public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-17 10:25:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial docs for AKS V2 provisioning features

Browse Source
This commit is contained in:
Catherine Luse
2021-05-27 21:05:43 -07:00
parent bb1ec64720
commit 232fd15ae2
2 changed files with 134 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md
+96
View File
@@ -0,0 +1,96 @@
---
title: AKS Cluster Configuration Reference
weight: 4
---
### Changes in v2.6
- Support for node pools
- Support for private clusters
- Enabled autoscaling node pools
- The AKS permissions are now configured in cloud credentials
- For networking, a new field was added in the UI: Support Private Kubernetes Service
### HTTP Application
This feature allows you to set up an ingress controller in Azure.
### Account Access
Complete each drop-down and field using the information obtained for your IAM policy.
| Setting | Description |
| ---------- | -------------------------------------------------------------------------------------------------------------------- |
| Region | From the drop-down choose the geographical region in which to build your cluster. |
| Cloud Credentials | Select the cloud credentials that you created for your IAM policy. For more information on creating cloud credentials in Rancher, refer to [this page.]({{<baseurl>}}/rancher/v2.x/en/user-settings/cloud-credentials/) |
[Microsoft Documentation: How to create and use an SSH public and private key pair](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys)
# OLD
1. Use your subscription ID, tenant ID, app ID, and client secret to give your cluster access to AKS. If you don't have all of that information, you can retrieve it using these instructions:
- **App ID and tenant ID:** To get the app ID and tenant ID, you can go to the Azure Portal, then click **Azure Active Directory**, then click **App registrations,** then click the name of the service principal. The app ID and tenant ID are both on the app registration detail page.
- **Client secret:** If you didn't copy the client secret when creating the service principal, you can get a new one if you go to the app registration detail page, then click **Certificates & secrets**, then click **New client secret.**
- **Subscription ID:** You can get the subscription ID is available in the portal from **All services > Subscriptions.**
# NEW
# Cloud Credentials
### Subscription
### Tenant
It's possible to have multiple Tenants under an Azure Subscription.
# Node Options
Node Options need to have these two options added: VM Sizes and Node Count, which then tie into Availability Zones (AZ).
Not all regions have support for AZs.
### Node Autoscaler
# Node Pools
The Azure interface allows users to specify whether a Primary Node Pool relies on either `system` (normally used for control planes) and `user` (what is most typically needed for Rancher).
For Primary Node Pools, you can specify Mode, OS, Count and Size.
For subsequent node pools, the Rancher UI forces the default of user.
### agentpools
### Node Count
There are maximums tied to subscriptions we need to warn about.
### OS
Linux and Windows pools aren't interchangeable (or cross-accessible)
### OS Disk Size
OS Disk Size: not exposed in the API?
### Maximum Pods per Node
Maximum pods per node defaults to 110 with a maximum of 250.
# Networking
Can adopt HTTP App Routing.
### Security
along with section for Security with a new field: Support Private Kubernetes Service Support.
### Load Balancing
There are two choices: Standard and Basic. Some are specific to regions and AZs. We default to Standard because Basic has fewer options and may be deprecated soon.
# Private and Public Clusters
There are questions about whether private nodes are in fact public.
content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md
+38 -42
View File
@@ -8,7 +8,17 @@ aliases:
You can use Rancher to create a cluster hosted in Microsoft Azure Kubernetes Service (AKS).
## Prerequisites in Microsoft Azure
- [Prerequisites in Microsoft Azure](#prerequisites-in-microsoft-azure)
- [Setting Up the Service Principal with the Azure Command Line Tool](#setting-up-the-service-principal-with-the-azure-command-line-tool)
- [Setting Up the Service Principal from the Azure Portal](#setting-up-the-service-principal-from-the-azure-portal)
- [1. Create the AKS Cloud Credentials](#1-create-the-aks-cloud-credentials)
- [2. Create the AKS Cluster](#2-create-the-aks-cluster)
- [Role-based Access Control](#role-based-access-control)
- [AKS Cluster Configuration Reference](#aks-cluster-configuration-reference)
- [Minimum AKS Permissions](#minimum-aks-permissions)
- [Syncing](#syncing)
# Prerequisites in Microsoft Azure
>**Note**
>Deploying to AKS will incur charges.
