Get Started with the Azure Container Service (AKS)

Introduction

Microsoft Azure is a flexible and versatile cloud platform for enterprise use cases, while Kubernetes is quickly becoming the standard way to manage application containers in production environment. Azure Container Service (AKS) brings these two solutions together, allowing users to quickly and easily create fully managed Kubernetes clusters.

This guide walks you, step by step, through the process of provisioning a new Kubernetes cluster on Microsoft Azure using AKS and then deploying an application to the cluster using a Bitnami Helm chart.

Overview

This guide will introduce you to AKS by provisioning a Kubernetes cluster and deploying the Bitnami WordPress Helm chart on it. This will give you a pre-configured WordPress blog that you can start using right away. But WordPress is just an example: there are hundreds of other Bitnami applications to choose from, and they're all equally easy to set up.

Here are the steps you'll follow in this tutorial:

  • Provision a Kubernetes cluster
  • Install and configure Helm
  • (Optional) Configure Helm to use charts with RBAC
  • Subscribe To Your Private Registry and Container Marketplace
  • Deploy the WordPress Helm chart
  • Access the Kubernetes dashboard
  • Log in and start using WordPress

The next sections will walk you through these steps in detail.

Assumptions and prerequisites

This guide assumes that:

Step 1: Provision a Kubernetes cluster

At the end of this step, you will have provisioned a Kubernetes cluster on AKS.

The first step is to provision a new Kubernetes cluster using the Microsoft Azure CLI. Follow these steps:

  • Log in to Microsoft Azure:

      $ az login
    

    If you have multiple subscriptions, you can optionally set the subscription you wish to use in the SUBSCRIPTION-NAME placeholder.

      $ az account set --subscription "SUBSCRIPTION-NAME"
    
  • Create a resource group and cluster. The cluster creation process can take up to 20 minutes.

      $ az group create --name aks-resource-group --location eastus
      $ az aks create --name aks-cluster --resource-group aks-resource-group --node-count 3 --generate-ssh-keys
    

    In this example, the resource group is named aks-resource-group and the cluster is named aks-cluster and is provisioned in the eastus location. If you choose different names or a different location, update the following steps to use the correct information.

  • Install kubectl, the Kubernetes command-line interface, and configure it with the credentials for the new AKS cluster:

      $ sudo az aks install-cli
      $ az aks get-credentials --name aks-cluster --resource-group aks-resource-group
    

Step 2: Install and configure Helm

At the end of this step, you will have configured Helm to work in your AKS cluster.

Next, install and configure Helm for your operating system using these instructions, and then follow the steps below:

  • Initialize Helm as shown below:

      $ helm init
    
  • Add the Bitnami repository to Helm:

      $ helm repo add bitnami https://charts.bitnami.com/bitnami
    

(Optional) Configure Helm to use charts with RBAC

IMPORTANT: This step is optional for WordPress. It is required only for those charts that use RBAC such as Elasticsearch or RabbitMQ.
At the end of this step, you will have provided Tiller the right permissions to allow Helm to deploy charts with RBAC.

Before the deployment of a Helm Chart that requires RBAC it is necessary to create the following Kubernetes objects in order to make it works with RBAC in AKS:

  • ClusterRole
  • ClusterRoleBinding
  • ServiceAccount

Follow these instructions to create those objects and upgrade Helm with this new configuration:

  • Create the ClusterRole .yaml file with the content below. In this example, it is named as clusterrole.yaml.

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      annotations:
        rbac.authorization.kubernetes.io/autoupdate: "true"
      labels:
        kubernetes.io/bootstrapping: rbac-defaults
      name: cluster-admin    rules:
    - apiGroups:
      - '*'
    resources:
      - '*'
    verbs:
      - '*'
    - nonResourceURLs:
      - '*'
    verbs:
      - '*'
    
  • To create the ClusterRole, run this command:

    $ kubectl create -f clusterrole.yaml
    
  • To create the ServiceAccount and associate it to the ClusterRole it is necessary to use a ClusterRoleBinding. To do so, execute the following commands:

    $ kubectl create serviceaccount -n kube-system tiller
    $ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
    
  • Restart the Tiller deployment using the ServiceAccount previously created:

    • If you don't initialize Helm in the previous step, you can use the following command:

        $ helm init --service-account tiller
      
    • In case that you have initialized Helm, then execute the following command:

        $ helm init --upgrade --service-account tiller
      

Step 3: Subscribe To Your Private Registry and Container Marketplace

At the end of this step, you will have created a private Azure Container Registry (ACR) synchronized with the Bitnami container registry.

Once your AKS cluster is up and running, next step is to create a private ACR to make sure that images are pulled from your private registry instead of, for example, from the public Docker Hub. Follow these steps:

  • Navigate to the Microsoft Azure Marketplace, select the image you want to deploy and click "Subscribe".
  • You will be redirected to a form. Select the subscription name and enter a name for your private registry. (If you already have an ACR, click the "Use existing" option). Finally, select the Resource group you have set in step1 and enter the Location.

    NOTE: Enable the "Auto-update" checkbox to automate container updates.

    Create a private ACR

Once you have a private registry on Azure, you need to connect it to the Bitnami container registry. That way, both will be synchronized and ready to pull the images from the Bitnami Container Catalog.

