Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage clusters. In this quickstart, you deploy an AKS cluster using the Azure portal. A multi-container application that includes a web front end and a Redis instance is run in the cluster. You then see how to monitor the health of the cluster and pods that run your application.
This quickstart assumes a basic understanding of Kubernetes concepts. For more information, see Kubernetes core concepts for Azure Kubernetes Service (AKS).
If you don't have an Azure subscription, create a free account before you begin.
Sign in to Azure
Sign in to the Azure portal at https://portal.azure.com.
Create an AKS cluster
To create an AKS cluster, complete the following steps:
On the Azure portal menu or from the Home page, select Create a resource.
Select Containers > Kubernetes Service.
On the Basics page, configure the following options:
- Project details: Select an Azure Subscription, then select or create an Azure Resource group, such as myResourceGroup.
- Cluster details: Enter a Kubernetes cluster name, such as myAKSCluster. Select a Region, Kubernetes version, and DNS name prefix for the AKS cluster.
- Primary node pool: Select a VM Node size for the AKS nodes. The VM size can't be changed once an AKS cluster has been deployed. - Select the number of nodes to deploy into the cluster. For this quickstart, set Node count to 1. Node count can be adjusted after the cluster has been deployed.
Select Next: Scale when complete.
On the Scale page, keep the default options. At the bottom of the screen, click Next: Authentication.
Creating new AAD Service Principals may take multiple minutes to propagate and become available causing Service Principal not found errors and validation failures in Azure portal. If you hit this please visit here for mitigation.
On the Authentication page, configure the following options:
- Create a new service principal by leaving the Service Principal field with (new) default service principal. Or you can choose Configure service principal to use an existing one. If you use an existing one, you will need to provide the SPN client ID and secret.
- Enable the option for Kubernetes role-based access controls (RBAC). This will provide more fine-grained control over access to the Kubernetes resources deployed in your AKS cluster.
Alternatively, you can use a managed identity instead of a service principal. See use managed identities for more information.
By default, Basic networking is used, and Azure Monitor for containers is enabled. Click Review + create and then Create when validation completes.
It takes a few minutes to create the AKS cluster. When your deployment is complete, click Go to resource, or browse to the AKS cluster resource group, such as myResourceGroup, and select the AKS resource, such as myAKSCluster. The AKS cluster dashboard is shown, as in this example:
Connect to the cluster
To manage a Kubernetes cluster, you use kubectl, the Kubernetes command-line client. The
kubectl client is pre-installed in the Azure Cloud Shell.
Open Cloud Shell using the
>_ button on the top of the Azure portal.
kubectl to connect to your Kubernetes cluster, use the az aks get-credentials command. This command downloads credentials and configures the Kubernetes CLI to use them. The following example gets credentials for the cluster name myAKSCluster in the resource group named myResourceGroup:
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
To verify the connection to your cluster, use the kubectl get command to return a list of the cluster nodes.
kubectl get nodes
The following example output shows the single node created in the previous steps. Make sure that the status of the node is Ready:
NAME STATUS ROLES AGE VERSION aks-agentpool-14693408-0 Ready agent 15m v1.11.5
Run the application
A Kubernetes manifest file defines a desired state for the cluster, such as what container images to run. In this quickstart, a manifest is used to create all objects needed to run the Azure Vote application. This manifest includes two Kubernetes deployments - one for the sample Azure Vote Python applications, and the other for a Redis instance. Two Kubernetes Services are also created - an internal service for the Redis instance, and an external service to access the Azure Vote application from the internet.
In this quickstart, you manually create and deploy your application manifests to the AKS cluster. In more real-world scenarios, you can use Azure Dev Spaces to rapidly iterate and debug your code directly in the AKS cluster. You can use Dev Spaces across OS platforms and development environments, and work together with others on your team.
