Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Deploying the Kubernetes ACI connector on AKS – Managed Kubernetes in Azure

Last year Microsoft announced the preview of AKS – Managed Kubernetes and the new ACI connector for Kubernetes the Virtual Kubelet.

-> https://azure.microsoft.com/en-us/blog/introducing-azure-container-service-aks-managed-kubernetes-and-azure-container-registry-geo-replication/
-> https://azure.microsoft.com/en-us/blog/azure-brings-new-serverless-and-devops-capabilities-to-the-kubernetes-community/

In this blog article I will provide you with the necessary steps on how to deploy the Kubernetes ACI connector on AKS in Azure. The easiest way to achieve this is using the Azure Cloud Shell, because the Cloud Shell includes all the prerequisites like the Azure CLI, kubectl and Helm to successfully deploy the Kubernetes ACI connector on AKS.

-> https://docs.microsoft.com/en-us/azure/cloud-shell/overview
-> https://shell.azure.com/

If you would like to use Bash on Ubuntu on Windows, make sure you have installed the Azure CLI, kubectl and Helm.

AzureCLI: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest
kubectl: az aks install-cli
Helm: https://github.com/kubernetes/helm/blob/master/docs/install.md#from-script

But in this blog article the focus is on doing the deployment with the Azure Cloud Shell. Assuming you already have deployed an AKS instance, I will directly jump to the necessary steps for the deployment.

The deployment process is described on the Virtual Kubelet GitHub site.

-> https://github.com/virtual-kubelet/virtual-kubelet/tree/master/providers/azure

The first step is to deploy helm onto AKS with the command helm init. Afterwards do not move forward with the az command to install the connector. I have experienced the issue that the command will not create the correct Azure AD service principal or in other words it will create the wrong secrets in the AKS instance and does not assign the correct permissions on the resource group in Azure. So, before we move on, let us create a dedicated Azure AD service principal for the ACI connector and assign the Contributor role permissions on the resource group of the AKS instance.

-> https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#create-an-azure-active-directory-application


Afterwards execute the following command in your Azure Cloud Shell session to deploy the Kubernetes ACI connector.

az aks install-connector --resource-group AKS --name azst-aks1 --connector-name azcdmdnaciconnector --service-principal spid --client-secret spsecret


Our next step is to verify the deployment with running the commands kubectl get nodes and kubectl get pods. The result should be similar as the one in the following screenshot.


Now we can test the Kubernetes ACI connector with the following YAML file to deploy the ACI helloworld container.

apiVersion: v1
kind: Pod
  name: helloworld
  - image: microsoft/aci-helloworld
    imagePullPolicy: Always
    name: helloworld
        memory: 1G
        cpu: 1
    - containerPort: 80
      name: http
      protocol: TCP
    - containerPort: 443
      name: https
  dnsPolicy: ClusterFirst
  nodeName: virtual-kubelet-azcdmdnaciconnector-linux
  - key: azure.com/aci
    effect: NoSchedule

I have placed the YAML file in my Cloud Shell clouddrive and kicking off the test with the following command.

kubectl create -f clouddrive/aci-connector-test.yaml

-> https://docs.microsoft.com/en-us/azure/cloud-shell/persisting-shell-storage

The successful deployment of the ACI instance can be verified by running the commands kubectl get pods -o wide and az container list -o table.


Now take your browser and navigate to the public IP and you will be presented with the ACI welcome screen.


You also can see the created ACI instance in your resource group.


If you would like to use the Kubernetes dashboard you can do so executing the command kubectl proxy on your Bash on Ubuntu on Windows. Do not use the Azure Cloud Shell for it, it will not work.




WordPress Cookie Notice by Real Cookie Banner