This project enables you to use an ARM template to deploy an Azure Container Service (AKS) cluster with Embotics® vCommander® and add the deployed cluster to vCommander's inventory as a cloud account (managed system).

Prerequisites

• vCommander release 7.0.2 or greater

• Add an Azure subscription as a vCommandercloud account (managed system). See Adding a Cloud Account (Managed System) to learn how.

Install plug-in workflow step packages

This scenario uses the following plug-in workflow steps:

• Kubernetes plug-in workflow step package (wfplugins-k8s.jar), which provides a plug-in workflow step to add the deployed Kubernetes cluster to vCommander’s inventory as a cloud account (managed system)

• Azure plug-in workflow step package (wfplugins-azure.jar), which provides a plug-in workflow step to retrieve the kubeconfig of an AKS Kubernetes cluster created through an Azure template in a vCommander service

Go to Embotics GitHub / Plug-in Workflow-Steps and clone or download the repository. Then in your local version of the repo, browse to the k8s and azure directories, which contain the Kubernetes and Azure plug-in workflow step packages. 

To learn how to download and install workflow plug-in steps, see Adding plug-in workflow steps.

Download scenario files

Go to Embotics GitHub / Scenarios and clone or download the Deploy-Kubernetes-Cluster-Azure-AKS repository. Then install the following workflows: 

Download the following files from this project:

• aks.template : an ARM template that you will add to the service catalog

• Add AKS Cluster.yaml : a vCommander completion workflow for Cloud Template components that you will import

Import the completion workflow

Import a vCommander completion workflow to complete the provisioning and configuration of the cluster. 

Go to Embotics Git Hub / Scenarios and clone or download the repository.

1. In vCommander, go to Configuration > Service Request Configuration > Completion Workflows and click Import.

2. Go to the Scenarios repo that you cloned or downloaded, then from the Deploy-Kubernetes-Cluster-Azure-AKS directory, select the Add AKS Cluster.yaml file, and click Open.

   vCommander automatically validates the workflow and displays the validation results in the Messages area of the Import Workflow dialog.

3. Enter a comment about the workflow in the Description of Changes field, and click Import.

        To learn more, see Importing and Exporting Workflow Definitions in the vCommander User Guide.

Create the required Azure objects

This section describes how to prepare Azure for AKS.

Create a resource group

A resource group is required to create AKS cluster resources.  The top-level resource group can be used, but here we're creating a dedicated resource group.

The resource group can be created from either the Azure CLI or the portal.

From CLI

Choose a name and location for the resource group.

$ az group create --name AKS-Resource-Group --location eastus
{
  "id": "/subscriptions/5823acf6-3825-4ad9-bc87-719962439177/resourceGroups/AKS-Resource-Group",
  "location": "eastus",
  "managedBy": null,
  "name": "AKS-Resource-Group",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null
}

From Portal

1. In the Azure portal, select Resource Groups and click + Add.  Enter a name and select a subscription and location. 

2. Click Create.

Create a service principal

A service principal is required to deploy an AKS Kubernetes cluster. You can create the service principal from either the Azure CLI or the portal.

From CLI

Choose a name for the service principal, such as "AKS-SP".

$ az ad sp create-for-rbac --name AKS-SP
{
  "appId": "da5ba8fc-6fce-4fb1-8cbd-99c6edce1f7a",
  "displayName": "AKS-SP",
  "name": "http://AKS-SP",
  "password": "37c2ab86-368a-4bc7-adb9-50642a65efbc",
  "tenant": "65d36aa6-46ad-4368-9c57-dfc18a3f69f7"
}

From Portal

1. In the Azure portal, select Azure Active Directory > App registrations > New application registration.

2. Enter the service principal name and a sign-on URL. You may enter any valid URL.

   

3. Click Create.                  

   

4. Click Settings > Keys.  Enter a Description and select a Duration. Click Save.                

   

   Important: Copy and save the displayed key value!  You will not be able to access it later.

5. Now give permission to the service principal to manage the resource group.

6. Select the previously created resource group. Click Access Control (IAM).

7. Click + Add to add the service principal.

8. Select Contributor for the Role.  Under Select, enter the service principal name.               

   

9. Click Save.

Create a vCommander deployment destination

For general information on creating a deployment destination for Azure, see Configuring Automated Deployment for Approved Service Requests. 

Note the following: 

• On the Target page, select the resource group created earlier, for example AKS-Resource-Group.

• On the Subnets page, select any subnet from Available Subnets and move it to Configured Subnets.  If no subnets are available, you must create one in Azure. This subnet is not used by AKS, but selecting one is necessary to set up a deployment destination.

Create a service catalog entry for users to request

1. In vCommander, go to Configuration > Service Request Configuration > Service Catalog.
2. Click Add Service.
3. Enter a service name and description, then click Next. 
4. On the Component Blueprints page, click Add > ARM Template.
5. Browse to the downloaded aks.template file and click OK.
6. On the ArmTemplate component page, change the component name to something more descriptive, such as "AKS ARM Template".
7. Assign the downloaded completion workflow to the component.                   

   

8. Now, set up the request form for this component. On the Form tab, under the Toolbox, click Input Text Field.
9. For the Display Label, enter "Kubernetes Cluster Name". Click OK.              

   

10. Now we configure parameters required by the ARM template. On the Parameters tab, enter the following parameter values:

• dnsPrefix: #{form.inputField['Kubernetes Cluster Name']}
• resourceName: #{form.inputField['Kubernetes Cluster Name']}
• servicePrincipalClientId: ID of service principal created above
• servicePrincipalClientSecret: Password/Key of service principal created above
• sshRSAPublicKey: Contents of ~/.ssh/id_rsa.pub

11. Modify the other parameters as needed.                  

    

12. On the Summary page, click Finish. 
13. Click Finish again to create the service.

Submit a service request

The service is now configured and ready to test. 

1. In vCommander or the Service Portal, go to the Service Catalog and request the service you just created. 

2. On the Component form, enter a cluster name and click Submit.              

   

The deployed cluster will automatically be added to vCommander as a cloud account (managed system).