Azure Kubernetes Service

Useful Links

• Sign in with Azure CLI

• QuickStart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal

• Create an ingress controller in Azure Kubernetes Service (AKS)

Prerequisites

If you don't have an Azure subscription, create an Azure free account before you begin.

• The identity you're using to create your cluster has the appropriate minimum permissions. For more details on access and identity for AKS, see Access and identity options for Azure Kubernetes Service (AKS).

• You should also have kubectl and helm installed on your terminal application. You can also use the Azure Cloud Shell which will come with these utilities pre-installed.

• If you plan to use your local terminal you will need to Sign in with the Azure CLI before we can connect to our cluster.

Create an AKS cluster

1. Sign in to the Azure portal.

2. On the Azure portal menu or from the Home page, select Create a resource.

3. Select Containers > Kubernetes Service.

4. On the Basics page, configure the following options:

   • Project details:

     • Select an Azure Subscription.

     • Select or create an Azure Resource group, such as myResourceGroup.
   • Cluster details:

     • Ensure the the Preset configuration is Standard ($$). For more details on preset configurations, see Cluster configuration presets in the Azure portal.

     • Enter a Kubernetes cluster name, such as myAKSCluster.

     • Select a Region for the AKS cluster, and leave the default value selected for Kubernetes version.

     • Select 99.5% for API server availability.
   • Primary node pool:

     • Leave the default values selected
5. Select Next: Node pools when complete.

6. Keep the default Node pools options. At the bottom of the screen, click Next: Access.

7. On the Access page, configure the following options:

   • The default value for Resource identity is System-assigned managed identity. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. For more details about managed identities, see What are managed identities for Azure resources?

   • The Kubernetes role-based access control (RBAC) option is the default value to provide more fine-grained control over access to the Kubernetes resources deployed in your AKS cluster.

   • By default, Basic networking is used, and Container insights is enabled.

8. Click Review + create. When you navigate to the Review + create tab, Azure runs validation on the settings that you have chosen. If validation passes, you can proceed to create the AKS cluster by selecting Create. If validation fails, then it indicates which settings need to be modified.

9. It takes a few minutes to create the AKS cluster. When your deployment is complete, navigate to your resource by either:

   • Selecting Go to resource, or

   • Browsing to the AKS cluster resource group and selecting the AKS resource. In this example you browse for myResourceGroup and select the resource myAKSCluster.

Connect to the Cluster

1. To perform these operations in a local shell installation:

2. Configure kubectl to connect to your Kubernetes cluster using the az aks get-credentials command. The following command downloads credentials and configures the Kubernetes CLI to use them.

az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

3. Verify the connection to your cluster using kubectl get to return a list of the cluster nodes.

kubectl get nodes

Output shows the single node created in the previous steps. Make sure the node status is Ready:

NAME                                STATUS   ROLES   AGE   VERSION
aks-agentpool-12345678-vmss000000   Ready    agent   23m   v1.19.11
aks-agentpool-12345678-vmss000001   Ready    agent   24m   v1.19.11

Create Ingress Controller

An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual Kubernetes services.

1. Download the above zip file to a directory onto your system, then use the following command to unzip the contents to a directory.

## Unzip to a folder called azure-k8s
unzip azure-k8s-helm-deployment.zip -d ./azure-k8s

## Change directory to the extracted folder
cd azure-k8s

## Run the ingress controller installation script.
bash scripts/ingress-controller.sh

Deploy Form.io Application

In this section we will be using kubectl and helm to create deployment to a namespace on our AKS cluster. Since this is an Azure deployment we will be using Azure Blob Storage for our PDF uploads, Cosmos DB for our NoSQL database solution.

1. Copy the .example.env to .env then edit the contents with your deployment settings.

## Copy the contents of .example.env to .env
cp .example.env .env

3. Next create an apps/ directory in the root of this project folder. This will be where we unpack helm charts to create deployments from.

4. Next step is to run the deployment scripts(s). This can be done with 1 deployment script or by running each script separately. Each script will prompt the user for information related to that scripts purpose.

   • Run the single script can be running bash scripts/deploy.sh

   • Run each individual script. Follow the code block below. See the README.md that was included with the zip file for details about each script.

## 1. Create a helm package version
bash scripts/pack.sh
### Will be prompted for...
# Enter APP_VERSION: 7.4.2__3.4.0
# Enter CHART_VERSION: 1.0.3

## 2. Unpack the contents of the version
bash scripts/unpack.sh
### Will be prompted for...
# Enter SOURCE_PATH: ./versions/formio-1.0.3.tgz
# Enter DEST_PATH: ./apps

## 3. Deploy the Chart
bash scripts/upgrade.sh 
### Will be prompted for...
# Enter NAMESPACE: formio-dev
# Enter PATH_TO_CHART: ./apps/formio

5. When this has finished successfully you will see an terminal output for all of the services in this deployment.

6. If the deployment is NOT showing on the domain that you configured as the BASE_URL environment variable you will most likely need to configure the DNS records. For this tutorial, we used Cloudflare, but can also be done with AWS Route 53.