Kubernetes on Azure Government

This article describes how to deploy a Kubernetes cluster to Azure Government using aks-engine.

Prerequisites

Define your Kubernetes cluster configuration

  1. Download the aks-engine kubernetes.json sample file.

    Note

    Only use Kubernetes version 1.8 or greater to if you intend to use Azure Files with Azure Government.

  2. Modify the following values in your apimodel.json file:

    • dnsPrefix: The dns name you want for the cluster. For example, contoso will result in https://contoso.usgovvirginia.cloudapp.usgovcloudapi.net

    • keyData: The public SSH key to SSH into the Kubernetes cluster. See How to create and use an SSH public and private key pair for Linux VMs in Azure.

    • clientId and secret: The client ID and secret for the Azure AD service principal that Kubernetes uses to communicate with Azure Government (for example, to create load balancers, request public IPs and access Azure storage).

      Note

      Make sure this service principal is set up with the correct scope. See AKS-Engine: Service Principals.

Deploy your Kubernetes cluster using aks-engine

  1. Obtain your Subscription ID. The subscription ID is available in the Azure portal, via Powershell and via the Azure CLI:

    Via Azure CLI:

    az cloud set --n AzureUSGovernment
    az login
    az account list
    
  2. Use aks-engine to deploy your template to Azure Government. This operation takes up to 30 minutes for three nodes.

    aks-engine deploy --azure-env AzureUSGovernmentCloud --location usgovvirginia --subscription-id <YOUR_SUBSCRIPTION_ID> --api-model kubernetes.json --auth-method cli
    

Connect to your Kubernetes cluster

  1. Configure your kubectl context. This configuration is per bash session. You'll need to run this command for every session:

    export KUBECONFIG=$(pwd)/_output/<DNS-PREFIX>/kubeconfig/kubeconfig.usgovvirginia.json
    

    Alternatively, you can replace your kubectl config file for your configuration to persist across sessions.

    Warning

    Any existing configurations will be replaced.

    cp $(pwd)/_output/<DNS-PREFIX>/kubeconfig/kubeconfig.usgovvirginia.json ~/.kube/config
    
  2. Test your kubectl connectivity with the cluster

    kubectl get pods
    
  3. (Optional) Deploy a PHP Guestbook application with Redis in your Kubernetes cluster

References

Next steps