Azure Arc-enabled Kubernetes agent overview
Kubernetes can deploy containerized workloads consistently on hybrid and multi-cloud environments. Azure Arc-enabled Kubernetes provides a centralized, consistent control plane to manage policy, governance, and security across Kubernetes clusters on these heterogenous environments. This article provides an overview of the Azure Arc agents deployed on the Kubernetes clusters as part of connecting the cluster to Azure Arc.
Deploy agents to your cluster
Most on-prem datacenters enforce strict network rules that prevent inbound communication on the network boundary firewall. Azure Arc-enabled Kubernetes works with these restrictions by not requiring inbound ports on the firewall. Azure Arc agents only require outbound communication to a prerequisite list of network endpoints.
The following steps are involved in connecting a Kubernetes cluster to Azure Arc:
Create a Kubernetes cluster on your choice of infrastructure (VMware vSphere, Amazon Web Services, Google Cloud Platform, etc.).
Note
Since Azure Arc-enabled Kubernetes currently only supports attaching existing Kubernetes clusters to Azure Arc, customers are required to create and manage the lifecycle of the Kubernetes cluster themselves.
Start the Azure Arc registration for your cluster using Azure CLI.
Azure CLI uses Helm to deploy the agent Helm chart on the cluster.
The cluster nodes initiate an outbound communication to the Microsoft Container Registry and pull the images needed to create the following agents in the
azure-arcnamespace:Agent Description deployment.apps/clusteridentityoperatorAzure Arc-enabled Kubernetes currently supports only system assigned identities. clusteridentityoperatorinitiates the first outbound communication. This first communication fetches the Managed Service Identity (MSI) certificate used by other agents for communication with Azure.deployment.apps/config-agentWatches the connected cluster for source control configuration resources applied on the cluster. Updates the compliance state. deployment.apps/controller-managerAn operator of operators that orchestrates interactions between Azure Arc components. deployment.apps/metrics-agentCollects metrics of other Arc agents to verify optimal performance. deployment.apps/cluster-metadata-operatorGathers cluster metadata, including cluster version, node count, and Azure Arc agent version. deployment.apps/resource-sync-agentSyncs the above-mentioned cluster metadata to Azure. deployment.apps/flux-logs-agentCollects logs from the flux operators deployed as a part of source control configuration. deployment.apps/extension-managerInstalls and manages lifecycle of extension helm charts deployment.apps/kube-aad-proxyUsed for authentication of requests sent to the cluster using Cluster Connect deployment.apps/clusterconnect-agentReverse proxy agent that enables Cluster Connect feature to provide access to apiserverof cluster. Optional component deployed only ifcluster-connectfeature is enabled on the clusterdeployment.apps/guardAuthentication and authorization webhook server used for AAD RBAC feature. Optional component deployed only if azure-rbacfeature is enabled on the cluster
Once all the Azure Arc-enabled Kubernetes agent pods are in
Runningstate, verify that your cluster connected to Azure Arc. You should see:- An Azure Arc-enabled Kubernetes resource in Azure Resource Manager. Azure tracks this resource as a projection of the customer-managed Kubernetes cluster, not the actual Kubernetes cluster itself.
- Cluster metadata (like Kubernetes version, agent version, and number of nodes) appears on the Azure Arc-enabled Kubernetes resource as metadata.
Next steps
- Walk through our quickstart to connect a Kubernetes cluster to Azure Arc.
- Learn more about the creating connections between your cluster and a Git repository as a configuration resource with Azure Arc-enabled Kubernetes.