Skip to content

Latest commit

 

History

History
194 lines (141 loc) · 6.86 KB

README.md

File metadata and controls

194 lines (141 loc) · 6.86 KB

Calico Cloud on AKS - Workshop Environment Preparation

This repository will guide you through the preparation process of building an AKS cluster using the Azure Cloud Shell that will be used in Tigera's Calico Cloud workshop. The goal is to reduce the time used for setting up infrastructure during the workshop, optimizing the Calico Cloud learning and ensuring everyone is on the same page.

Getting Started with Azure Cloud Shell

The following are the basic requirements to start the workshop.

Instructions

  1. Login to Azure Portal at http://portal.azure.com.

  2. Open the Azure Cloud Shell and choose Bash Shell (do not choose Powershell)

    img-cloud-shell

  3. The first time Cloud Shell is started will require you to create a storage account.

    Note: In the cloud shell, you are automatically logged into your Azure subscription.

  4. [Optional] If you have more than one Azure subscription, ensure you are using the one you want to deploy AKS to.

    View subscriptions

    az account list

    Verify selected subscription

    az account show

    Set correct subscription (if needed)

    az account set --subscription <subscription_id>

    Verify correct subscription is now set

    az account show
  5. Configure the kubectl autocomplete.

    source <(kubectl completion bash) &&  source /usr/share/bash-completion/bash_completion
    echo "source <(kubectl completion bash)" >> ~/.bashrc
    echo "source /usr/share/bash-completion/bash_completion" >> ~/.bashrc

    You can also use a shorthand alias for kubectl that also works with completion:

    alias k=kubectl
    complete -o default -F __start_kubectl k
    echo "alias k=kubectl"  >> ~/.bashrc
    echo "complete -o default -F __start_kubectl k" >> ~/.bashrc
  6. [Optional] Instal k9s, if you like it.

    curl --silent --location "https://github.com/derailed/k9s/releases/download/v0.32.3/k9s_Linux_amd64.tar.gz" | tar xz -C /tmp
    mkdir -p ~/.local/bin
    mv /tmp/k9s ~/.local/bin 
    k9s version

Deploy an Azure AKS Cluster

  1. Define the environment variables to be used by the resources definition.

    NOTE: In the following section, we'll create some environment variables. If your terminal session restarts, you may need to reset these variables. You can do that using the following command:

    source ~/workshopvars.env
    export RESOURCE_GROUP=tigera-workshop
    export CLUSTERNAME=aks-workshop
    export LOCATION=canadacentral
    # Persist for later sessions in case of disconnection.
    echo export RESOURCE_GROUP=$RESOURCE_GROUP > ~/workshopvars.env
    echo export CLUSTERNAME=$CLUSTERNAME >> ~/workshopvars.env
    echo export LOCATION=$LOCATION >> ~/workshopvars.env
  2. If not created, create the Resource Group in the desired Region.

    az group create \
      --name $RESOURCE_GROUP \
      --location $LOCATION
  3. Create the AKS cluster with Azure CNI network plugin.

    az aks create \
      --resource-group $RESOURCE_GROUP \
      --name $CLUSTERNAME \
      --kubernetes-version 1.29 \
      --location $LOCATION \
      --node-count 2 \
      --node-vm-size Standard_B2ms \
      --max-pods 100 \
      --generate-ssh-keys \
      --network-plugin azure
  4. Verify your cluster status. The ProvisioningState should be Succeeded

    az aks list -o table | grep $CLUSTERNAME

    You may get an output like the following:

    WARNING: [Warning] This output may compromise security by showing the following secrets: keyData, ssh, linuxProfile, publicKeys. Learn more at: https://go.microsoft.com/fwlink/?linkid=2258669
    aks-workshop      canadacentral  tigera-workshop       1.29                 1.29.2                      Succeeded            aks-worksh-tigera-workshop-03cfb8-mllwb5a6.hcp.canadacentral.azmk8s.io
    
  5. Get the credentials to connect to the cluster.

    az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTERNAME
  6. Verify you have API access to your new AKS cluster

    kubectl get nodes

    The output will be something similar to the this:

    NAME                                STATUS   ROLES    AGE   VERSION
    aks-nodepool1-30304837-vmss000000   Ready       10m   v1.29.2
    aks-nodepool1-30304837-vmss000001   Ready       10m   v1.29.2
    

    To see more details about your cluster:

     kubectl cluster-info

    The output will be something similar to the this:

    Kubernetes control plane is running at https://aks-zero-t-rg-zero-trust-wo-03cfb8-b3feb0f8.hcp.canadacentral.azmk8s.io:443
    CoreDNS is running at https://aks-zero-t-rg-zero-trust-wo-03cfb8-b3feb0f8.hcp.canadacentral.azmk8s.io:443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
    Metrics-server is running at https://aks-zero-t-rg-zero-trust-wo-03cfb8-b3feb0f8.hcp.canadacentral.azmk8s.io:443/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
    
    To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
    

    You should now have a Kubernetes cluster running with 2 nodes. You do not see the master servers for the cluster because these are managed by Microsoft. The Control Plane services which manage the Kubernetes cluster such as scheduling, API access, configuration data store and object controllers are all provided as services to the nodes.

  7. Verify the settings required for Calico Cloud.

    az aks show --resource-group $RESOURCE_GROUP --name $CLUSTERNAME --query 'networkProfile'

    You should see "networkPlugin": "azure" and "networkPolicy": null (networkPolicy will just not show if it is null).

  8. Verify the transparent mode by running the following command in one node

    VMSSGROUP=$(az vmss list --output table | grep -i $RESOURCE_GROUP | grep -i $CLUSTERNAME | awk -F ' ' '{print $2}')
    VMSSNAME=$(az vmss list --output table | grep -i $RESOURCE_GROUP | grep -i $CLUSTERNAME | awk -F ' ' '{print $1}')
    az vmss run-command invoke -g $VMSSGROUP -n $VMSSNAME --scripts "cat /etc/cni/net.d/*" --command-id RunShellScript --instance-id 0 --query 'value[0].message' --output table

    output should contain "mode": "transparent"

  9. Stop the Cluster until the workshop starts.

    az aks stop --resource-group $RESOURCE_GROUP --name $CLUSTERNAME
  10. To start your cluster when the workshop time has come use:

    az aks start --resource-group $RESOURCE_GROUP --name $CLUSTERNAME