Azure AKS Hands-On Labs - Creating a private cluster using Azure CNI mode overlay

Azure AKS Hands-On Labs - Creating a private cluster using Azure CNI mode overlay

Azure Learning Path for Cloud and DevOps Engineers

Francisco Souza's photo
Francisco Souza
·

4 min read

Table of contents

📝Introduction

In this hands-on lab, we will guide for creating an Azure Kubernetes Service (AKS) private cluster using Azure CNI mode overlay.

Learning objectives:

In this module, you'll learn how to:

  • Create a virtual network and a subnet where the AKS cluster will be deployed

  • Create an NSG and configure rules to allow necessary traffic between nodes and pods

  • Associate the NSG with the subnet created earlier

  • Create an AKS cluster with Azure CNI Overlay networking mode

📝Log in to the Azure Management Console

Using your credentials, make sure you're using the right Region. In my case, I am using the region uksouth in my Cloud Playground Sandbox.

📌Note: You can also use the VSCode tool or from your local Terminal to connect to Azure CLI

More information on how to set it up is at the link.

📝Prerequisites:

  • Update to PowerShell 5.1, if needed.

  • Install .NET Framework 4.7.2 or later.

  • Visual Code

  • Web Browser (Chrome, Edge)

  • Azure CLI installed

  • Azure subscription

  • Docker installed

📝Setting an Azure Storage Account to Load Bash or PowerShell

  • Click the Cloud Shell icon (>_) at the top of the page.

  • Click PowerShell.

  • Click Show Advanced Settings. Use the combo box under Cloud Shell region to select the Region. Under Resource Group and Storage account(It's a globally unique name), enter a name for both. In the box under File Share, enter a name. Click ***Create storage (***if you don't have any yet).

📝Create a Resource Group

  1. Let's to create a Resource Group and some variables to be used.

     #Variable created to some resources
 $rg=<resourcr-groupname>
 $location=<region-name>

 az group create -n $rg -l $location

📝Create a Virtual Network and Subnet

  1. Let's to create some variables to be used and the vNet and Subnet.

     #Variable created to some resources
 $vnet=<vnet-name>
 $subnet=<subnet-name>

 az network vnet create -g $rg -n $vnet --address-prefix 10.0.0.0/8 --subnet-name $subnet --subnet-prefix 10.240.0.0/16

📝Create Network Security Groups (NSGs)

  1. Let's to create some variables to be used and the NSGs.

     #Variable created to some resources
 $nsg=<nsg-name>
 $subnet=<subnet-name>

 az network nsg create -g $rg -n $nsg
 az network nsg rule create -g $rg --nsg-name $nsg --name AllowInternalTraffic --priority 1000 --source-address-prefixes 10.0.0.0/8 --destination-address-prefixes 10.0.0.0/8 --access Allow --protocol '*' --direction Inbound

📝Associate NSG with Subnet

  1. Let's to associate the NSG to the Subnet.

     az network vnet subnet update -g $rg --vnet-name $vnet --name $subnet --network-security-group $nsg

📝Create a private AKS Cluster

  1. Let's to create some variables to be used and the following command to create an AKS cluster with Azure CNI Overlay networking.

     #Variable created to some resources
 $aks=<aks-name>

 az aks create -g $rg -n $aks \
   --vnet-subnet-id $(az network vnet subnet show -g $rg --vnet-name $vnet --name $subnet --query id -o tsv) \
   --network-plugin azure \
   --network-plugin-mode overlay \
   --pod-cidr 192.168.0.0/16 \
   --enable-private-cluster \
   --enable-managed-identity \
   --node-count 2 \
   --generate-ssh-keys

📝Connect to a Private AKS Cluster

  1. The access to a private AKS cluster from the cluster virtual network, a peered network, or a configured private endpoint require configuring a VPN, Express Route, deploying a jumpbox within the cluster virtual network, or creating a private endpoint inside of another virtual network.

    The command invoke can be used by the Azure CLI to access private clusters without the need to configure a VPN or Express Route. command invoke allows us to remotely invoke commands, like kubectl and helm, on our private cluster through the Azure API without directly connecting to the cluster.

    More details on this link.

     #Run multiple commands on the command invoke
 az aks command invoke -g $rg -n $aks --command "kubectl get nodes && kubectl get ns"
 az aks command invoke -g $rg -n $aks --command "kubectl get nodes && kubectl get po"

 #Run commands with all files in the current directory attached
 az aks command invoke -g $rg -n $aks --command "kubectl apply -f <file-name>.yaml" --file <file-name>.yaml

📌Note - At the end of each hands-on Lab, always clean up all resources previously created to avoid being charged.

Congratulations — you have completed this hands-on lab covering the basics of Creating a private AKS cluster using Azure CNI mode overlay.

Thank you for reading. I hope you understood and learned something helpful from my blog.

Please follow me on Cloud&DevOpsLearn and LinkedIn, franciscojblsouza

CloudCloud ComputingaksAKS,Azure kubernetes servicesKubernetesDevops