Deploy AKS cluster and connect it to Azure Arc using an Azure ARM template

The following Jumpstart scenario will guide you on how to use the provided Azure ARM Template to deploy an Azure Kubernetes Service (AKS) cluster and connected it as an Azure Arc cluster resource.

NOTE: Since AKS is a 1st-party Azure solution and natively supports capabilities such as Azure Monitor integration as well as GitOps configurations, it is not expected for an AKS cluster to be projected as an Azure Arc-enabled Kubernetes cluster. Connecting an Azure Kubernetes Service (AKS) cluster to Azure Arc is only required for running Arc enabled services like App Services and Data Services on the cluster.

Prerequisites

  • Clone the Azure Arc Jumpstart repository

    git clone https://github.com/microsoft/azure_arc.git
    
  • Install or update Azure CLI to version 2.25.0 and above. Use the below command to check your current installed version.

    az --version
    
  • Generate SSH Key (or use existing ssh key).

  • Create Azure service principal (SP)

    To be able to complete the scenario and its related automation, Azure service principal assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Contributor" --scopes /subscriptions/$subscriptionId
    

    For example:

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "JumpstartArcK8s" --role "Contributor" --scopes /subscriptions/$subscriptionId
    

    Output should look like this:

    {
    "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "displayName": "JumpstartArcK8s",
    "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    NOTE: If you create multiple subsequent role assignments on the same service principal, your client secret (password) will be destroyed and recreated each time. Therefore, make sure you grab the correct password.

    NOTE: The Jumpstart scenarios are designed with as much ease of use in-mind and adhering to security-related best practices whenever possible. It is optional but highly recommended to scope the service principal to a specific Azure subscription and resource group as well considering using a less privileged service principal account

Deployment

  • Before deploying the ARM template, determine which AKS Kubernetes versions are available in your region using the below Azure CLI command.

    az aks get-versions -l "<Your Azure Region>"
    
  • The deployment is using the template parameters file. Before initiating the deployment, edit the azuredeploy.parameters.json file to match your environment and using one of the available Kubernetes Versions from the previous step.

    Screenshot of Azure ARM template

  • To deploy the ARM template, navigate to the deployment folder and run the below command:

    az group create --name <Name of the Azure resource group> --location <Azure Region>
    az deployment group create \
    --resource-group <Name of the Azure resource group> \
    --name <The name of this deployment> \
    --template-uri https://raw.githubusercontent.com/microsoft/azure_arc/main/azure_arc_k8s_jumpstart/aks/arm_template/azuredeploy.json \
    --parameters <The *azuredeploy.parameters.json* parameters file location>
    

    For example:

    az group create --name Arc-AKS-Demo --location "East US"
    az deployment group create \
    --resource-group Arc-AKS-Demo \
    --name arcaksdemo01 \
    --template-uri https://raw.githubusercontent.com/microsoft/azure_arc/main/azure_arc_k8s_jumpstart/aks/arm_template/azuredeploy.json \
    --parameters azuredeploy.parameters.json
    
  • Once the ARM template deployment is completed, a new AKS cluster in a new Azure resource group is created.

    Screenshot of Azure portal showing AKS resource

    Screenshot of Azure portal showing AKS resource

Automation Flow

For you to get familiar with the automation and deployment flow, below is an explanation.

  • User is editing the environment variables in the Shell script file (1-time edit) which then be used throughout the deployment.
  • User is uploading the script to Azure Cloud Shell and running the shell script. The script will:
    • Connect to Azure using SPN credentials.
    • Get AKS credentials.
    • Install Azure Arc CLI extensions.
    • Connecting the cluster to Azure Arc.
  • User is verifying the Arc-enabled Kubernetes cluster.

Connecting to Azure Arc

  • Now that you have a running AKS cluster, edit the environment variables section in the included az_connect_aks shell script.

    Screenshot of az_connect_aks shell script

    For example:

    Screenshot of az_connect_aks shell script

  • In order to keep your local environment clean and untouched, we will use Azure Cloud Shell (located in the top-right corner of the Azure portal) to run the az_connect_aks shell script against the AKS cluster. Make sure Cloud Shell is configured to use Bash.

    Screenshot of Azure Cloud Shell button in Visual Studio Code

  • After editing the environment variables in the az_connect_aks shell script to match your parameters, save the file and then upload it to the Cloud Shell environment and run it using the . ./az_connect_aks.sh command.

    NOTE: The extra dot is due to the script having an export function and needs to have the vars exported in the same shell session as the other commands.

    Screenshot showing upload of file to Cloud Shell

    Screenshot showing upload of file to Cloud Shell

  • Once the script run has finished, the AKS cluster will be projected as a new Azure Arc cluster resource.

    Screenshot showing Azure portal with Azure Arc-enabled Kubernetes resource

    Screenshot showing Azure Portal with Azure Arc-enabled Kubernetes resource

    Screenshot showing Azure Portal with Azure Arc-enabled Kubernetes resource

Delete the deployment

The most straightforward way is to delete the Azure Arc cluster resource via the Azure Portal, just select the cluster and delete it.

Screenshot showing how to delete Azure Arc-enabled Kubernetes resource

If you want to nuke the entire environment, run the below commands.

az deployment group delete --name <Deployment name> --resource-group <Azure resource group name>
az group delete --name <Azure resource group name> --yes

For example:

az deployment group delete --name arcaksdemo01 --resource-group Arc-AKS-Demo
az group delete --name Arc-AKS-Demo --yes