Azure Kubernetes (AKS)

This guide describes how to configure a Kubernetes cluster on the Microsoft Azure platform.

Note

Azure also offers a managed container deployment known as Azure container which only allows Azure Files as persistent storage (find out why it’s not supported).

Prerequisites

• Azure cli (Install the Azure CLI)

• kubectl (Install and Set Up kubectl)

• Helm (Installing Helm)

Connect to an AKS cluster

This guide assumes you already have a running AKS cluster (CLUSTER_NAME) running in a resource group RESOURCE_GROUP.

az login
az aks get-credentials --resource-group <RESOURCE_GROUP> --name <CLUSTER_NAME>

Nginx ingress installation (Create an ingress controller)

Install nginx in the ingress-nginx namespace

kubectl create namespace ingress-basic

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx \
    --namespace ingress-basic \
    --set controller.service.externalTrafficPolicy=Local \
    --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux

Retrieve the ingress public ip address

kubectl --namespace ingress-basic get services -o wide -w nginx-ingress-ingress-nginx-controller

Create a DNS record

Once the public ip address is available, a DNS A record must be created.

Note

If it is impossible to create the DNS record at this time, an entry can be added to /etc/hosts (Windows users should use c:\Windows\System32\Drivers\etc\hosts, ensure to open the file with administrative access)

Let’s encrypt installation (Create an HTTPS ingress controller)

Before proceeding to the installation a label must be added to ingress-basic to disable resource validation

kubectl label namespace ingress-basic cert-manager.io/disable-validation=true

Install cert-manager

helm repo add jetstack https://charts.jetstack.io
helm repo update

helm install \
  cert-manager \
  --namespace ingress-basic \
  --set installCRDs=true \
  jetstack/cert-manager

Configure the Cluster Issuer

cat << EOF > cluster-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <EMAIL ADDRESS>
    privateKeySecretRef:
      name: letsencrypt
    solvers:
    - http01:
        ingress:
          class: nginx
          podTemplate:
            spec:
              nodeSelector:
                "kubernetes.io/os": linux
EOF

kubectl apply -f cluster-issuer.yaml

Configure the default StorageClass (Storage options for applications)

Warning

Azure files storage class does not support extended attributes (Features not supported in Azure Files).

Create a new storage class with Azure Disk which allows extended attributes and change the reclaim policy to avoid losing data during maintenance.

cat << EOF > storage_class.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  annotations:
    storageclass.beta.kubernetes.io/is-default-class: "true"
  name: managed-premium-retain
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
parameters:
  storageaccounttype: Premium_LRS
  kind: Managed
EOF

kubectl delete sc default && kubectl apply -f storage_class.yaml

Confirm the default storage class is changed by running this command:

kubectl get sc default -o yaml