Creating an AKS Cluster for RTF with API People

Creating an AKS Cluster for RTF

by
Documentation

Installation of Anypoint Runtime Fabric on an Azure Kubernetes Service using the Application Gateway Ingress Controller (Part 1/3)

This is the first part of a series of three blog posts to cover the installation of Runtime Fabric (RTF) on an Azure Kubernetes Service (AKS). The following diagram describes the result of this series of posts. We are looking for an end-to-end TLS setup with RTF running on AKS with Azure Application Gateway acting as the Ingress Controller for our Kubernetes cluster.

Creating an AKS Cluster for RTF diagram api people

Prerequisites

  • An Azure Subscription with contributor access with enough permission to install and manage an AKS environment. It will be used to install the AKS and get the credentials to your Kubernetes cluster.
  • Azure CLI is requested. For more information on how to install it, see here.

Install AKS

This section will describe the step-by-step process of creating an AKS cluster in your Azure subscription.

Step 1

The first step in creating your AKS cluster is to log into your Azure from a command line:

az login #If needed use --use-device-code to login from a browser

You will see an output similar to the following:

[
 {
   "cloudName": "AzureCloud",
   "homeTenantId": "<your-tenant-id>",
   "isDefault": true,
   "name": "<your-subscription-name",
   "state": "Enabled",
   "tenantId": "<your-tenant-id>",
   "user": {
     "name": "<your-user-email>",
     "type": "user"
   }
 }
]

Step 2

Once you are logged in, you can list all the subscriptions available to your user using the command line:

az account subscription list

It might be requested you install an az command line extension to run the az account subscription.

The output will look similar to the following. Important to note the displayName or subscriptionId fields:

[
 {
   "authorizationSource": "RoleBased",
   "displayName": "Azure Development Subscription",
   "id": "/subscriptions/<your-subscription-id>",
   "state": "Enabled",
   "subscriptionId": "<your-subscription-id>",
   "subscriptionPolicies": {
     "locationPlacementId": "Public_2014-09-01",
     "quotaId": "PayAsYouGo_2014-09-01",
     "spendingLimit": "Off"
   }
 }
]

Step 3

You can now select the subscription to be used as follows:

#az account set --subscription <name or id>
az account set --subscription "Azure DevelopmentSubscription"

Step 4

With the correct user logged in and the right subscription associated with your command line session, you can set some shell variables and run the command line to create your AKS cluster and the resources associated with it.

#!/bin/bash
# Resource Variables
location="eastus"           # Region within Azure location
resourceGroup="rg-aks-demo" # Resource Group name to be used
aksCluster="aks-demo"       # AKS Cluster name

# Configuration Variables
aksNodeCount="1"               # For demo purpose 1, for production at least 3
aksKubernetesVersion="1.24.10" # Latest version supported by RTF without issues
with AKS
aksVmSize="Standard_B4ms"      # Standard VM size is Standard_DS2_v2
appGw="app-gw-demo"            # Azure App Gateway name
subnetCidr="10.225.0.0/16"     # Base CIDR for AKS subnet

# Reference link for the ingress commands: https://learn.microsoft.com/pt-br/azure/application-gateway/tutorial-ingress-controller-add-on-new
# If the AKS instance already exists, you can use the following link: https:/learn.microsoft.com/pt-br/azure/application-gateway/tutorial-ingress-controller-add-on-existing
az group create --name $resourceGroup --location $location

# Create AKS cluster
az aks create --name $aksCluster \
 --resource-group $resourceGroup \
 --node-count $aksNodeCount \
 --kubernetes-version $aksKubernetesVersion \
 --node-vm-size $aksVmSize \
 --network-plugin azure \
 --enable-managed-identity \
 -a ingress-appgw \
 --appgw-name $appGw \
 --appgw-subnet-cidr $subnetCidr \
 --generate-ssh-keys

# Get Kubernetes context for kubectl commands
az aks get-credentials -n $aksCluster -g $resourceGroup --overwrite-existing

This will create a basic AKS cluster with the following notes:

  • Application Gateway Ingress Controller (AGIC) Helm is installed behind the scenes in your cluster because of the appgw properties provided in CLI.
  • An Azure Application Gateway will be created by Azure to be used by your cluster. It will be located in a supplementary resource group, where additional resources are created to support the AKS cluster.
  • The network type used for this subnet is Azure.
  • Customize the variables to match your needs. In this case, we are just creating a basic cluster setup for demo purposes.
  • At least two resource groups will be created in your Azure subscription. The one referenced by the script with the AKS cluster and a second one automatically generated by Azure, which contains all the other resources to support your AKS.

Important notes

  • Runtime Fabric now supports version 1.25, but there’s a resource allocation bug with RTF, which makes it not recommended for AKS until further notice.
  • In this demo, we are using just one node count, but for the production environment, it is recommended to use at least three.
  • If you are running in a limited environment, you might need to request your IT team to help you with the network requirements described here.

This process can be fully automated in Azure using ARM templates or Bicep templates or Terraform with no need for scripting.

More in this series

References

Guilherme is an Integration Solution Architect at API People. Based in Curitiba, Paraná, Brazil, he has over 10 years experience in different spaces, from VoIP-embedded systems and network switches to MuleSoft APIs/Integrations. He is a MuleSoft Certified Developer 4, MuleSoft Certified Integration Architect, and a certified Azure Date Engineer..

Comments are closed.