This deployment guide shows you how to set up an Azure Kubernetes Service (AKS) cluster on which Coder can deploy.
You must have an Azure account and paid subscription.
Please make sure that you have the
installed on your machine and that you've logged in (run
az login and follow
Create a resource group:
az group create \ --resource-group "$RESOURCE_GROUP" \ --location "$LOCATION"
If this is successful, Azure returns information about your resource group. Pay
attention to the
You will need the hash provided (i.e.,
3afe...d2d) when creating your cluster.
Set two additional environment variables for your cluster name and subscription ID:
Create the Azure Kubernetes Service Cluster:
You may have to run `az extension add --name aks-preview` # You may also need to create a service principal manually using `az ad sp create-for-rbac --skip-assignment`, then setting the --service-principal and --client-secret flags az aks create \ --name "$CLUSTER_NAME" \ --resource-group "$RESOURCE_GROUP" \ --subscription "$SUBSCRIPTION" \ --generate-ssh-keys \ --enable-addons http_application_routing \ --enable-cluster-autoscaler \ --location "$LOCATION" \ --max-count 10 \ --min-count 2 \ --node-vm-size Standard_B8ms \ --network-plugin "kubenet" \ --network-policy "calico"
However, you can only choose Calico as your network policy option when you create the cluster; you cannot enable Calico on an existing cluster.
This process might take some time (~5-20 minutes), but if you're successful, Azure returns a JSON object with your cluster information.
After deploying your AKS cluster, configure kubectl to point to your cluster:
az aks get-credentials --name "$CLUSTER_NAME" --resource-group $RESOURCE_GROUP"
You should get a message similar to the following if this is successful:
Merged "<YOUR_CLUSTER_NAME>" as current context in /Users/<YOUR_USER>/.kube/config
You can configure AKS to use both Azure Active Directory (AD) and Kubernetes Role-Based Access Control (RBAC) to limit access to cluster resources based on the user's identity or group membership. You can create groups and users in AD, then define roles to assign to users with role bindings via RBAC.
For more information, see:
At this point, you're ready to proceed to Installation.