AKS - Part 4 - Create AKS - Azure CLI
Before start it
Before creating a new AKS you might like to know the things you can change after creating the cluster and the things you can’t.
- IP authorized to access Kubernetes API
- Attach and detach Azure Container Register
- Enable or disable cluster autoscaler
- Add or Remove pools
- When using Standard Load Balancer you can add or remove outbound IPs and ports
- Integrate an existing cluster with AD and/or the integration credentials
- AKS Service Principal
- Rotate Kubernetes API certificates
- Upgrade Kubernetes version
- Enable or Disable add-on
- SSH keys when using VirtualMachineScaleSets
- AKS Subscription or Resource Group
- SSH keys when using AvailabilitySet
- Enable or Disable RBAc
- Kubernetes API DNS and IP
- Docker bridge, Pod and Service CIDR
- Integrate managed identity
- Enable private cluster
- Load Balancer SKU
- Network Plugin
- Network Policy
- VM Size of an existing nodepool
- Enable or Disable paid SLA
If you need to change any of those listed above you have to delete your AKS and create a new one
How to create a new AKS
Azure offers you different ways to create a resource and there are also third-part tools you can use.
|Azure Portal||Easy to use||Pretty hard to automate it; Low customization|
|Azure CLI||Full customization and automation||Learning Curve|
|Terraform||Full customization and automation||Learning Curve|
I rather use terraform since I can use the same tool later to work with AWS or any other cloud provider
Some decisions to make
The very first decision you have to make is related to the Network plugin and the Load Balancer.
- Load Balancer
If you need to customize outbound IPs and fine tune your outbound traffic you must use a Standard Load Balancer. The Basic Load Balancer does not support outbound IP configuration.
- Network Plugin
If you plan to use Azure Network Policy you must use Azure CNI as Network Plugin
- Cluster Auto Scaler
If you enable cluster Auto Scaler please mind that the min-counter and the max-couter need to have valid values based on the number of nodes your cluster type supports.
Docker bridge address, pod CIDR and Service CIDR can not overlap each other
In order to understand the AZ CLI commands and figure out what else can you do with it just check the Azure CLI doc page
Steps to follow
- Export some Environment variables
- Create VNET Resource Group
- Create VNET and SUBNET
- Create AKS Resource Group
- Create AKS Service Principal
- Use the output to export some other env variables
- Get SUBNET ID
- Add AKS SP Owner of the VNET RG
- Get Kubernetes Credentials
Commands to execute
We created a cluster with the capability of auto scale. The minimum amount of nodes is 2 and the maximum is 5. AKS Auto scaler will scale the cluster considering the number of pods that are “evicted”.
When a node in a Kubernetes cluster is running out of memory or disk, it activates a flag signaling that it is under pressure. This blocks any new allocation in the node and starts the eviction process. At that moment, kubelet starts to reclaim resources, killing containers and declaring pods as failed until the resource usage is under the eviction threshold again.
AKS Auto Scaler does not consider CPU and memory to scale up your cluster. It will thou use hardware metrics to scale your cluster down.