Skip to content

Latest commit

 

History

History
92 lines (78 loc) · 5.53 KB

File metadata and controls

92 lines (78 loc) · 5.53 KB

Microsoft acs-engine deployment guide on Azure China

The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DCOS, Kubernetes, or Swarm orchestrators. The input to acs-engine is a cluster definition file which describes the desired cluster, including orchestrator, features, and agents. The structure of the input files is very similar to the public API for Azure Container Service.

1. download acs-engine binary

  • take acs-engine v0.26.3 as an example
acs_version=v0.26.3
wget https://mirror.azure.cn/kubernetes/acs-engine/$acs_version/acs-engine-$acs_version-linux-amd64.tar.gz
tar -xvzf acs-engine-$acs_version-linux-amd64.tar.gz

as an alternative, you could also Build acs-engine from source

2. Generate an SSH Key

In addition to using Kubernetes APIs to interact with the clusters, cluster operators may access the master and agent machines using SSH. If you don't have an SSH key cluster operators may generate a new one.

ssh-keygen -t rsa
sudo su
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893
apt-get install -y apt-transport-https
apt-get update
apt-get install -y azure-cli

4. Create a Service Principle

Kubernetes clusters have integrated support for various cloud providers as core functionality. On Azure, acs-engine uses a Service Principal to interact with Azure Resource Manager (ARM). Follow the instructions to create a new service principal.

az cloud set -n AzureChinaCloud
az login
az account set --subscription="${SUBSCRIPTION_ID}" #if there is only one subscription, this step is optional
az ad sp create-for-rbac -n RBAC_NAME --role="Contributor" --scopes="/subscriptions/{subs-id}"

5. Clone & edit kubernetes cluster definition file example/kubernetes.json

Acs-engine consumes a cluster definition which outlines the desired shape, size, and configuration of Kubernetes. There are a number of features that can be enabled through the cluster definition:

  • adminUsername - change username for agent nodes
  • dnsPrefix - must be a region-unique name and will form part of the hostname (e.g. myprod1, staging, leapingllama)
  • keyData - must contain the public portion of an SSH key - this will be associated with the adminUsername value found in the same section of the cluster definition (e.g. 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA....')
  • clientId - this is the service principal's appId uuid or name from step 4
  • secret - this is the service principal's password or randomly-generated password from step 4
  • add location definition "location": "chinaeast", behind apiVersion: "vlabs"

specify location as (chinaeast, chinanorth, chinaeast2, chinanorth2) in cluster defination file

6. Generate ARM templates

Run ./acs-engine generate kubernetes.json command to generate a number of files that may be submitted to ARM. By default, generate will create a new directory(naming as dnsPrefix) after your cluster nested in the _output directory. The generated files include:

  • apimodel.json - is an expanded version of the cluster definition provided to the generate command. All default or computed values will be expanded during the generate phase
  • azuredeploy.json - represents a complete description of all Azure resources required to fulfill the cluster definition from apimodel.json
  • azuredeploy.parameters.json - the parameters file holds a series of custom variables which are used in various locations throughout azuredeploy.json
  • certificate and access config files - orchestrators like Kubernetes require certificates and additional configuration files (e.g. Kubernetes apiserver certificates and kubeconfig)

7. Deploy K8S cluster with ARM

Deploy the output azuredeploy.json and azuredeploy.parameters.json

# create a resource group first
RESOURCE_GROUP_NAME=demo-k8s
az group create -l chinaeast -n $RESOURCE_GROUP_NAME

# deploy ARM template
dnsPrefix=demo-k8s
az group deployment create \
    --name="$dnsPrefix" \
    --resource-group=$RESOURCE_GROUP_NAME \
    --template-file="./_output/$dnsPrefix/azuredeploy.json" \
    --parameters "@./_output/$dnsPrefix/azuredeploy.parameters.json"

8. Verify the cluster status

  • Log in to master node via SSH by
ssh adminUsername@<master_node_fqdn>

usually master_node_fqdn is $dnsPrefix.$REGION.cloudapp.chinacloudapi.cn

  • run below command
kubectl get services --all-namespaces

If all services(like kubernetes, heapster, kube-dns, kubernetes-dashboard, tiller-deploy) in default and kube-system namespaces are working fine, it indicates the cluster were installed correctly.

Tips

/var/log/azure/cluster-provision.log