| Table of Contents |
|---|
Objective
The goal of the this tutorial is to deploy manifest files on AKS Cluster an Azure Kubernetes Service (AKS) cluster through FlexDeploy using the Kubernetes pluginPlugin. For this tutorial, we shall will be doing setting up an automated deployment of the an Nginx application, Application using the manifest yaml files (yaml) which are present in a Git repository. The steps will include:
configuration of the Configuring properties e.g. config file path, Cloud cloud account, and CLI path .
cloning Cloning the manifest files from a Git repository
deploying Deploying the Nginx Application to an AKS Cluster cluster
verifying Verifying the application is successfully created on the AKS cluster.
We will walk through each of the FlexDeploy features that will be created/configured to accomplish this goal and have the Nginx application Application deployed on the AKS Cluster cluster in a very short amount of time.
Checklist
Checklist | Description |
Azure Tenant Id | Azure Tenant Id for the company |
Azure Subscription Id | Azure Subscription where the AKS cluster exists |
Azure Client ID | Client ID to connect to desired Azure Subscription |
Azure Client Key | Password for the Client ID |
Azure Client ID permission | The Client ID must have relevant access in AKS cluster to do the deployment |
Azure CLI installation | Azure CLI needs to be installed where the plugin operation shall run (e.g. FlexDeploy server) |
Azure CLI in class path | Azure CLI should be added to class path on the FlexDeploy Server. Else the path can also be set under FlexDeploy environment level property |
AKS Setup | AKS cluster should be created in Azure and a kubeconfig file should be present with the context of the cluster. |
Configure Cloud
...
Account
To connect with AKS cluster, we required to configure Cloud account, with credential details. Configure Azure Cloud Account under Integration. FlexDeploy will connect to the AKS cluster and deploy the Nginx Application.
...
Client Key is a password field and hence needs to be kept hidden. To update the same it, click on the pencil icon as shown below
Update the Client Key value under Secret Text. This is to make sure no one else can retrieve the password
...
After configuration we would be able to use the Cloud Account as a drop down from the list.
...
Git
...
Repository Structure
The Git repository should contain the manifest file.
The Sample A sample Git repository structure is given below.
...
...
Prerequisites
Configure Service Principal
To access the AKS cluster, we need a Service Principal( Client ID and Client Key). Created a Service Principal and corresponding secret (e.g. aksudpatesp)
...
You need to provide the relevant Role to the Service Principal, so that it can do necessary deployment and other relevant activities. For our tutorial we have provided Azure Kubernetes Service RBAC Write Role as shown below.
...
Any other K8s Role or custom Azure AD Role is also acceptable as long as the Service Principal has relevant access (e.g. deploy/run/delete etc) to execute kubectl commands in target Kubernetes cluster.
Configure kubeconfig
...
File
A Kubeconfig is a YAML file with the details to connect to Kubernetes Cluster using certificate/secret tokens to authenticate the cluster. This is essential for Kubernetes Plugin to connect to target AKS cluster.
Why change Change in kubeconfig
Normally with earlier version of kubectl, the structure of config file was as given below.
...
However with current version of kubectl one would get below warning message:
WARNING: the azure auth plugin is deprecated in v1.22+, unavailable in v1.26+; use https://github.com/Azure/kubelogin instead.
This is because kubectl currently supports various vendor specific login.
The logic used by the Azure auth provider is embedded in the kubectl binary, which is why you can authenticate and connect to the cluster without having to install anything else.
Going forward this approach is going to change. It’s not going to support vendor specific authentication protocols.
The authentication plugins are being moved out of the kubectl binary into separate binaries, maintained by the Cloud providers and distributed independently.
Ref:
https://github.com/kubernetes/kubernetes/pull/102181
...
To overcome this issue, all Cloud providers have extended the client-go credential plugin to have custom Cloud specific authentication methods.
Kubelogin is a client-go credential plugin that implements Azure AD authentication. This is the direction for AKS.
How to change Change in kubeconfig
Execute below command to use azurecli as kubelogin option to retrieve access token. With this changes kubelogin will internally generate the token. No update required in kubeconfig file going forward.
kubelogin convert-kubeconfig -l azurecli
...
CLI
...
