c12s-kubespray/docs/azure.md

111 lines
4.8 KiB
Markdown
Raw Permalink Normal View History

2019-12-04 15:22:57 +00:00
# Azure
2016-11-29 09:20:28 +00:00
To deploy Kubernetes on [Azure](https://azure.microsoft.com) uncomment the `cloud_provider` option in `group_vars/all/all.yml` and set it to `'azure'`.
2016-11-29 09:20:28 +00:00
All your instances are required to run in a resource group and a routing table has to be attached to the subnet your instances are in.
Not all features are supported yet though, for a list of the current status have a look [here](https://github.com/Azure/AKS)
2016-11-29 09:20:28 +00:00
2019-12-04 15:22:57 +00:00
## Parameters
2016-11-29 09:20:28 +00:00
Before creating the instances you must first set the `azure_` variables in the `group_vars/all/all.yml` file.
2016-11-29 09:20:28 +00:00
2019-12-04 15:22:57 +00:00
All of the values can be retrieved using the azure cli tool which can be downloaded here: <https://docs.microsoft.com/en-gb/azure/xplat-cli-install>
After installation you have to run `az login` to get access to your account.
2016-11-29 09:20:28 +00:00
### azure_cloud
Azure Stack has different API endpoints, depending on the Azure Stack deployment. These need to be provided to the Azure SDK.
Possible values are: `AzureChinaCloud`, `AzureGermanCloud`, `AzurePublicCloud` and `AzureUSGovernmentCloud`.
The full list of existing settings for the AzureChinaCloud, AzureGermanCloud, AzurePublicCloud and AzureUSGovernmentCloud
is available in the source code [here](https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/docs/cloud-provider-config.md)
2019-12-04 15:22:57 +00:00
### azure\_tenant\_id + azure\_subscription\_id
2016-11-29 09:20:28 +00:00
run `az account show` to retrieve your subscription id and tenant id:
2016-11-29 09:20:28 +00:00
`azure_tenant_id` -> Tenant ID field
`azure_subscription_id` -> ID field
2019-12-04 15:22:57 +00:00
### azure\_location
2016-11-29 09:20:28 +00:00
The region your instances are located, can be something like `westeurope` or `westcentralus`. A full list of region names can be retrieved via `az account list-locations`
2016-11-29 09:20:28 +00:00
2019-12-04 15:22:57 +00:00
### azure\_resource\_group
2016-11-29 09:20:28 +00:00
The name of the resource group your instances are in, can be retrieved via `az group list`
2016-11-29 09:20:28 +00:00
### azure\_vmtype
The type of the vm. Supported values are `standard` or `vmss`. If vm is type of `Virtual Machines` then value is `standard`. If vm is part of `Virtual Machine Scale Sets` then value is `vmss`
2019-12-04 15:22:57 +00:00
### azure\_vnet\_name
The name of the virtual network your instances are in, can be retrieved via `az network vnet list`
2016-11-29 09:20:28 +00:00
### azure\_vnet\_resource\_group
The name of the resource group that contains the vnet.
2019-12-04 15:22:57 +00:00
### azure\_subnet\_name
The name of the subnet your instances are in, can be retrieved via `az network vnet subnet list --resource-group RESOURCE_GROUP --vnet-name VNET_NAME`
2016-11-29 09:20:28 +00:00
2019-12-04 15:22:57 +00:00
### azure\_security\_group\_name
The name of the network security group your instances are in, can be retrieved via `az network nsg list`
2016-11-29 09:20:28 +00:00
### azure\_security\_group\_resource\_group
The name of the resource group that contains the network security group. Defaults to `azure_vnet_resource_group`
### azure\_route\_table\_name
The name of the route table used with your instances.
### azure\_route\_table\_resource\_group
The name of the resource group that contains the route table. Defaults to `azure_vnet_resource_group`
2019-12-04 15:22:57 +00:00
### azure\_aad\_client\_id + azure\_aad\_client\_secret
2016-11-29 09:20:28 +00:00
These will have to be generated first:
2019-12-04 15:22:57 +00:00
2016-11-29 09:20:28 +00:00
- Create an Azure AD Application with:
`az ad app create --display-name kubernetes --identifier-uris http://kubernetes --homepage http://example.com --password CLIENT_SECRET`
2019-10-02 11:41:07 +00:00
display name, identifier-uri, homepage and the password can be chosen
2016-11-29 09:20:28 +00:00
Note the AppId in the output.
- Create Service principal for the application with:
`az ad sp create --id AppId`
2016-11-29 09:20:28 +00:00
This is the AppId from the last command
- Create the role assignment with:
`az role assignment create --role "Owner" --assignee http://kubernetes --subscription SUBSCRIPTION_ID`
2016-11-29 09:20:28 +00:00
2019-10-02 11:41:07 +00:00
azure\_aad\_client\_id must be set to the AppId, azure\_aad\_client\_secret is your chosen secret.
2016-11-29 09:20:28 +00:00
2019-12-04 15:22:57 +00:00
### azure\_loadbalancer\_sku
Sku of Load Balancer and Public IP. Candidate values are: basic and standard.
2019-12-04 15:22:57 +00:00
### azure\_exclude\_master\_from\_standard\_lb
azure\_exclude\_master\_from\_standard\_lb excludes master nodes from `standard` load balancer.
2019-12-04 15:22:57 +00:00
### azure\_disable\_outbound\_snat
azure\_disable\_outbound\_snat disables the outbound SNAT for public load balancer rules. It should only be set when azure\_exclude\_master\_from\_standard\_lb is `standard`.
2019-12-04 15:22:57 +00:00
### azure\_primary\_availability\_set\_name
(Optional) The name of the availability set that should be used as the load balancer backend .If this is set, the Azure
cloudprovider will only add nodes from that availability set to the load balancer backend pool. If this is not set, and
multiple agent pools (availability sets) are used, then the cloudprovider will try to add all nodes to a single backend
pool which is forbidden. In other words, if you use multiple agent pools (availability sets), you MUST set this field.
2019-12-04 15:22:57 +00:00
### azure\_use\_instance\_metadata
2019-12-04 15:22:57 +00:00
Use instance metadata service where possible
## Provisioning Azure with Resource Group Templates
2016-11-29 09:20:28 +00:00
2017-02-17 19:27:38 +00:00
You'll find Resource Group Templates and scripts to provision the required infrastructure to Azure in [*contrib/azurerm*](../contrib/azurerm/README.md)