Blog | Blue Matador

Azure Kubernetes Service: How to create a cluster

Written by Keilan Jackson | Sep 3, 2020 9:36:23 PM

Azure Kubernetes Service, Microsoft's managed Kubernetes solution, allows you to quickly create a Kubernetes cluster in Microsoft Azure and provides features to help you manage and maintain your Kubernetes cluster in Azure. In this blog post we will go over some of the features of AKS and then walk through creating an AKS cluster.

This blog includes:

What is Azure Kubernetes Service?

Azure Kubernetes Service (AKS) is Microsoft Azure’s managed Kubernetes solution. It competes with both Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS). AKS has several features that are attractive for users of Microsoft Azure and provides the ability to easily create, maintain, scale, and monitor your AKS cluster. Here are some of the benefits of AKS touted by Microsoft:

  • Elastic scalability
  • Enterprise-grade security
  • Integration with Visual Studio Code
  • Active Directory integration
  • Pay for compute only - no minimum monthly charge

 

Adding an Azure Kubernetes cluster

Since AKS charges only for compute usage, we can create a test cluster that is relatively cheap to explore some of the features offered by AKS. In order to continue following along you will need to log in to the Azure portal. You will incur some charges by following this tutorial.

Once you are logged into the Azure portal, use the search bar to search for Kubernetes services, then select Kubernetes services.


Now you should see the Kubernetes Services UI. This is where your AKS clusters will be listed if you have any—otherwise it will be an empty table. To add a new AKS cluster, click the + Add button in the top-left portion of the screen to enter the Create Kubernetes cluster UI.

Setting basic information for your Azure Kubernetes cluster

The first step of the Create Kubernetes cluster UI is to set up all of the basic information for your AKS cluster. 

  1. Select your Subscription and Resource group.
  2. Enter a name for your cluster. The Kubernetes cluster name must be unique within the resource group you selected.
  3. Select the Region your cluster will be deployed in.
  4. Select the Kubernetes version. I highly recommend selecting one of the newest Kubernetes versions so you can avoid having to upgrade your cluster by multiple versions later. Kubernetes is open-source and releases new versions about 4 times a year so you can get out of date quickly.
  5. The DNS name prefix should be prefilled from the name you entered, but you are free to change it. This is used to generate a unique FQDN (fully qualified domain name) for your cluster when it is created.
  6. Select your Node size for the primary node pool. This is the size your Kubernetes worker nodes will be and directly correlates with the initial size of your Kubernetes cluster. If you are just testing then make sure to change this to a smaller instance size such as B2s. Otherwise, use the table in the Change size UI to determine which node type has the CPU and memory requirements you will need.
  7. Select the Node count. For a test cluster we can just use a count of 1 or 2.
  8. Click the Next: Scale button to move to the next step of the wizard.


Scaling in AKS

AKS provides some unique features around scaling that could make it an attractive solution for dynamic workloads.

Virtual nodes are a very interesting feature for dynamic workloads. Virtual nodes lets you essentially schedule pods onto nodes that you do not manage and pay per second of execution time. This can speed up scaling time since you do not have to wait for the cluster autoscaler to detect a capacity need and then wait for a VM to launch for the cluster. Virtual nodes are not available in every region that AKS is available in, and the feature requires that your cluster is configured with Advanced Networking. For more information check out the documentation. For our test cluster, we will leave this feature turned off.

VM Scale Sets are the standard scaling option for AKS and do not incur any additional charges. This allows you to manage multiple node pools for your cluster so you can run different-sized instances simultaneously, which can be needed for workloads that have specific resource requirements for some pods, and basic requirements for other pods. This also allows you to set up the cluster autoscaler to add capacity when there is demand based on the running pods.

After you are done choosing the scaling options, click Next: Authentication.

 

Authentication in AKS

AKS integrates seamlessly with Active Directory to manage AKS cluster access. First you configure the service principal which integrates with AD to delegate access to other Azure resources. You can either select an existing service principal or let Azure create a new one.

Next, you want to Enable RBAC. This allows you to use role-based access control in the cluster to provide granular access to cluster resources. This feature should always be enabled, even for test or dev clusters. Once you are done on this page, click Next: Networking.



Networking in AKS

AKS offers several networking options that can speed up development or enable advanced cluster setups.

