Deploying a Kubernetes cluster in Azure using command line interface is an easy task. We will deploy a k8s cluster with custom nodes configuration specified for Elasticsearch.
Elastic stack in AKS. Part 1 Provisioning Kubernetes with Terraform
Source code is available at repository https://github.com/mchudinov/K8sAzureAzCli
Let’s get started.
Infrastructure
We deploy the following infrastructure. It looks very much the same as in Elastic stack in AKS Part 1 but without storage for Terraform state, since we do not use Terraform now.
| Component | Description |
| Azure Kubernetes Service (AKS) | The environment for running Elastic stack |
| Ingress Nginx | Ingress controller based on Nginx |
| Deployment | Any arbital deployment inside AKS |
| Inbound IP | Public static IP for inbound traffic |
| Outbound IP | Public static IP for outbound traffic. With static outbound IP can be whitelisted in any external services or components for incoming traffic from our cluster. Particular useful for Elastic Heartbeat. |
| Backup | Azure storage account for Elastic snapshots |
| Log Analytics | Azure Log Analytics workspace for AKS logs and monitoring |
Prerequisites
- Access to source code K8sAzureAzCli from deployment environment
Hardcoded parameters
- Kubernetes version 1.20.5
- VM nodes size: Standard_B2s with 2vCPU, 4GiB memory
These are defined as variables in deploy.sh script and can be changed there.
Tools
The easiest way with no tools required is to use Azure Cloud Shell
In order to use this from a local environment, the following tools are required:
- Azure CLI version >= 2.8
- git
- kubectl – Kubernetes command line tool
- helm
- Bash shell (the deployment script is written in Bash)
Deployment
- Login to Azure Cloud Shell https://shell.azure.com
- Clone the repository
git clone https://github.com/mchudinov/K8sAzureAzCli.git3. Change to source code directory cd K8sAzureAzCli
4. Run deploy.sh script
For example:
./deploy.sh -c mytestk8s -n 3 -r westeuropeThe keys for the deployment script are:
- -c Cluster name
- -n Number of nodes (default 1)
- -r Azure region (default West Europe)
After a couple of minutes a new Kubernetes cluster will be ready.
All the created resource are in a single resource group rg-<cluster_name>
Internals
The main command for provisioning of AKS :
az aks create --resource-group $RESOURCE_GROUP --location $region \
--name $AKS_NAME \
--dns-name-prefix $AKS_NAME \
--kubernetes-version "1.20.5" \
--node-count $nodes \
--node-vm-size "Standard_B2s" \
--nodepool-name "kubenet" \
--outbound-type "loadBalancer" \
--enable-addons monitoring \
--load-balancer-outbound-ips $PUBLIC_IP_OUTBOUND_ID \
--linux-os-config ./linuxosconfig.json \
--workspace-resource-id $LOGANALTICS_WORKSPACE_ID \
--generate-ssh-keys -–generate-ssh-keys is optional it generates keys and prevents en error message An RSA key file or key value must be supplied to SSH Key Value.
How-tos
Add Kubernetes credentials to the local .cube config file
az aks get-credentials --name <AKS_NAME> --resource-group <RESOURCE_GROUP>How to run an interactive shell
kubectl apply -f interactive.yamlCheck CSI driver is running
kubectl get csidrivers
kubectl describe csidriver secrets-store.csi.k8s.io
kubectl get pods -l app=secrets-store-csi-driverLog Analytics Workspace works immediately after deployment.
Clean-up
Delete everything created in Azure using destroy.sh script.
destroy.sh script has a single parameter – the name of the cluster. For example:
./destroy.sh -c mytestk8s Delete everything created manually. If destroy.sh script fails everything that was created can be easily erased manually. Just delete the resource groups created by script:
az group delete --resource-group rg-<cluster_name>Discard all local changes in git repository
git reset --hardDelete the source code directory in Cloud Shell
rm -rf K8sAzureAzCliPros and cons
Deployment of AKS with az CLI has one important advantage – it supports AKS custom node configuration. Customize node configuration for Azure Kubernetes Service (AKS) node pools (preview) Custom AKS node configuration in particular useful for running Elasticsearch as it requires vm.max_map_count=262144
Without custom configuration Elasticsearch pods must be run privileged in order to satisfy virtual that memory requirement.
Wrapping up
We have successfully deployed a managed Kubernetes service in Azure using az command line tool. This cluster suits for deployment of Elasticsearch as well as other services.
The newly created Kubernetes cluster has static outbound and inbound IPs which make it easy to whitelist these addresses in any external infrastructures.
Kubernetes cluster got an Nginx-based ingress bound to public static inbound IP. It also got installed Container Storage Interface (CSI) driver for Azure Key Vault. This is in particular useful for ingestion of certificates and secrets such as login credentials for Elasticsearch.