This walk-through will detail the technical configurations for using vRA Code Stream to deploy AWS EKS Clusters, register them as Kubernetes endpoints in vRA Cloud Assembly and Code Stream, and finally register the newly created cluster in Tanzu Mission Control.
This post mirrors my original blog post on using vRA to deploy AWS EKS clusters.
Requirement
Tanzu Mission Control has some fantastic capabilities, including the ability to deploy Tanzu Kubernetes Clusters to various platforms (vSphere, AWS, Azure). However today there is no support to provision native Azure AKS clusters, it can however manage most Kubernetes distributions.
Therefore, when I was asked about where VMware could provide such capabilities, my mind turned to the ability to deploy the clusters using vRA Code Stream and provide additional functions on making these AKS clusters usable.
High Level Steps
- Create a Code Stream Pipeline
- Create an Azure AKS Cluster
- Create AKS cluster as endpoint in both Code Stream and Cloud Assembly
- Register AKS cluster in Tanzu Mission Control
- Export the SSH keys for the AKS cluster to the docker host.
- See this blog post for this bit!
Pre-Requisites
- vRA Cloud access
- The pipeline can be changed easily for use with vRA on-prem
- Azure Account that can provision AKS clusters
- And basic knowledge of deploying AKS cluster
- This is a good beginners guide if you need
- You will need to create a Service Principal that the Azure CLI tool can login with
- A Docker host to be used by Code Stream
- Ability to run the container image: mcr.microsoft.com/azure-cli
- Tanzu Mission Control account that can register new clusters
- VMware Cloud Console Tokens for vRA Cloud and Tanzu Mission Control API access
- The configuration files for the pipeline can be found in this GitHub repository
Creating a Code Stream Pipeline to deploy a Azure AKS Cluster and register the endpoints with vRA and Tanzu Mission Control
Create the variables to be used
First, we will create several variables in Code Stream, you could change the pipeline tasks to use inputs instead if you wanted.
- Create as regular variable
- aks-tmc-url
- This is your Tanzu Mission Control URL
- aks-tmc-url
- Create as secret
- aks-tmc-token
- VMware Cloud Console token for access to use Tanzu Mission Control
- aks-vra-token
- VMware Cloud Console token for access to use vRealize Automation Cloud
- aks_app_id
- This is from your service principal creation
- aks_app_password
- This is from your service principal creation
- aks_tennant_id
- This is your Azure tenant ID where you have registered the service principal
- aks-tmc-token
Import the “Deploy AKS Cluster” pipeline
Create (import) the pipeline in Code Stream. (File here). Set line two to your project name then click import.
Open the pipeline, so that we can now configure the necessary items for your infrastructure.
On the Input tab, change the defaults as necessary. I’ve aimed to make the descriptions as useful as possible.
On the Workspace tab, select your Docker Host to use.
On the Model tab, select each task and click the validate button, ensure you get a green tick. If there are any errors displayed, resolve them. Usually, it’s the referenced variable names do not match.
To be able to access the SSH keys created for the AKS please follow this blog post to alter the pipeline.
You can also explore each of the tasks and make any changes you feel necessary. I wrote a blog post here on extracting files created by a CI Task and email notifications.
When you are happy, click save on the bottom left and enable the pipeline.
Running the pipeline
Now the pipeline is enabled, you will be able to run the pipeline.
Provide the details for the inputs.
Click to view the running execution of the pipeline either on the Executions page, or from the little green dialog box that appears if you ran the pipeline from within the pipeline editing view.
Below you can see the output of the first stage and task running. You can click each stage and task to see the progress and outputs from running the commands. Once the pipeline has completed, you’ll see an output all green and the completed message.
And finally, you’ll have the following items created and configured.
- Azure AKS Cluster
- Cloud Assembly – External Kubernetes Endpoint
- Code Stream – Kubernetes Endpoint
- Tanzu Mission Control – Kubernetes cluster attached
- Optional: the SSH keys generated for the nodes available on the docker host.
Wrap up
So this blog post is very similar to my previous on for deploying AWS EKS resources using vRA. There are a few changes under the hood to make this method work for AKS, and in a separate blog post I’ve also looked at how you access the files created from your CI tasks as well.
Hopefully this was helpful.
Regards