Table of Contents |
---|
Objective
The goal of the tutorial is to deploy manifest files on AKS Cluster using the Kubernetes plugin. For this tutorial we shall be doing automated deployment of the Nginx application, using the manifest files(yaml) which are present in a Git repository. The steps will include:
configuration of the properties e.g. config file path, Cloud account, and CLI path.
cloning the manifest files from a Git repository
deploying the Nginx Application to AKS Cluster
verifying the application is successfully created on the AKS cluster.
We will walk through each of the FlexDeploy features that will be created/configured to accomplish this goal and have the Nginx application deployed on the AKS Cluster in a very short amount of time.
Checklist
Checklist | Description |
Azure Tenant Id | Azure Tenant Id for the company |
Azure Subscription Id | Azure Subscription where the AKS cluster exists |
Azure Client ID | Client ID to connect to desired Azure Subscription |
Azure Client Key | Password for the Client ID |
Azure Client ID permission | The Client ID must have relevant access in AKS cluster to do the deployment |
Azure CLI installation | Azure CLI needs to be installed where the plugin operation shall run (e.g. FlexDeploy server) |
Azure CLI in class path | Azure CLI should be added to class path on the FlexDeploy Server. Else the path can also be set under FlexDeploy environment level property |
AKS Setup | AKS cluster should be created in Azure and a kubeconfig file should be present with the context of the cluster. |
Configure Cloud account
To connect with AKS cluster, we required to configure Cloud account, with credential details. Configure Azure Cloud Account under Integration. FlexDeploy will connect to the AKS cluster and deploy the Nginx Application.
...
The Sample Git repository structure is given below.
...
Pre-requisite
Configure Service Principal
To access the AKS cluster, we need a Service Principal( Client ID and Client Key). Created a Service Principal and corresponding secret (e.g. aksudpatesp)
...
Any other K8s Role or custom Azure AD Role is also acceptable as long as the Service Principal has relevant access (e.g. deploy/run/delete etc) to execute kubectl commands in target Kubernetes cluster.
Configure kubeconfig file
A Kubeconfig is a YAML file with the details to connect to Kubernetes Cluster using certificate/secret tokens to authenticate the cluster. This is essential for Kubernetes Plugin to connect to target AKS cluster.
Why change in kubeconfig
Normally with earlier version of kubectl, the structure of config file was as given below.
...
However with current version of kubectl one would get below warning message:
WARNING: the azure auth plugin is deprecated in v1.22+, unavailable in v1.26+; use https://github.com/Azure/kubelogin instead.
This is because kubectl currently supports various vendor specific login.
The logic used by the Azure auth provider is embedded in the kubectl binary, which is why you can authenticate and connect to the cluster without having to install anything else.
Going forward this approach is going to change. It’s not going to support vendor specific authentication protocols.
The authentication plugins are being moved out of the kubectl binary into separate binaries, maintained by the Cloud providers and distributed independently.
Ref:
https://github.com/kubernetes/kubernetes/pull/102181
...
To overcome this issue, all Cloud providers have extended the client-go credential plugin to have custom Cloud specific authentication methods.
Kubelogin is a client-go credential plugin that implements Azure AD authentication. This is the direction for AKS.
How to change in kubeconfig
Execute below command to use azurecli as kubelogin option to retrieve access token. With this changes kubelogin will internally generate the token. No update required in kubeconfig file going forward.
kubelogin convert-kubeconfig -l azurecli
...
CLI installation
Azure CLI should be installed in the m/c where the plugin is to be executed. Preferably add Azure CLI path in m/c classpath.
Install/copy kubelogin on the system. Add kubelogin in m/c path variable.
...
Below given are the environment-specific values which need to be updated.
...
Cloud Account
The Azure Cloud account needs to be set here from the drop-down. It will show all Cloud Accounts configured under Topology, which we have already mentioned earlier.
...
Kubeconfig file path
Absolute path of config file can be set as environment property, if path is not set then by default plugin look for config file in user directory.
...
CLI path
Azure CLI path can be set as environment property, if it’s not set then by default plugin will check for CLI in system classpath.
...
Kubernetes Home Path
Kubernetes home path can be set as environment property, plugin check for kubectl on the given directory.
...
For detailed steps on how to initiate deploy operation using Kubernetes plugin, please refer to Deploy through FlexDeploy for Kubernetes plugin
Post deployment
Post deployment success from plugin it can take a little while for the deployment and running.
Once deployment successfully completed, we can see the related details on AKS cluster by using Azure console.
...
Congratulations! You have successfully completed the Nginx Application deployment.
Now that you have configured FlexDeploy for deployment operation using Kubernetes plugin, it is extremely easy to replicate the same for other Cloud Provider. Simply use the Copy Project feature and a new project will be created with all of the configuration completed already. You just need to make the necessary configuration changes.