Kubernetes via Azure Container Service Testing and Notes
There are a number of components to a successful large scale deployment of AKS, this section will cover the prerequisites
The following applications should be installed locally.
- azure-cli
- kubectl
- kubectx
- terraform
- helm
- draft (potentially)
The platform engineers who are responsible for this deployment should have at least the following permissions:
- To install local apps (see above) and manage their local hostfile
- To define and configure DNS A records, SSL certs
- To create an Application SPN in Azure AD and grant that SPN permissions to the subscription (or have it done for you)
AKS will have RBAC enabled by default - this means that any failures from Helm charts or deployments should be investigated first in the context of authorisation. Specifically, helm
requires either a service account created ahead of time, or to specify the usage of default
- and traefik
must be deployed after one has created a cluster-admin
role, for the deployment's rbac.enabled=true
setting to function properly.
Additionally, HEAPSTER
will not work properly unless the cluster role binding for the Heapster service account is configured and the Metrics Server (https://github.com/kubernetes-incubator/metrics-server
) is installed onto the cluster.
az account set -s $(az account list --query "[0].id")