Deploy an Azure Kubernetes Service (AKS) cluster
Kubernetes provides a distributed platform for containerized applications. With AKS, you can quickly create a production ready Kubernetes cluster. In this tutorial, part three of seven, you deploy a Kubernetes cluster in AKS. You learn how to:
- Deploy a Kubernetes AKS cluster that can authenticate to an Azure Container Registry (ACR).
- Install the Kubernetes CLI,
kubectl
. - Configure
kubectl
to connect to your AKS cluster.
In later tutorials, you’ll deploy the Azure Vote application to your AKS cluster and scale and update your application.
Before you begin
In previous tutorials, you created a container image and uploaded it to an ACR instance. If you haven’t done these steps and would like to follow along, start with Tutorial 1: Prepare an application for AKS.
- If you’re using Azure CLI, this tutorial requires that you’re running the Azure CLI version 2.0.53 or later. Run
az --version
to find the version. If you need to install or upgrade, see Install Azure CLI. - If you’re using Azure PowerShell, this tutorial requires that you’re running Azure PowerShell version 5.9.0 or later. Run
Get-InstalledModule -Name Az
to find the version. If you need to install or upgrade, see Install Azure PowerShell.
Create a Kubernetes cluster
AKS clusters can use Kubernetes role-based access control (Kubernetes RBAC), which allows you to define access to resources based on roles assigned to users. If a user is assigned multiple roles, permissions are combined. Permissions can be scoped to either a single namespace or across the whole cluster.
To learn more about AKS and Kubernetes RBAC, see Control access to cluster resources using Kubernetes RBAC and Azure Active Directory identities in AKS.
Create an AKS cluster using az aks create
. The following example creates a cluster named myAKSCluster in the resource group named myResourceGroup. This resource group was created in the previous tutorial in the eastus region. The AKS cluster will also be created in the eastus region.
For more information about AKS resource limits and region availability, see Quotas, virtual machine size restrictions, and region availability in AKS.
To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created. In this example, the cluster identity is granted the right to pull images from the ACR instance you created in the previous tutorial. To execute the command successfully, you’re required to have an Owner or Azure account administrator role in your Azure subscription.
Azure CLI
az aks create \
--resource-group myResourceGroup \
--name myAKSCluster \
--node-count 2 \
--generate-ssh-keys \
--attach-acr <acrName>
To avoid needing an Owner or Azure account administrator role, you can also manually configure a service principal to pull images from ACR. For more information, see ACR authentication with service principals or Authenticate from Kubernetes with a pull secret. Alternatively, you can use a managed identity instead of a service principal for easier management.
After a few minutes, the deployment completes and returns JSON-formatted information about the AKS deployment.
Note: To ensure your cluster operates reliably, you should run at least two nodes.
Install the Kubernetes CLI
Use the Kubernetes CLI, kubectl
, to connect to the Kubernetes cluster from your local computer.
If you use the Azure Cloud Shell, kubectl
is already installed. You can also install it locally using the az aks install-cli
command.
Azure CLI
az aks install-cli
Connect to cluster using kubectl
To configure kubectl
to connect to your Kubernetes cluster, use the az aks get-credentials
command. The following example gets credentials for the AKS cluster named myAKSCluster in myResourceGroup.
Azure CLI
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
To verify connection to your cluster, run kubectl get nodes
to return a list of cluster nodes.
Azure CLI
kubectl get nodes
The following example output shows the list of cluster nodes.
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-nodepool1-37463671-vmss000000 Ready agent 2m37s v1.18.10
aks-nodepool1-37463671-vmss000001 Ready agent 2m28s v1.18.10