGroupAKS --cluster-name AKSDemoCluster --os-type Windows --name npwin --node-count 1
To check if Azure Hybrid Benefit is set on the cluster, use the following command
az vmss show --name AKSDemoCluster --resource-group ResourceGroupAKS
Step 8: Install Azure CLI
Install Azure CLI
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli
Step 9: Install .NET Framework
Install .Net Framework
https://docs.microsoft.com/en-us/dotnet/framework/install/on-windows-10
https://docs.microsoft.com/en-us/dotnet/framework/install/
Step 10: Install & Import Azure PowerShell
Run Below command on Local PowerShell to install Azure PowerShell
Open PowerShell (as Admin)
https://github.com/Azure/azure-powershell/releases
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser Get-ExecutionPolicy -List Uninstall-AzureRm Install-Module -Name Az -Repository PSGallery –AllowClobber –Force -Scope CurrentUser Update-Module -Name Az Import-Module -Name Az Get-InstalledModule -Name Az –AllVersions Get-InstalledModule -Name Az -AllVersions | Select -Object -Property Name, Version
Step 11: Re-Start your Computer
Re-Start your computer
Step 12: Get AKS Credential Deployed on your local machine
Run Below command on Local PowerShell in Admin Mode, to get AKS credentials so that we can open Kuberenetes Lens.
Az login
az aks get-credentials --resource-group ResourceGroupAKS --name AKSDemoCluster --subscription "xxxxxxxxxxxxx-xxxxxxxxx"
Step 13: Connect Kubernetes lens with your AKS Cluster
Step 14: Create ASP.NET Core MVC Project in Visual Studio
Step 15: Create Azure Container Registry
Open PowerShell (as Admin)
Az Login
Create Azure Container Registry
az acr create --resource-group ResourceGroupAKS --name mycontainerregistry9101 --sku Basic
Step 16: Login into Azure Container Registry
az acr login --name mycontainerregistry9101
Step 17: Get an Docker Image from Docker Public Image Registry
Docker pull hello-world
Docker images
Step 18: Push, local Docker image to Azure Container Registry
Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
Docker tag hello-world mycontainerregistry9101.azurecr.io/hello-world
Login Into https://portal.azure.com and enable Admin user. ACR>> Access Keys >> Admin User >> Enable
Put the user id in the next PowerShell command
az acr login --name mycontainerregistry9101.azurecr.io
Docker login mycontainerregistry9101.azurecr.io -u mycontainerregistry9101
Next it will ask for password and put the Admin user password from azure portal.
Run below command to verify if login was successful
az acr repository list --name mycontainerregistry9101 --output table
Push local image to Azure container Registry
Docker push myContainerregistry9101.azurecr.io/hello-world:latest
Verify Image have been pushed
az acr repository list --name mycontainerregistry9101 --output table
Step 19: Install Kubectl client on local machine
Install Kubectl on your local machine. Run below PowerShell command.
Install-Script -Name 'install-kubectl' -Scope CurrentUser –Force
kubectl version --client
Step 20: Install Ingress Controller on AKS Cluster using lens
Install Ingress Controller on your AKS Cluster, so that traffic can be correctly routed to correct Service. This works as AKS Load Balancer and route incoming Traffic to correct service in AKS, which may have 10,000 or more pods on different nodes behind it.
Install Chocolatey on Windows
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
Run below command to verify Chocolatey has been installed
Choco
Install Helm
So that we install nginx ingress controller- which works as Load balancer for your Azure Kuberenetes Controller
choco install kubcernetes-helm
Verify Helm
Helm
Install nginx Ingress Controller, which works as reverse proxy and load balancer on your AKS Cluster, so that traffic can be correctly routed to correct pod.
Go to your Kuberenetes lens >> Apps >> Charts >> search for “ingress” >> choose nginx-ingress-controller.
helm repo list
If bitnami is available then no need to add bitnami repo, else add bitnami repo by running below command.
helm repo add bitnami https://charts.bitnami.com/bitnami
Create Namespace for Ingress-controller using lens, tool.
Create nginx ingress controller in this namespace.
You can change the installation yaml parameters in below terminal window and set NameSpace and Installation Name.
Or
You can run below command on Powershell, to install nginx ingress controller.
Run below command to install nginx ingress controller
helm install ingress-controller bitnami/nginx-ingress-controller –n ingress-controller
Now your AKS cluster is set for deployment of workload/application.
Step 21: Create Image from Project and Push Image to ACR
Az login
az account set --subscription "Visual Studio XXXXXXXXX Subscription"
az acr login --name mycontainerregistry9101.azurecr.io --subscription "Visual Studio XXXXXXXX Subscription"
In PowerShell change to the Directory where your AKSDemoWebApplication folder is and where your docker file is located. Then run below command. This command will
1. Build your image from the Dockerfile
2. Tag the Image on your local machine.
3. Mark the Image for Windows platform.
4. Push the Image to Azure Container Registry.
az acr build -t aksdemowebapplication -r mycontainerregistry9101.azurecr.io . --platform windows
-t is to set the Tag, -r to set the registry(acr), --platform to set the windows or unix environment
Refer - https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest