The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DCOS, Kubernetes, or Swarm orchestrators. The input to acs-engine is a cluster definition file which describes the desired cluster, including orchestrator, features, and agents. The structure of the input files is very similar to the public API for Azure Container Service.
- Binary downloads for the latest version of acs-engine for are available here
curl -LO https://github.com/Azure/acs-engine/releases/download/v0.8.0/acs-engine-v0.8.0-linux-amd64.tar.gz
tar -xvzf acs-engine-v0.8.0-linux-amd64.tar.gz
In addition to using Kubernetes APIs to interact with the clusters, cluster operators may access the master and agent machines using SSH. If you don't have an SSH key cluster operators may generate a new one.
ssh-keygen -t rsa
sudo su
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | sudo tee /etc/apt/sources.list.d/azure-cli.list
apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893
apt-get install -y apt-transport-https
apt-get update
apt-get install -y azure-cli
Kubernetes clusters have integrated support for various cloud providers as core functionality. On Azure, acs-engine uses a Service Principal to interact with Azure Resource Manager (ARM). Follow the instructions to create a new service principal.
az cloud set -n AzureChinaCloud
az login
az account set --subscription="${SUBSCRIPTION_ID}" (if there is only one subscription, this step is optional)
az ad sp create-for-rbac --name XXX
Acs-engine consumes a cluster definition which outlines the desired shape, size, and configuration of Kubernetes. There are a number of features that can be enabled through the cluster definition:
- dnsPrefix - must be a region-unique name and will form part of the hostname (e.g. myprod1, staging, leapingllama)
- keyData - must contain the public portion of an SSH key - this will be associated with the adminUsername value found in the same section of the cluster definition (e.g. 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA....')
- clientId - this is the service principal's appId uuid or name from step 4
- secret - this is the service principal's password or randomly-generated password from step 4
- add location definition
"location": "chinaeast",behindapiVersion: "vlabs"
Run acs-engine generate kubernetes.json command to generate a number of files that may be submitted to ARM. By default, generate will create a new directory named after your cluster nested in the _output directory. The generated files include:
- apimodel.json - is an expanded version of the cluster definition provided to the generate command. All default or computed values will be expanded during the generate phase
- azuredeploy.json - represents a complete description of all Azure resources required to fulfill the cluster definition from apimodel.json
- azuredeploy.parameters.json - the parameters file holds a series of custom variables which are used in various locations throughout azuredeploy.json
- certificate and access config files - orchestrators like Kubernetes require certificates and additional configuration files (e.g. Kubernetes apiserver certificates and kubeconfig)
Deploy the output azuredeploy.json and azuredeploy.parameters.json
az cloud set -n AzureChinaCloud
az login
az group create -l chinaeast -n xxx
az group deployment create -g xxx --template-file azuredeploy.json --parameters azuredeploy.parameters.json
Log in to master node via SSH and run below command. If all services(like kubernetes, heapster, kube-dns, kubernetes-dashboard, tiller-deploy) in default and kube-system namespaces are working fine, it indicates the cluster were installed correctly.
kubectl get services --all-namespaces