Azure Kubernetes Service

The MICO development environment runs on the Azure Kubernetes Service (AKS).

First steps

To connect to the cluster you need two command-line tools:

• kubectl: Install and Set Up kubectl
• Azure CLI az: Install the Azure CLI

To be able to execute the cluster related commands used in this documentation set following environment variables:

export LOCATION=westeurope
export RESOURCE_GROUP=ust-mico
export CLUSTER_NAME=ust-mico-cluster-aks
export RESOURCE_GROUP_NODE=MC_$RESOURCE_GROUP\_$CLUSTER_NAME\_$LOCATION

Sign in to Azure (more information):

az login

Configure kubectl to connect to the cluster (more information):

az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --admin

If you use kubectl to connect to multiple clusters, it’s useful to use multiple contexts. To switch to the automatically created context of the MICO cluster, use

kubectl config use-context $CLUSTER_NAME-admin

Cluster details

Current cluster:

• VM: Standard_B2ms (2 vCPUs, 8 GB RAM)
• Nodes: 3
• OS Disk Size: 30 GB
• Location: westeurope
• Kubernetes version: 1.13.5

Get the details for a managed Kubernetes cluster:

az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME

Costs:

With two nodes we currently consume about 4 € per day.

You can check the current costs either in the Azure Portal under “Visual Studio Enterprise - Cost analysis” or in the subscription dashboard of your Azure account.

Upgrade Kubernetes

Upgrade an Azure Kubernetes Service (AKS) cluster

Check if there are updates available:

az aks get-upgrades --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --output table

Upgrade Kubernetes to specific version:

az aks upgrade --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --kubernetes-version 1.12.6

Confirm that the upgrade was successful:

az aks show --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --output table

Cluster creation

Resource group

Our self created resource group is named ust-mico-resourcegroup. Whenever a resource group is created, “the AKS resource provider automatically creates the second one during deployment, such as MC_myResourceGroup_myAKSCluster_eastus” (FAQ AKS). This second resource group contains all of the infrastructure resources associated with the cluster (e.g. Kubernetes node VMs, virtual networking, and storage). The automatically created second resource group is named MC_ust-mico-resourcegroup_ust-mico-cluster_westeurope. It is a concatention of MC_$RESOURCE_GROUP\_$CLUSTER_NAME\_$LOCATION.

Create Azure Kubernetes Service (AKS)

Create AKS:

az aks create --resource-group $RESOURCE_GROUP \
--name $CLUSTER_NAME \
--generate-ssh-keys \
--kubernetes-version 1.13.5 \
--node-vm-size Standard_B2ms \
--node-count 2

For more information see Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster.

Cluster deletion

Delete cluster:

az aks delete --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME \

Redeploy an Azure Kubernetes Service (AKS) cluster

If an AKS cluster was deleted by accident or was removed and should be setup again.

Create AKS:

Use command to create an AKS cluster like described above in section Create Azure Kubernetes Service (AKS).

Setup credentials again:

• on Jenkins VM:

  • remove old config file in ~/.kube/ (only if new cluster has the same name as the old cluster)

  • get new credentials:

    az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME
    

  • copy the new generate config file from ~/.kube/ to /var/lib/jenkins:

    sudo cp ~/.kube/config /var/lib/jenkins
    

  • set ownership of config file to jenkins user + jenkins group

    sudo chown jenkins:jenkins /var/lib/jenkins/config
    

Cluster management

Open Kubernetes dashboard

az aks browse --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME

Grant full admin privileges to Dashboard’s Service Account more information:

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard \
 && kubectl label clusterrolebinding kubernetes-dashboard k8s-app=kubernetes-dashboard

WARNING: This configuration of a ClusterRoleBinding may lead to security issues, there is no additional authentication and the dashboard is publicly accessable! Access the Kubernetes web dashboard in Azure Kubernetes Service (AKS)

Public Access

Create static IP address for the MICO dashboard:

For a stable, public access to the MICO dashboard, a static IP address is recommended. An IP address in Azure with the name mico-dashboard-ip can be generated by:

az network public-ip create \
    --resource-group $RESOURCE_GROUP_NODE \
    --name mico-dashboard-ip \
    --allocation-method static

Get the assigned IP address:

az network public-ip show --resource-group $RESOURCE_GROUP_NODE --name mico-dashboard-ip --query ipAddress --output tsv

The dashboard of mico-admin is accessible via http://40.118.1.61/dashboard.

Side note: It was not possible to expose the deployment mico-admin via the command kubectl expose deployment mico-admin --external-ip=... because it created a complete new IP address instead of just using the specified external IP address.

Create static IP address for the OpenFaaS Portal:

To get a static access to the OpenFaaS Portal, you can also create a static IP address for it:

az network public-ip create \
    --resource-group $RESOURCE_GROUP_NODE \
    --name mico-openfaas-portal-ip \
    --allocation-method static

Get the assigned IP address:

az network public-ip show --resource-group $RESOURCE_GROUP_NODE --name mico-openfaas-portal-ip --query ipAddress --output tsv

The OpenFaaS portal is accessible via http://40.115.25.83:8080/ui.