This deployment guide shows you how to set up an Azure Kubernetes Service (AKS) cluster on which Coder can deploy.
You must have an Azure account and paid subscription.
Please make sure that you have the
installed on your machine and that you've logged in (run
az login and follow
Create a resource group:
az group create \ --resource-group "$RESOURCE_GROUP" \ --location "$LOCATION"
If this is successful, Azure returns information about your resource group. Pay
attention to the
You will need the hash provided (i.e.,
3afe...d2d) when creating your cluster.
Set two additional environment variables for your cluster name and subscription ID:
At this point, you're ready to create your cluster. Please note that:
az extension add --name aks-preview
az ad sp create-for-rbac --skip-assignment, then setting the
Standard_B8msinstance; depending on your needs, you can choose a larger size instead. See requirements for help estimating your cluster size.
To create the Azure Kubernetes Service Cluster:
az aks create \ --name "$CLUSTER_NAME" \ --resource-group "$RESOURCE_GROUP" \ --subscription "$SUBSCRIPTION" \ --generate-ssh-keys \ --enable-addons http_application_routing \ --enable-cluster-autoscaler \ --location "$LOCATION" \ --max-count 10 \ --min-count 2 \ --node-vm-size Standard_B8ms \ --network-plugin "kubenet" \ --network-policy "calico"
However, you can only choose Calico as your network policy option when you create the cluster; you cannot enable Calico on an existing cluster.
This process might take some time (~5-20 minutes), but if you're successful, Azure returns a JSON object with your cluster information.
After deploying your AKS cluster, configure kubectl to point to your cluster:
az aks get-credentials --name "$CLUSTER_NAME" --resource-group $RESOURCE_GROUP"
You should get a message similar to the following if this is successful:
Merged "<YOUR_CLUSTER_NAME>" as current context in /Users/<YOUR_USER>/.kube/config
You can configure AKS to use both Azure Active Directory (AD) and Kubernetes Role-Based Access Control (RBAC) to limit access to cluster resources based on the user's identity or group membership. You can create groups and users in AD, then define roles to assign to users with role bindings via RBAC.
For more information, see:
At this point, you're ready to proceed to installation.