Deploying the Kubernetes ACI connector on AKS – Managed Kubernetes in Azure

Last year Microsoft announced the preview of AKS – Managed Kubernetes and the new ACI connector for Kubernetes the Virtual Kubelet.

-> https://azure.microsoft.com/en-us/blog/introducing-azure-container-service-aks-managed-kubernetes-and-azure-container-registry-geo-replication/
-> https://azure.microsoft.com/en-us/blog/azure-brings-new-serverless-and-devops-capabilities-to-the-kubernetes-community/

In this blog article I will provide you with the necessary steps on how to deploy the Kubernetes ACI connector on AKS in Azure. The easiest way to achieve this is using the Azure Cloud Shell, because the Cloud Shell includes all the prerequisites like the Azure CLI, kubectl and Helm to successfully deploy the Kubernetes ACI connector on AKS.

-> https://docs.microsoft.com/en-us/azure/cloud-shell/overview
-> https://shell.azure.com/

If you would like to use Bash on Ubuntu on Windows, make sure you have installed the Azure CLI, kubectl and Helm.

AzureCLI: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest
kubectl: az aks install-cli
Helm: https://github.com/kubernetes/helm/blob/master/docs/install.md#from-script

But in this blog article the focus is on doing the deployment with the Azure Cloud Shell. Assuming you already have deployed an AKS instance, I will directly jump to the necessary steps for the deployment.

The deployment process is described on the Virtual Kubelet GitHub site.

-> https://github.com/virtual-kubelet/virtual-kubelet/tree/master/providers/azure

The first step is to deploy helm onto AKS with the command helm init. Afterwards do not move forward with the az command to install the connector. I have experienced the issue that the command will not create the correct Azure AD service principal or in other words it will create the wrong secrets in the AKS instance and does not assign the correct permissions on the resource group in Azure. So, before we move on, let us create a dedicated Azure AD service principal for the ACI connector and assign the Contributor role permissions on the resource group of the AKS instance.

-> https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#create-an-azure-active-directory-application

aksaciconnector02aksaciconnector01

Afterwards execute the following command in your Azure Cloud Shell session to deploy the Kubernetes ACI connector.

az aks install-connector --resource-group AKS --name azst-aks1 --connector-name azcdmdnaciconnector --service-principal spid --client-secret spsecret

aksaciconnector03

Our next step is to verify the deployment with running the commands kubectl get nodes and kubectl get pods. The result should be similar as the one in the following screenshot.

aksaciconnector04

Now we can test the Kubernetes ACI connector with the following YAML file to deploy the ACI helloworld container.

apiVersion: v1
kind: Pod
metadata:
  name: helloworld
spec:
  containers:
  - image: microsoft/aci-helloworld
    imagePullPolicy: Always
    name: helloworld
    resources:
      requests:
        memory: 1G
        cpu: 1
    ports:
    - containerPort: 80
      name: http
      protocol: TCP
    - containerPort: 443
      name: https
  dnsPolicy: ClusterFirst
  nodeName: virtual-kubelet-azcdmdnaciconnector-linux
  tolerations:
  - key: azure.com/aci
    effect: NoSchedule

I have placed the YAML file in my Cloud Shell clouddrive and kicking off the test with the following command.

kubectl create -f clouddrive/aci-connector-test.yaml

-> https://docs.microsoft.com/en-us/azure/cloud-shell/persisting-shell-storage

The successful deployment of the ACI instance can be verified by running the commands kubectl get pods -o wide and az container list -o table.

aksaciconnector06

Now take your browser and navigate to the public IP and you will be presented with the ACI welcome screen.

aksaciconnector07

You also can see the created ACI instance in your resource group.

aksaciconnector08

If you would like to use the Kubernetes dashboard you can do so executing the command kubectl proxy on your Bash on Ubuntu on Windows. Do not use the Azure Cloud Shell for it, it will not work.

aksaciconnector05

Facebooktwittergoogle_pluslinkedinmail

One thought on “Deploying the Kubernetes ACI connector on AKS – Managed Kubernetes in Azure

  1. Pingback: Deploying the Kubernetes ACI connector on Kubernetes on Docker for Windows - Daniel's Tech Blog

Comments are closed.