In the Cloud Shell, use an editor to create a file named
azure-vote.yaml, such as
nano azure-vote.yaml or
vi azure-vote.yaml. Then copy in the following YAML definition:
apiVersion: apps/v1 kind: Deployment metadata: name: azure-vote-back spec: replicas: 1 selector: matchLabels: app: azure-vote-back template: metadata: labels: app: azure-vote-back spec: nodeSelector: "beta.kubernetes.io/os": linux containers: - name: azure-vote-back image: redis resources: requests: cpu: 100m memory: 128Mi limits: cpu: 250m memory: 256Mi ports: - containerPort: 6379 name: redis --- apiVersion: v1 kind: Service metadata: name: azure-vote-back spec: ports: - port: 6379 selector: app: azure-vote-back --- apiVersion: apps/v1 kind: Deployment metadata: name: azure-vote-front spec: replicas: 1 selector: matchLabels: app: azure-vote-front template: metadata: labels: app: azure-vote-front spec: nodeSelector: "beta.kubernetes.io/os": linux containers: - name: azure-vote-front image: microsoft/azure-vote-front:v1 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 250m memory: 256Mi ports: - containerPort: 80 env: - name: REDIS value: "azure-vote-back" --- apiVersion: v1 kind: Service metadata: name: azure-vote-front spec: type: LoadBalancer ports: - port: 80 selector: app: azure-vote-front
Deploy the application using the kubectl apply command and specify the name of your YAML manifest:
kubectl apply -f azure-vote.yaml
The following example output shows the Deployments and Services created successfully:
deployment "azure-vote-back" created service "azure-vote-back" created deployment "azure-vote-front" created service "azure-vote-front" created
Test the application
When the application runs, a Kubernetes service exposes the application front end to the internet. This process can take a few minutes to complete.
To monitor progress, use the kubectl get service command with the
kubectl get service azure-vote-front --watch
Initially the EXTERNAL-IP for the azure-vote-front service is shown as pending.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE azure-vote-front LoadBalancer 10.0.37.27 <pending> 80:30572/TCP 6s
When the EXTERNAL-IP address changes from pending to an actual public IP address, use
CTRL-C to stop the
kubectl watch process. The following example output shows a valid public IP address assigned to the service:
azure-vote-front LoadBalancer 10.0.37.27 18.104.22.168 80:30572/TCP 2m
To see the Azure Vote app in action, open a web browser to the external IP address of your service.
Monitor health and logs
When you created the cluster, Azure Monitor for containers was enabled. This monitoring feature provides health metrics for both the AKS cluster and pods running on the cluster.
It may take a few minutes for this data to populate in the Azure portal. To see current status, uptime, and resource usage for the Azure Vote pods, browse back to the AKS resource in the Azure portal, such as myAKSCluster. You can then access the health status as follows:
- Under Monitoring on the left-hand side, choose Insights
- Across the top, choose to + Add Filter
- Select Namespace as the property, then choose <All but kube-system>
- Choose to view the Containers.
The azure-vote-back and azure-vote-front containers are displayed, as shown in the following example:
To see logs for the
azure-vote-front pod, select the View container logs from the drop down of the containers list. These logs include the stdout and stderr streams from the container.
When the cluster is no longer needed, delete the cluster resource, which deletes all associated resources. This operation can be completed in the Azure portal by selecting the Delete button on the AKS cluster dashboard. Alternatively, the az aks delete command can be used in the Cloud Shell:
az aks delete --resource-group myResourceGroup --name myAKSCluster --no-wait
When you delete the cluster, the Azure Active Directory service principal used by the AKS cluster is not removed. For steps on how to remove the service principal, see AKS service principal considerations and deletion. If you used a managed identity, the identity is managed by the platform and does not require removal.
Get the code
In this quickstart, pre-created container images were used to create a Kubernetes deployment. The related application code, Dockerfile, and Kubernetes manifest file are available on GitHub.
In this quickstart, you deployed a Kubernetes cluster and deployed a multi-container application to it.
To learn more about AKS, and walk through a complete code to deployment example, continue to the Kubernetes cluster tutorial.