  • First, you need to create a user with read permissions in the Bitnami registry. Execute the following commands:

    NOTE: Remember to replace MY-REGISTRY and MY-USER placeholders with your registry name and Azure username, respectively.
    $ ACR_LOGIN_SERVER=$(az acr show --name MY-REGISTRY --query loginServer --output tsv)
    $ ACR_REGISTRY_ID=$(az acr show --name MY-REGISTRY --query id --output tsv)
    $ SP_PASSWD=$(az ad sp create-for-rbac --name MY-USER --role Reader --scopes $ACR_REGISTRY_ID --query password --output tsv)
    $ CLIENT_ID=$(az ad sp show --id http://MY-USER --query appId --output tsv)
    

To configure your AKS cluster to use your ACR, you need to indicate Kubernetes from where the Docker images have to be pulled, so it is necessary to specify your custom Docker registry as part of your Kubernetes object configuration. Instead of editing the corresponding yaml files, you can use Kubernetes secrets.

  • To create a Kubernetes secret, execute the commands below. Remember to define a value for MY-ACR-AUTH and to replace the EMAIL-ADDRESS placeholder with your email address:

    $ kubectl create secret docker-registry MY-ACR-AUTH \
    --docker-server $ACR_LOGIN_SERVER \
    --docker-username $CLIENT_ID \
    --docker-password $SP_PASSWD \
    --docker-email EMAIL-ADDRESS
    

Step 4: Deploy the WordPress Helm Chart

At the end of this step, you will have WordPress running in your AKS cluster.

Once Helm is installed and you have created your own ACR, you're ready to deploy WordPress using the Bitnami WordPress Helm Chart.

  • Add the Bitnami chart repository to Helm:

      $ helm repo add bitnami https://charts.bitnami.com/bitnami
    
  • Install the WordPress Helm Chart by executing the command below. Replace MY-REGISTRY and the MY-ACR-AUTH placeholders with the values you have defined in step 3:

      $ helm install bitnami/wordpress
      --set serviceType=LoadBalancer
      --set image.registry="MY-REGISTRY.azurecr.io"
      --set image.pullSecrets={MY-ACR-AUTH}
      --set image.repository=bitnami.bitnami/wordpress
      --set image.tag=latest
    
    NOTE: Once you are subscribed to an Azure Marketplace Container, the image is copied to your own registry with the name "bitnami.bitnami/wordpress". The image currently does not support other different tags except "latest".

    You should see something like the output below as the chart is installed. Pay special attention to the NOTES section of the output, as it contains important information to access the application.

    Helm chart output

  • Check pod status until both WordPress and MariaDB are "running":

      $ kubectl get pods -w
    

    Pods

  • Check services until you see the load balancer's external IP address:

      $ kubectl get svc -w wordpress-chart-wordpress --namespace default
    

    Load balancer

  • Get the credentials for the application by executing the commands shown in the output of helm install:

    Helm chart commands

Browse to the specified URL and you should see WordPress running. Here's what it should look like:

WordPress home page

You will also be able to see your cluster in the Microsoft Azure dashboard, under the "Resource groups" menu item:

Cluster details

Step 5: Access the Kubernetes dashboard

Once your WordPress Helm chart has been installed and it is running in your AKS cluster, you can access the Kubernetes dashboard to manage and monitoring your deployments in a visual way. Follow these steps:

  • To access your AKS cluster, navigate to the Microsoft Azure Portal and select the "Kubernetes services" section.
  • Click the name of the cluster you want to access. Then, click "View Kubernetes dashboard".
  • In the resulting screen, you will find a set of steps that include the commands you need to execute from a terminal window in your local system:

    Instructions to access the Kubernetes dashboard

  • Once you have executed the commands above, the Kubernetes dashboard IP address will be displayed. Enter that IP address in a web browser to access the cluster dashboard.

Step 6: Log in and start using WordPress

At the end of this step, you will have logged in to WordPress and created a new blog post.

To log in to the WordPress dashboard, follow these steps:

  • Browse to the WordPress dashboard, usually at the URL http://SERVER-IP/wp-admin.

  • Log in with the administrator credentials from the previous step.

    WordPress credentials

You should now arrive at the WordPress dashboard, which allows you to manage posts, pages and comments; customize your blog with themes and plugins; import and export content; manage navigation menus; add or delete new user accounts; and much more.

WordPress credentials

You can now add a new post using the following steps:

  • Select the "Posts -> Add New" menu option to create a new post.

    Add new WordPress post

  • Enter a title and content for the post. You can use the formatting tools at the top of the content area to format your post and add hyperlinks or images.
  • Optionally, choose the format and category for your post.
  • Publish it immediately using the "Publish" button.

    Add new WordPress post

And now, when you visit your blog's front page, you should see your new post.

WordPress post publishing

Congratulations! You now have a working, fully-functional WordPress blog in the cloud.

You can keep your WordPress installation up-to-date with the WordPress automatic update feature. To access this:

  • Log in to WordPress using the administrator account.
  • Select the "Dashboard -> Updates" menu item.

    WordPress update

  • Review the resulting page to see if WordPress needs an update. If an update is available, you can install it by clicking the "Update Now" button. You can also re-install WordPress if needed with the "Re-install Now" button.

    WordPress update

To learn more about the topics discussed in this tutorial, use the links below:

kubernetes

Bitnami Documentation