iShare: Deploy application to Azure Kubernetes Service (AKS)

In this post, I will be discussing how to deploy an application from an Azure Container Registry (ACR) to Azure Kubernetes Service (AKS). The recipe for storing applicaiton image to ACR is discussed in Storing image to the Azure Container Registry (ACR). This post is part of the Azure Kubernetes Service (AKS) Deployment Recipes.

The first step to deploy application to AKS is to get Azure Service Principal. When I use Azure command line interface (CLI) interactively (such as from PowerShell), I am actually using my credentials to login to the azure and then interact with the Azure services. For applications, I could register am application in Azure AD, i.e., create identity for an application or a service principal. Thus a service principal is identity of application similar to a user. I can create such a service principal with the Az ad sp create-for-rbac command.

It may take few seconds to complete the request and azure should return with the identity information of the created service principal which I will note down for later use as appId and password will be used authenticate the service with Azure in the later steps.

{
"appId": "e36d80f2-3462-402d-9782-81144978dc03",
"displayName": "azure-cli-2020-10-18-19-37-49",
"name": "http://azure-cli-2020-10-18-19-37-49",
"password": "o0Ryfiy5dyaeF~KgKY8-PMA_VcfkEwc.3K",
"tenant": "fc0b9234-6aeb-43f8-9e70-5a4ee6dc849a"
}

To access the stored images from the ACR, I must grant AKS service principal the necessary rights. I will get the id of the ACR resource and store this into variable $acrId = az acr show -n livestreaming --resource-group livestreaming --query "id" -o tsv

Next, I intend to grant the reader role to the AKS cluster with Az role assignment create --assignee “e36d80f2-3462-402d-9782-81144978dc03” --role Reader --scope $acrId using the id of the service principal I had created earlier.

Since I have now added a role to Service Principal, I created earlier any application with the service principal can get the image from the ACR. Next, I am going to create AKS cluster by specifying a name of ‘livestreaming”, into resource group of “livestreaming”, and desired node count of 1. I am also instructing Azure to generate ssh keys and by specifying id and password of the Service Principal that I created earlier.

Az aks create --name livestreaming --resource-group livestreaming --node-count 1 --generate-ssh-keys --service-principal "e36d80f2-3462-402d-9782-81144978dc03" --client-secret "o0Ryfiy5dyaeF~KgKY8-PMA_VcfkEwc.3K"

It may take a few seconds to complete at which time my cluster has been created and deployed. Now I am ready to use AKS using kubectl cli. First, I am going to get the AKS credentials by specifying name and resource group which both in my case is ‘livestreaming’.

az aks get-credentials --name livestreaming -g livestreaming

Now if I peek into the Kubernetes cluster’s config running into my local machine, I can see find the reference of the AKS cluster in my config using the following command:

cat C:\users\benktesh\.kube\config | sls "livestreaming"

I can now verify that the node is running in the AKS by trying to find the nodes using kubectl get nodes which returns a single node named “aks-nodepool1-11912651-vmss000000” confirming the AKS cluster.

Now that the cluster is ready, I can deploy the application to the AKS. Now let’s modify the Kube.yml file to and modify the following elements and save the yml file:

Change the image name to reflect the login server livestreaming.azurecr.io/livesreaming:v1. The details of the login server can be obtained by executing az acr list -g livestreaming -o table command.
Change the service type as ‘LoadBalancer’ from ‘NodePort’

The above changes will ensure that the image is pulled from the ACR and request to the application is routed through a load balancer.

With these changes I can deploy using the kubectl apply command that I used to deploy the application to local AKS cluster using the steps described Deploying to Kubernetes.

The above changes will ensure that the image is pulled from the ACR and request to the application is routed through a load balancer. With these changes I can deploy using the kubectl apply command that I used to deploy the application to local AKS cluster in the article. I am going to run kubectl apply -f Kube.yml to deploy the application to the AKS and then run kubectl get svc to get the list of services.

The External IP for the deployed application will be available after which I can browse to my application in the AKS. When I browse to the external IP listed for the service, I can see my application's user interface. This confirms that I ahve successfully deployed my application to the AKS.