| title | description | services | ms.topic | ms.date | ms.custom |
|---|---|---|---|---|---|
Kubernetes on Azure tutorial - Deploy a cluster |
In this Azure Kubernetes Service (AKS) tutorial, you create an AKS cluster and use kubectl to connect to the Kubernetes master node. |
container-service |
tutorial |
05/24/2021 |
mvc, devx-track-azurecli, devx-track-azurepowershell |
Kubernetes provides a distributed platform for containerized applications. With AKS, you can quickly create a production ready Kubernetes cluster. In this tutorial, part three of seven, a Kubernetes cluster is deployed in AKS. You learn how to:
[!div class="checklist"]
- Deploy a Kubernetes AKS cluster that can authenticate to an Azure container registry
- Install the Kubernetes CLI (kubectl)
- Configure kubectl to connect to your AKS cluster
In later tutorials, the Azure Vote application is deployed to the cluster, scaled, and updated.
In previous tutorials, a container image was created and uploaded to an Azure Container Registry instance. If you haven't done these steps, and would like to follow along, start at Tutorial 1 – Create container images.
This tutorial requires that you're running the Azure CLI version 2.0.53 or later. Run az --version to find the version. If you need to install or upgrade, see Install Azure CLI.
This tutorial requires that you're running Azure PowerShell version 5.9.0 or later. Run Get-InstalledModule -Name Az to find the version. If you need to install or upgrade, see Install Azure PowerShell.
AKS clusters can use Kubernetes role-based access control (Kubernetes RBAC). These controls let you define access to resources based on roles assigned to users. Permissions are combined if a user is assigned multiple roles, and permissions can be scoped to either a single namespace or across the whole cluster. By default, the Azure CLI automatically enables Kubernetes RBAC when you create an AKS cluster.
Create an AKS cluster using az aks create. The following example creates a cluster named myAKSCluster in the resource group named myResourceGroup. This resource group was created in the previous tutorial in the eastus region. The following example does not specify a region so the AKS cluster is also created in the eastus region. For more information, see Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS) for more information about resource limits and region availability for AKS.
To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created, since you did not specify one. Here, this cluster identity is granted the right to pull images from the Azure Container Registry (ACR) instance you created in the previous tutorial. To execute the command successfully, you're required to have an Owner or Azure account administrator role on the Azure subscription.
az aks create \
--resource-group myResourceGroup \
--name myAKSCluster \
--node-count 2 \
--generate-ssh-keys \
--attach-acr <acrName>
Create an AKS cluster using New-AzAksCluster. The following example creates a cluster named myAKSCluster in the resource group named myResourceGroup. This resource group was created in the previous tutorial in the eastus region. The following example does not specify a region so the AKS cluster is also created in the eastus region. For more information, see Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS) for more information about resource limits and region availability for AKS.
To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created, since you did not specify one. Here, this cluster identity is granted the right to pull images from the Azure Container Registry (ACR) instance you created in the previous tutorial. To execute the command successfully, you're required to have an Owner or Azure account administrator role on the Azure subscription.
New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -NodeCount 2 -GenerateSshKey -AcrNameToAttach <acrName>
To avoid needing an Owner or Azure account administrator role, you can also manually configure a service principal to pull images from ACR. For more information, see ACR authentication with service principals or Authenticate from Kubernetes with a pull secret. Alternatively, you can use a managed identity instead of a service principal for easier management.
After a few minutes, the deployment completes, and returns JSON-formatted information about the AKS deployment.
Note
To ensure your cluster to operate reliably, you should run at least 2 (two) nodes.
To connect to the Kubernetes cluster from your local computer, you use kubectl, the Kubernetes command-line client.
If you use the Azure Cloud Shell, kubectl is already installed. You can also install it locally using the az aks install-cli command:
az aks install-cli
If you use the Azure Cloud Shell, kubectl is already installed. You can also install it locally using the Install-AzAksKubectl cmdlet:
Install-AzAksKubectl
To configure kubectl to connect to your Kubernetes cluster, use the az aks get-credentials command. The following example gets credentials for the AKS cluster named myAKSCluster in the myResourceGroup:
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
To configure kubectl to connect to your Kubernetes cluster, use the Import-AzAksCredential cmdlet. The following example gets credentials for the AKS cluster named myAKSCluster in the myResourceGroup:
Import-AzAksCredential -ResourceGroupName myResourceGroup -Name myAKSCluster
To verify the connection to your cluster, run the kubectl get nodes command to return a list of the cluster nodes:
kubectl get nodes
The following example output shows the list of cluster nodes.
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-nodepool1-37463671-vmss000000 Ready agent 2m37s v1.18.10
aks-nodepool1-37463671-vmss000001 Ready agent 2m28s v1.18.10
In this tutorial, a Kubernetes cluster was deployed in AKS, and you configured kubectl to connect to it. You learned how to:
[!div class="checklist"]
- Deploy a Kubernetes AKS cluster that can authenticate to an Azure container registry
- Install the Kubernetes CLI (kubectl)
- Configure kubectl to connect to your AKS cluster
Advance to the next tutorial to learn how to deploy an application to the cluster.
[!div class="nextstepaction"] Deploy application in Kubernetes