@@ -70,23 +80,14 @@ You can also follow these instructions to set up a service principal and give it
1. Go to the Microsoft Azure Portal [home page](https://portal.azure.com).
1. Click **Azure Active Directory.**
1. Click **App registrations.**
1. Click **New registration.**
1. Enter a name. This will be the name of your service principal.
1. Optional: Choose which accounts can use the service principal.
1. Click **Register.**
1. You should now see the name of your service principal under **Azure Active Directory > App registrations.**
1. Click the name of your service principal. Take note of the tenant ID and application ID (also called app ID or client ID) so that you can use it when provisioning your AKS cluster. Then click **Certificates & secrets.**
1. Click **New client secret.**
1. Enter a short description, pick an expiration time, and click **Add.** Take note of the client secret so that you can use it when provisioning the AKS cluster.
**Result:** You have created a service principal and you should be able to see it listed in the **Azure Active Directory** section under **App registrations.** You still need to give the service principal access to AKS.
@@ -94,54 +95,34 @@ You can also follow these instructions to set up a service principal and give it
To give role-based access to your service principal,
1. Click **All Services** in the left navigation bar. Then click **Subscriptions.**
1. Click the name of the subscription that you want to associate with your Kubernetes cluster. Take note of the subscription ID so that you can use it when provisioning your AKS cluster.
1. Click **Access Control (IAM).**
1. In the **Add role assignment** section, click **Add.**
1. In the **Role** field, select a role that will have access to AKS. For example, you can use the **Contributor** role, which has permission to manage everything except for giving access to other users.
1. In the **Assign access to** field, select **Azure AD user, group, or service principal.**
1. In the **Select** field, select the name of your service principal and click **Save.**
**Result:** Your service principal now has access to AKS.
# 1. Create the AKS Cloud Credentials
## Create the AKS Cluster
1. From the **Cluster Management** global app, click **Cloud Credentials.**
1. Click **Create.**
1. Click **Azure AKS.**
1. Fill out the form. For help with filling out the form, see the [configuration reference.]({{<baseurl>}}/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference)
# 2. Create the AKS Cluster
Use Rancher to set up and configure your Kubernetes cluster.
1. From the **Clusters** page, click **Add Cluster**.
1. Choose **Azure Kubernetes Service**.
1. From the **Cluster Management** global app, click **Clusters.**
1. Click **Create.**
1. Choose **Azure AKS**.
1. Enter a **Cluster Name**.
1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user.
1. Fill out the form. For help with filling out the form, see the [configuration reference.]({{<baseurl>}}/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference)
1. Use your subscription ID, tenant ID, app ID, and client secret to give your cluster access to AKS. If you don't have all of that information, you can retrieve it using these instructions:
- **App ID and tenant ID:** To get the app ID and tenant ID, you can go to the Azure Portal, then click **Azure Active Directory**, then click **App registrations,** then click the name of the service principal. The app ID and tenant ID are both on the app registration detail page.
- **Client secret:** If you didn't copy the client secret when creating the service principal, you can get a new one if you go to the app registration detail page, then click **Certificates & secrets**, then click **New client secret.**
- **Subscription ID:** You can get the subscription ID is available in the portal from **All services > Subscriptions.**
1. Use **Cluster Options** to choose the version of Kubernetes, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options.**
1. Complete the **Account Access** form using the output from your Service Principal. This information is used to authenticate with Azure.
1. Use **Nodes** to provision each node in your cluster and choose a geographical region.
[Microsoft Documentation: How to create and use an SSH public and private key pair](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys)
<br/>
1. Click **Create**.
<br/>
1. Review your options to confirm they're correct. Then click **Create**.
**Result:**
Your cluster is created and assigned a state of **Provisioning.** Rancher is standing up your cluster.
**Result:** Your cluster is created and assigned a state of **Provisioning.** Rancher is standing up your cluster.
You can access your cluster after its state is updated to **Active.**
@@ -149,3 +130,18 @@ You can access your cluster after its state is updated to **Active.**
- `Default`, containing the `default` namespace
- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces
# Role-based Access Control
Upon registering or importing a cluster won't work without RBAC enabled.
# AKS Cluster Configuration Reference
For more information about how to configure AKS clusters from the Rancher UI, see the [configuration reference.]({{<baseurl>}}/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference)
# Syncing
The GKE provisioner can synchronize the state of a GKE cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.]({{<baseurl>}}/rancher/v2.6/en/cluster-admin/editing-clusters/syncing)
For information on configuring the refresh interval, see [this section.]({{<baseurl>}}/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/#configuring-the-refresh-interval)