Skip to content

Commit

Permalink
feat: deploy vCluster on AKS
Browse files Browse the repository at this point in the history 
Signed-off-by: Piotr Zaniewski <[email protected]>
  • Loading branch information
@Piotr1215
Piotr1215 committed Nov 20, 2024
1 parent e9d416c commit 59cb16c
Showing 1 changed file with 184 additions and 0 deletions.
184 changes: 184 additions & 0 deletions vcluster/deploy/environment/aks.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,184 @@
---
title: Deploy on AKS
sidebar_label: AKS
sidebar_position: 8
id: aks
description: Learn how to deploy vCluster on Azure Kubernetes Service (AKS), including storage provisioning and managed identity configuration.
---

import InstallCli from '../../_partials/deploy/install-cli.mdx';

<!-- vale off -->
# Deploy vCluster on AKS
<!-- vale on -->

This guide provides step-by-step instructions for deploying vCluster on [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/products/kubernetes-service).

## Prerequisites

Before starting, ensure you have the following tools installed:

- `kubectl` installed: Kubernetes command-line tool for interacting with the cluster. See [Install and Set Up kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) for installation instructions.
- `vCluster CLI` <InstallCli />
- [Azure CLI (az)](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli)
:::note
Ensure you have the necessary permissions to create and manage AKS clusters in your Azure subscription.
:::

## Create AKS cluster

:::tip Right subscription
Ensure you are using the correct Azure subscription by running `az account show`.
:::

Start by creating an AKS cluster using the Azure CLI. First, set up your environment variables:

```bash title="Set environment variables"
export RESOURCE_GROUP=vcluster-demo-rg
export CLUSTER_NAME=vcluster-demo
export LOCATION=eastus
export NODE_SIZE=Standard_D4s_v3
export NODE_COUNT=2
```

Create a resource group:

```bash title="Create resource group"
az group create --name $RESOURCE_GROUP --location $LOCATION
```

Create the AKS cluster:

```bash title="Create AKS cluster"
az aks create \
--resource-group $RESOURCE_GROUP \
--name $CLUSTER_NAME \
--location $LOCATION \
--node-count $NODE_COUNT \
--node-vm-size $NODE_SIZE \
--enable-managed-identity \
--enable-addons monitoring \
--generate-ssh-keys
```

This command creates an AKS cluster with managed identity enabled and Azure Monitor for containers.

### Configure kubectl

After the cluster is created, get credentials to access the cluster:

```bash title="Get cluster credentials"
az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME
```

### Verify the cluster creation

Verify the cluster by listing the nodes:

```bash title="List cluster nodes"
kubectl get nodes
```

You should see output similar to:
```
NAME STATUS ROLES AGE VERSION
aks-nodepool1-34960941-vmss000000 Ready <none> 67m v1.29.9
aks-nodepool1-34960941-vmss000001 Ready <none> 67m v1.29.9
```


## Create virtual cluster

Create a virtual cluster using the CLI:

```bash title="Create virtual cluster"
vcluster create my-vcluster --namespace team-x
```

### Verify the Installation

Check if vCluster pods are running:

```bash title="Check vCluster pods"
kubectl get pods -n team-x
```

You should see output similar to:
```
NAME READY STATUS RESTARTS AGE
coredns-666d64755b-k5njg-x-kube-system-x-my-vcluster 1/1 Running 0 3m11s
my-vcluster-0 1/1 Running 0 6m33s
```

This configuration ensures that:
- Service accounts are properly synced between virtual and host clusters
- Persistent volume claims use the ZRS storage class for high availability
- Managed identity is configured for secure Azure service access

## [Optionally] configure managed identity

Set up a user-assigned managed identity for vCluster to enable it to access
Azure services securely.

```bash title="Create managed identity"
export IDENTITY_NAME=vcluster-identity
az identity create --name $IDENTITY_NAME --resource-group $RESOURCE_GROUP

# Get the identity resource ID and client ID
export IDENTITY_ID=$(az identity show --name $IDENTITY_NAME --resource-group $RESOURCE_GROUP --query id -o tsv)
export IDENTITY_CLIENT_ID=$(az identity show --name $IDENTITY_NAME --resource-group $RESOURCE_GROUP --query clientId -o tsv)
```

Assign the identity to the AKS cluster:

```bash title="Assign identity to cluster"
export NODE_GROUP=$(az aks show -g $RESOURCE_GROUP -n $CLUSTER_NAME --query nodeResourceGroup -o tsv)

az role assignment create \
--role "Managed Identity Operator" \
--assignee-object-id $(az aks show -g $RESOURCE_GROUP -n $CLUSTER_NAME --query identityProfile.kubeletidentity.objectId -o tsv) \
--scope $IDENTITY_ID
```

Create a service account and link it to the managed identity:

```bash title="Create service account"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: vcluster-sa
namespace: default
annotations:
azure.workload.identity/client-id: $IDENTITY_CLIENT_ID
EOF
```

### Create a virtual cluster with managed identity

:::info
Make sure to change the `kubecontext` to point back to the host cluster before
creating the virtual cluster.
:::

```bash title="Create virtual cluster with managed identity"
vcluster create my-vcluster-managed --namespace team-y \
--set sync.toHost.serviceAccounts.enabled=true
```

## Next steps

Now that you have vCluster running on AKS, consider exploring:

### Platform UI

- Setup the [platform UI](/platform/install/quick-start-guide) to manage your virtual clusters.

## Cleanup

If you deployed the AKS cluster with this tutorial, and want to clean up the resources, run the
following command:

```bash title="Clean up resources"
az group delete --name $RESOURCE_GROUP --yes --no-wait
```

0 comments on commit 59cb16c

Please sign in to comment.