Documentation

Azure AKS

Creation of kubernetes cluster on Azure

Suggest Edits

Using Azure CLI

1. Install Azure CLI

You can check Installation of Azure CLI from here for your preferred workstation - https://learn.microsoft.com/en-us/cli/azure/install-azure-cli. Example for MacOS 

brew update && brew install azure-cli

# confirm the CLI version
az version
{
  "azure-cli": "2.47.0",
  "azure-cli-core": "2.47.0",
  "azure-cli-telemetry": "1.0.8",
  "extensions": {}
}

2. Log In to Azure

You can use multiple methods to login through the Azure CLI 

# browser based login
az login

# with username and password
az login --user <user> --password <pass>

# login with the tenant
az login --tenant <tenantID>

# check Azure login help for other methods to log in
az login --help

3. Set Azure subscription

Check if the current subscription you want is correct or not 

az account show

Set the right subscription if needed 

az account set --subscription "<SubscriptionID>"

4. Finding region

You need to decide the region in which the cluster will be deployed. For the documentation purposes we will use westeurope as the primary region. To get the list of regions you can use the below command 

az account list-locations -o table

5. Creating Resource group

All the Azure resources (mostly) are deployed in some resource group. For our AKS cluster we will create a resource group. We are naming it as tfy-datascience but feel free to name it according to your preferred naming conventions. We are creating two tags team=datascience and owner=truefoundry

az group create --location westeurope \
--name tfy-datascience \
--tags team=datascience owner=truefoundry

6. Create user assigned identity

To authenticate to AKS cluster post-creation we need to create a user-assigned identity. Managed Identity is the way to authenticate to Azure resource (AKS here) using Azure AD. There are two kinds of managed identities and we will use user-assigned identities among them. Copy the unique ID of the user assigned identity from the below steps

az identity create \
--resource-group tfy-datascience \
--name tfy-user-identity

7. Creating AKS Cluster

We can create AKS cluster in mostly two ways. You can chose any one of the following ways.

A. Creating AKS cluster without specifying network requirements

In this we can skip the network requirements during AKS creation as it is handled automatically by Azure. We are using tfy-aks-cluster as the cluster name and node pool size will autoscale from 2 to 4 nodes. You need to pass the user assigned identity through the argument --assign-identity

az aks create \
--name tfy-aks-cluster \
--resource-group tfy-datascience \
--enable-workload-identity \
--enable-managed-identity \
--assign-identity "/subscriptions/<subscriptionID>/resourcegroups/tfy-datascience/providers/Microsoft.ManagedIdentity/userAssignedIdentities/tfy-user-identity" \
--network-plugin kubenet \
--enable-oidc-issuer \
--enable-cluster-autoscaler \
--min-count 2 \
--max-count 4 \
--tags team=datascience owner=truefoundry

Get the kubeconfig file for the AKS cluster 

az aks get-credentials --resource-group tfy-datascience  --name tfy-aks-cluster

B. Creating AKS cluster with specific network requirements

  • Creating a virtual network tfy-virtual-net. Make sure to copy the unique ID of the Virtual network created. All the nodes will be part of this virtual network.
    az network vnet create \
--resource-group tfy-datascience \
--name tfy-virtual-net \
--address-prefix 192.168.0.0/16 \
--location westeurope \
--subnet-name tfy-default-subnet \
--subnet-prefixes 192.168.1.0/24
  • Create an AKS cluster tfy-aks-cluster-with-vnet with the above network. We are using the user assigned identity we created above along with the unique ID of the virtual network. We are again setting the node pool size to autoscale from 2 to 4 nodes.
    az aks create \
--name tfy-aks-cluster-with-vnet \
--resource-group tfy-datascience \
--enable-workload-identity \
--enable-managed-identity \
--assign-identity "/subscriptions/<subscriptionID>/resourcegroups/tfy-datascience/providers/Microsoft.ManagedIdentity/userAssignedIdentities/tfy-user-identity" \
--network-plugin kubenet \
--enable-oidc-issuer \
--enable-cluster-autoscaler \
--vnet-subnet-id "/subscriptions/<subscriptionID>/resourceGroups/tfy-datascience/providers/Microsoft.Network/virtualNetworks/tfy-virtual-net/subnets/tfy-default-subnet" \
--service-cidr 10.0.0.0/16 \
--dns-service-ip 10.0.0.10 \
--pod-cidr 10.244.0.0/16 \
--docker-bridge-address 172.17.0.1/16 \
--min-count 2 \
--max-count 4 \
--tags team=datascience owner=truefoundry
  • Getting the kubeconfig file for the AKS cluster 
    az aks get-credentials --resource-group tfy-datascience  --name tfy-aks-cluster-with-vnet

Attaching a user based node pool

It is advised to attach a user node pool in AKS to schedule your workloads. There are two kinds of node pools available in Azure system and user. System is used to assign AKS related applications and workloads. User is only used to assign workloads. We are creating a node pool with the name cpupool which can autoscale from 2 to 10 nodes.

az aks nodepool add \
--cluster-name tfy-aks-cluster-with-vnet \
--name cpupools \
--resource-group tfy-datascience \
--enable-cluster-autoscaler \
--max-count 10 \
--min-count 2 \
--mode user \
--tags team=datascience owner=truefoundry

Updated 24 days ago