Installation
Azure CLI should be installed in the m/c where the plugin is to be executed. Preferably add Azure CLI path in m/c classpath.
Install/copy kubelogin on the system. Add kubelogin in m/c path variable.
ref: https://github.com/Azure/kubelogin/releases
Build and Deploy Workflows
Navigate to the Workflows tab and create a workflow using the “+” (Click to create new Workflow) 
button as highlighted below.
...
Next, create Create one Build and Deploy workflow as shown below. The workflow Type field defines the type of one Deploy workflow.
Build
...
Navigate to the Workflows
Select the “+” button from the left-hand pane to create a new workflow
...
Workflow
...
...
Select the “+” button from the left-hand pane to create a new workflow
...
The Workflow Group and Subgroup define the folder hierarchy. Once both workflows are created it should look like the below. No constraint on workflow or folder naming convention.
...
The steps of the workflow execution can be configured through the Workflow Definition section.
...
Below given is a sample build workflow to copy the file from git a Git repository.
...
Step-i: Clone Git Repository
This step will clone the Git repository codebase into the project execution working directory. The Git URL will be retrieved from Source Control configured under Project Configuration.
...
Step-ii: Copy the manifest file
The below step will copy the manifest file to the artifact. Also check the Produces Artifact option to save the files as artifact so that can be used from Deploy workflow.
...
Deploy Workflow
Below given is a sample build deploy workflow to deploy an application on the an AKS cluster.
...
Step-i: deploy the application
This step will deploy the Nginx application, using the manifest on the AKS cluster. Context must be provided to apply changes. The context should be present inside kubeconfig file.
...
Project
...
Configuration
Navigate to the Project tab and create a Project with a logical name(KubernetesAzure in this case)
...
Configure the Build and Deploy workflow that has been created in previous steps as shown below.
...
Source Control
Configure the Source SCM repository under Source Control as shown below.
...
To configure Project specific Source Control one first need to navigate to the Project Configuration tab.
Next, expand the SOURCE CONTROL option from the left-hand pane.
Select SOURCES for configuring the Source Repository
Select the appropriate Source Control Type
Configure Source Repository. For detailed steps of Source Control configuration please refer to Configure Source Control in FlexDeploy
Target Properties
Select Topology from the menu and then select Targets. Select the target group and environment, provide the properties detail, according to the description.
Properties | Mandatory field | Description |
Cloud Account | Optional | Select the Cloud Account to connect cluster. |
CLI Path | Optional | Directory where Cloud CLI is installed. |
Kubeconfig File Path | Optional | Absolute path of kubeconfig file |
Kubernetes home path | Optional | Directory of Kubernetes home path(where kubectl is installed) |
GIT Path | Optional | Path to the Git executable. Required only if Git is not on PATH. |
Below given are the environment-specific values which need to be updated.
...
Cloud Account
The Azure Cloud account needs to be set here from the drop-down. It will show all Cloud Accounts configured under Topology, which we have already mentioned earlier.
...
Kubeconfig file path
Absolute path of config file can be set as environment property, if path is not set then by default plugin look for config file in user directory.
...
CLI path
Azure CLI path can be set as environment property, if it’s not set then by default plugin will check for CLI in system classpath.
...
Kubernetes Home Path
Kubernetes home path can be set as environment property, plugin check for kubectl on the given directory.
...
Override properties at Project level
Let assume a scenario, where we want to change Cloud account for any specific project. Apart from setting at environment level, it can also be set at project properties by using Override Property. Please check below mentioned steps.
...
We can do the same for other properties as well.
Build Execution
For detailed steps on how to initiate deploy operation using Kubernetes plugin, please refer to Deploy through FlexDeploy for Kubernetes plugin
Post deployment
Post deployment success from plugin it can take a little while for the deployment and running.
Once deployment successfully completed, we can see the related details on AKS cluster by using Azure console.
...
Congratulations! You have successfully completed the Nginx Application deployment.
Now that you have configured FlexDeploy for deployment operation using Kubernetes plugin, it is extremely easy to replicate the same for other Cloud Provider. Simply use the Copy Project feature and a new project will be created with all of the configuration completed already. You just need to make the necessary configuration changes.