HTTP application routing allows you to easily access services deployed in the cluster by creating public DNS entries for your applications. This feature is not recommended for production clusters, and I would not recommend it for any AKS cluster. Depending on features that are not production-ready is never a good idea in development. You can enable access to services using an Ingress controller and there is no reason to add cluster-wide general HTTP access to your cluster.

Network configuration has two options: Basic and Advanced. Basic networking will use kubenet as the networking layer for your pods and only your nodes will receive private ip addresses in your vnet. Basic networking does not have any configurable options from the UI, but you can still configure kubenet if you create your cluster from the CLI by following this documentation. Advanced networking is required for virtual node scaling, and uses Azure-CNI for the network layer, providing each pod with a private IP address in your vnet. You can read the Azure CNI documentation for information on configuration, use cases, and comparison to basic networking with kubenet. 

For the purposes of this guide we will stick to Basic networking so that we do not have to manage the vnet and subnets ourselves. Click Next: Monitoring to continue to the next step.

 

CPU, memory, and container monitoring in AKS

Azure Kubernetes service includes node CPU and memory monitoring at no additional cost. At cluster creation, you can optionally enable container monitoring. Container monitoring sends additional container metrics and logs using Log Analytics, which has fees based on the amount of data ingested. Simply enable container monitoring and then select or create a log analytics workspace to store the AKS data.

With container monitoring enabled you can view the CPU and memory usage per node, controller, or pod. You can view metrics or create alerts with Azure Monitor that are not available otherwise. A Prometheus integration with container insights is also in public beta, which can help close the gap on monitoring for many use cases. 

For our test cluster, we will enable monitoring so we can get a sense for the depth of what AKS has to offer. Click Next: Tags to continue to the next step.



Tagging your AKS cluster

You can optionally tag your AKS cluster. Tags do not apply to the nodes, controllers, or pods inside of your cluster and will have very little effect on your usage of AKS unless your organization uses tags in other Azure services as a way to organize resources by environment or team. Click Next: Review + Create to advance to the final step.

 

Reviewing + saving your AKS cluster

Finally, double-check your settings and resolve any issues brought up in the UI. Once your settings are validated, click the Create button to actually create your AKS cluster. Cluster creation will happen in the background, and can take as long as 15 minutes. 


Once cluster creation is done, you can view your cluster from the Kubernetes services list UI. 

 

Configuring kubectl to work with your Azure Kubernetes cluster

Now that your cluster is up and running, you will very likely want to configure kubectl to work with your cluster so you can deploy some pods. The Azure CLI provides an easy way to install and set up kubectl for AKS clusters.

First, install kubectl either from a binary or using the Azure CLI.

az aks install-cli

Next, use the get-credentials command from the Azure CLI to set up your local kubectl configuration. Replace MyCluster with the name of your cluster and MyResourceGroup with the name of the resource group your cluster is deployed in.  

If you have multiple kubernetes clusters in your local configuration, you can specify the optional parameter --context to explicitly set the name of the context that will be created in your kubectl configuration. If you do not specify the context name, it will default to using the cluster name.

az aks get-credentials --name MyCluster --resource-group MyResourceGroup --context MyContext

Once that is done, you can use get nodes to verify it is the correct cluster:

kubectl --context MyContext get nodes

 

Conclusion

We’ve gone over the high-level features of Azure Kubernetes Service and what it does. We also covered a step-by-step process for creating a new Kubernetes cluster in AKS using Azure portal, and what the options for each step mean. Finally, we quickly went over the commands needed to set up kubectl to work with your new AKS cluster so you can start deploying test workloads to it. 

Overall, I find the process of creating a basic AKS cluster fairly straightforward, and the UI covered more options than some of the competing managed Kubernetes solutions. For a production cluster I would highly recommend not using the UI to configure it since changes to the cluster will be hard to track that way, and advanced configurations are not fully handled.

If you are looking for a monitoring solution for Azure Kubernetes Services, consider Blue Matador. Blue Matador automatically monitors Kubernetes for lifecycle events, resource utilization, failed deployments, failed jobs, and more. Blue Matador also monitors other Azure services including Azure SQL, Cosmos DB, Storage Accounts, and Virtual Machines.