Let’s begin with a brief introduction to Azure Container Service. Azure Container Service, commonly known as ACS, provides rapid deployment of popular open-source container clustering and orchestration solutions.
Before starting ahead, please read the other parts of this series.
Azure Container Service makes it simpler for you to create, configure, and manage a cluster of virtual machines that are preconfigured to run containerized applications. It uses an optimized configuration of popular open-source scheduling and orchestration tools. This enables you to use your existing skills, or draw upon a large and growing body of community expertise, to deploy and manage container-based applications on Microsoft Azure.
Prerequisites for this hands-on
Azure subscription: If you don’t have one, sign up for a free trial.
SSH RSA public key
When deploying through the portal or one of the Azure quickstart templates, you need to provide the public key for authentication against Azure Container Service virtual machines. To create Secure Shell (SSH) RSA keys, see the OS X and Linux or Windows guidance.
Service principal client ID and secret (Kubernetes only): For more information and guidance to create an Azure Active Directory service principal, see About the service principal for a Kubernetes cluster.
Step 1 Create SSH-RSA keys necessary for creating the cluster
As mentioned in the prerequisites, Azure requires at least 2048-bit, SSH-RSA formatted public and private keys. So, let's create them using the following steps.
Install Git for Windows
You can download it from https://git-for-windows.github.io/.
Next, run Git bash from Start menu with elevated privileges and create key file using openssl.exe.
- mkdir keys
- cd keys
- openssl.exe req -x509 -nodes -days 365 -newkey rsa:2048 \-keyout myPrivateKey.key -out myCert.pem
The output looks similar to the following example.
- Generating a 2048 bit RSA private key
- .......................................+++
- .......................+++
- writing new private key to 'myPrivateKey.key'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [AU]:
Answer the prompt and you are done.
Now, we need to create the Public key using the following command.
openssl.exe rsa -pubout -in myPrivateKey.key -out myPublicKey.key
The default directory when we start Git bash is C:\Users\%username%\.
In the demo, I have generated the keys in C:\Users\%username%\keys. This can be different in your case if you start the bash from the separate directory.
In order to use PuTTY SSL client for Windows, we need another kind of key extracted from the private key that we have just created above.
openssl rsa -in ./myPrivateKey.key -out myPrivateKey_rsa
Please save these two keys myPrivateKey.key and myPrivateKey_rsa
carefully for creating the cluster and later connecting to it.
For more information on how to create private key for PuTTY please check here.
Step 2 Create Kubernetes cluster from Azure portal
Please refer to the official Microsoft documentation to setup a Kubernetes cluster using Azure Container Service.
Make sure you select Orchestrator: Kubernetes in the first step because in this demo, we will be using Kubernetes cluster.
For this demo, I have used Linux machines as my agent and my master node. Windows machine for agent is currently available in preview in Azure.
You can choose master and agent of any allowed size. In this demo, I have used master node of size Standard A2 and agent of size Standard A0.
In the SSH Public key option, make sure you use the public key myPublicKey.key that we created in the previous step.
Once you have successfully setup a cluster, you will be able to see all the resources you have created in the portal inside the Resource Group that you have selected/created.
Azure Container Service
Let us look at some of the resources that are created inside the resource group that you specified.
Azure portal
Note
You can also set up the cluster from the command line using Azure CLI 2.0.
For more information about creating cluster using Azure CLI 2.0, see here.
Step 3 Connect to the cluster using kubectl client
Now, that we have successfully setup a Kubernetes cluster, we will connect to the cluster using kubectl client from our local machine. In our case, we will be using a Windows machine to connect to the cluster.
Step 3.1
First, we need to install Python 3.5 x in our machine. You can download it from here.
Verify your installation by doing python --version
in the command prompt.
Install Azure CLI 2.0 using pip
.
pip install --user azure-cli
Add the Path that contains the file az.bat to the PATH environment variable.
%USERPROFILE%\AppData\Roaming\Python\Python<version-installed>\Scripts
e.g. if you have python 3.6 installed the Path would be
%USERPROFILE%\AppData\Roaming\Python\Python36\Scripts
Step 3.2
Now, we are ready to download the kubectl client for Windows using the Azure CLI:
# Windows
az acs kubernetes install-cli [ — install-location=C:\some\directory\kubectl.exe]
Please put it in the directory where you want to download the kubectl.exe file.
# Linux or OS X
az acs kubernetes install-cli [ — install-location=/some/directory/kubectl]
**Note: Add the path containing kubectl.exe
in the PATH environment of your machine.
Alternatively, you can download the latest client directly from the kubernetes releases page. For more information, see Installing and Setting up kubectl.
Step 3.3
Now, we will need to download the cluster credential in our local machine to be able to connect to the cluster.
There are a couple of ways to do that.
az login
Login using your azure portal credentials.
az acs kubernetes get-credentials — resource-group=<cluster-resource-group> — name=<cluster-name> --ssh-key-file=<file-path>
e.g. az acs kubernetes get-credentials — resource-group=<cluster-resource-group>— name=<cluster-name>— ssh-key-file=C:\Users\%username%\keys\myPrivateKey_rsa
The config file will get downloaded in your local machine at %USERPROFILE%/.kube/config
Alternatively you can ssh into the master node and secure copy the cluster credential from $HOME/.kube/config (this is where the cluster credential is located in the master node).
Step 4 Check the installation
kubectl get nodes
Nodes in cluster
As we can see, it shows me two nodes -1 master and 1 agent in my cluster.
So now, we have a very basic Kubernetes cluster running in ACS.
In the next part, we will run the .NET Core application that we have containerized earlier inside the cluster and also expose the application so that it can be accessed from outside the cluster.