Create and manage custom locations on Azure Arc enabled Kubernetes

As an Azure location extension, Custom Locations provides a way for tenant administrators to use their Azure Arc enabled Kubernetes clusters as target locations for deploying Azure services instances. Azure resources examples include Azure Arc enabled SQL Managed Instance and Azure Arc enabled PostgreSQL Hyperscale.

Similar to Azure locations, end users within the tenant with access to Custom Locations can deploy resources there using their company's private compute.

In this article, you learn how to:

  • Enable custom locations on your Azure Arc enabled Kubernetes cluster.
  • Deploy the Azure service cluster extension of the Azure service instance on your cluster.
  • Create a custom location on your Azure Arc enabled Kubernetes cluster.

A conceptual overview of this feature is available in Custom locations - Azure Arc enabled Kubernetes article.

Important

Azure Arc enabled Kubernetes preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. Azure Arc enabled Kubernetes previews are partially covered by customer support on a best-effort basis.

Prerequisites

  • Install or upgrade Azure CLI to version >= 2.16.0.

  • Install the following Azure CLI extensions:

    • connectedk8s (version 1.1.0 or later)
    • k8s-extension (version 0.2.0 or later)
    • customlocation (version 0.1.0 or later)
    az extension add --name connectedk8s
    az extension add --name k8s-extension
    az extension add --name customlocation
    

    If you've previously installed the connectedk8s, k8s-extension, and customlocation extensions, update to the latest version using the following command:

    az extension update --name connectedk8s
    az extension update --name k8s-extension
    az extension update --name customlocation
    
  • Verify completed provider registration for Microsoft.ExtendedLocation.

    1. Enter the following commands:
    az provider register --namespace Microsoft.ExtendedLocation
    
    1. Monitor the registration process. Registration may take up to 10 minutes.
    az provider show -n Microsoft.ExtendedLocation -o table
    
  • Verify you have an existing Azure Arc enabled Kubernetes connected cluster.

Note

Supported regions for custom locations:

  • East US
  • West Europe

Enable custom locations on cluster

If you are logged into Azure CLI as a Azure AD user, to enable this feature on your cluster, execute the following command:

az connectedk8s enable-features -n <clusterName> -g <resourceGroupName> --features cluster-connect custom-locations

If you are logged into Azure CLI using a service principal, to enable this feature on your cluster, execute the following steps:

  1. Fetch the Object ID of the Azure AD application used by Azure Arc service:

    az ad sp show --id 'bc313c14-388c-4e7d-a58e-70017303ee3b' --query objectId -o tsv
    
  2. Use the <objectId> value from above step to enable custom locations feature on the cluster:

    az connectedk8s enable-features -n <cluster-name> -g <resource-group-name> --custom-locations-oid <objectId> --features cluster-connect custom-locations
    

Note

  1. Custom Locations feature is dependent on the Cluster Connect feature. So both features have to be enabled for custom locations to work.
  2. az connectedk8s enable-features needs to be run on a machine where the kubeconfig file is pointing to the cluster on which the features are to be enabled.

Create custom location

  1. Deploy the Azure service cluster extension of the Azure service instance you eventually want on your cluster:

    • Azure Arc enabled Data Services

      az k8s-extension create --name <extensionInstanceName> --extension-type microsoft.arcdataservices --cluster-type connectedClusters -c <clusterName> -g <resourceGroupName> --scope cluster --release-namespace arc --config Microsoft.CustomLocation.ServiceAccount=sa-bootstrapper
      

      Note

      Outbound proxy without authentication and outbound proxy with basic authentication are supported by the Arc enabled Data Services cluster extension. Outbound proxy that expects trusted certificates is currently not supported.

    • Azure App Service on Azure Arc

      az k8s-extension create --name <extensionInstanceName> --extension-type 'Microsoft.Web.Appservice' --cluster-type connectedClusters -c <clusterName> -g <resourceGroupName> --scope cluster --release-namespace appservice-ns --configuration-settings "Microsoft.CustomLocation.ServiceAccount=default" --configuration-settings "appsNamespace=appservice-ns" 
      
    • Event Grid on Kubernetes

        az k8s-extension create --name <extensionInstanceName> --extension-type Microsoft.EventGrid --cluster-type connectedClusters -c <clusterName> -g <resourceGroupName> --scope cluster --release-namespace eventgrid-ext --configuration-protected-settings-file protected-settings-extension.json --configuration-settings-file settings-extension.json
      
  2. Get the Azure Resource Manager identifier of the Azure Arc enabled Kubernetes cluster, referenced in later steps as connectedClusterId:

    az connectedk8s show -n <clusterName> -g <resourceGroupName>  --query id -o tsv
    
  3. Get the Azure Resource Manager identifier of the cluster extension deployed on top of Azure Arc enabled Kubernetes cluster, referenced in later steps as extensionId:

    az k8s-extension show --name <extensionInstanceName> --cluster-type connectedClusters -c <clusterName> -g <resourceGroupName>  --query id -o tsv
    
  4. Create custom location by referencing the Azure Arc enabled Kubernetes cluster and the extension:

    az customlocation create -n <customLocationName> -g <resourceGroupName> --namespace arc --host-resource-id <connectedClusterId> --cluster-extension-ids <extensionId>
    

Next steps