Azure Arc Kubernetes offers a unified platform for managing Kubernetes clusters across multiple environments, including on-premises, edge, and multicloud. This allows organizations to simplify their hybrid cloud management and reduce complexity.
With Azure Arc, you can manage your Kubernetes clusters from a single pane of glass, regardless of where they are deployed. This includes clusters running on Azure, on-premises, or in other cloud environments.
By using Azure Arc Kubernetes, you can take advantage of a consistent management experience across all your clusters, which can help improve efficiency and reduce costs. This is especially useful for organizations with a large number of clusters spread across different environments.
Prerequisites
To get started with Azure Arc Kubernetes, you'll need to meet some prerequisites.
You'll need an Azure account with an active subscription, which you can create for free.
A basic understanding of Kubernetes core concepts is also a must.
You'll need an identity, either a user or service principal, to log in to Azure CLI and connect your cluster to Azure Arc.
Make sure you have the latest version of Azure CLI installed.
Additionally, you'll need the latest version of the connectedk8s Azure CLI extension, which you can install by running the command az extension add --name connectedk8s.
You'll also need an up-and-running Kubernetes cluster. If you don't have one, you can create a cluster using one of the available options.
Here are the minimum system requirements for the Arc agents: at least 850 MB free space and capacity to use approximately 7% of a single CPU.
You'll also need a kubeconfig file and context pointing to your cluster. For more information, see Configure access to multiple clusters.
Getting Started
Azure Arc Kubernetes is a managed platform that allows you to manage Kubernetes clusters across on-premises, multicloud, and edge environments.
To get started, you'll need to create an Azure Arc enabled Kubernetes cluster, which can be done in just a few clicks.
Azure Arc supports both Azure Kubernetes Service (AKS) and Kubernetes clusters running on-premises or in other clouds, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP).
Introduction to
Azure Arc is a game-changer for managing diverse applications and infrastructure.
It helps govern and operate across disparate environments, which is crucial for businesses with tens or thousands of apps.
Azure Arc plays a critical role in ensuring security guidelines are in place when operating across various environments.
This means you can have peace of mind knowing your apps are secure, no matter where they're hosted.
Red Hat OpenShift Container Platform, Azure AKS, and ExoscaleSKS (managed Kubernetes) were the focus of our project, and we needed a way to manage them in one central tooling.
Azure Arc-enabled Kubernetes in combination with Exoscale SKS was the solution we chose.
Topology and Networking
Topology and networking are crucial components of Azure Arc. To get started, you'll need to ensure that your environment has the necessary connectivity.
The Azure Arc agent needs to connect to Azure and register the cluster, which requires access to the endpoint https://management.azure.com:443.
You'll also need to allow connectivity to the data plane endpoint, which is https://[region].dp.kubernetesconfiguration.azure.com:443, where [region] represents the Azure region that hosts the AKS instance.
Container images are pulled from https://docker.io:443, so make sure your environment can reach this endpoint.
If you're using GitOps with GitHub, the configuration agent needs to be able to connect to the Git endpoint, which could be either https://github.com:443 or git://github.com:9418.
Lastly, the Azure Arc agent needs to fetch and update Azure Resource Manager tokens, which requires access to the endpoint https://login.microsoftonline.com:443.
Here's a summary of the required endpoints:
Connection and Setup
To connect your AKS cluster to Azure Arc, you can use the Aks-Hci PowerShell module, which deploys Azure Arc agents for Kubernetes into the azure-arc namespace.
You can also connect your AKS cluster to Azure Arc using a service principal, which requires the service principal to have the Owner role assigned to it and scope over the subscription ID used in the command.
To verify the connected cluster, you can view your Kubernetes cluster resource on the Azure portal, which may take up to five to ten minutes for the cluster metadata to surface.
You can also connect an existing Kubernetes cluster to Azure Arc by running a command that deploys the Azure Arc agents to the cluster and installs Helm v. 3.6.3 to the .azure folder of the deployment machine.
To register the two providers for AKS, you need to run a command that registers the providers, which is an asynchronous process that may take approximately 10 minutes.
You can check if you're registered by running a command that checks your registration status.
To register a cluster, you need a kubeconfig file to access the cluster and a cluster-admin role on the cluster to deploy Arc-enabled Kubernetes agents.
Verification and Agents
To verify your connected cluster, navigate to the Azure portal and view your Kubernetes cluster resource in the resource group. It can take around 5-10 minutes for the cluster metadata to surface on the overview page.
You can view the Azure Arc agents for Kubernetes using kubectl, which will display the deployments and pods in the azure-arc namespace. This includes agents such as the cluster-metadata-operator, clusterconnect-agent, and clusteridentityoperator.
Here are the Azure Arc agents for Kubernetes, which are deployed to the azure-arc namespace:
- deployment.apps/config-agent: watches the connected cluster for source control configuration resources and updates the compliance state.
- deployment.apps/controller-manager: orchestrates interactions between Azure Arc components.
- deployment.apps/metrics-agent: collects metrics from other Arc agents to ensure optimal performance.
- deployment.apps/cluster-metadata-operator: gathers cluster metadata, cluster version, node count, and Azure Arc agent version.
- deployment.apps/resource-sync-agent: syncs cluster metadata to Azure.
- deployment.apps/clusteridentityoperator: maintains the Managed Service Identity (MSI) certificate for communication with Azure.
- deployment.apps/flux-logs-agent: collects logs from flux operators deployed for source control configuration.
- deployment.apps/extension-manager: installs and manages extension Helm charts.
- deployment.apps/kube-azure-ad-proxy: authenticates requests sent to the cluster using Cluster Connect.
- deployment.apps/clusterconnect-agent: enables cluster connect feature to provide access to the apiserver.
- deployment.apps/guard: an authentication and authorization webhook server for Microsoft Entra RBAC.
Verification and Agents
Verification and Agents is a crucial step in setting up Azure Arc. You can check if you're registered by running the following commands: az provider show -n Microsoft.Kubernetes -o table, az provider show -n Microsoft.KubernetesConfiguration -o table, and az provider show -n Microsoft.ExtendedLocation -o table.
Registration is an asynchronous process and can take up to 10 minutes. If you're not registered, you'll need to run the registration commands to get started.
The registration process involves registering the providers for AKS, which can be done using the az provider register command. You'll need to register the providers for Microsoft.Kubernetes, Microsoft.KubernetesConfiguration, and Microsoft.ExtendedLocation.
To verify registration, you can use the az provider show command with the -o table option. This will show you the registration state for each namespace.
Here's a quick rundown of the registration process:
Verify the Connected
To verify the connected cluster, you can view your Kubernetes cluster resource on the Azure portal. This can take a maximum of approximately five to ten minutes for the cluster metadata to surface on the overview page of the AKS resource.
You can navigate to the resource group and the AKS resource based on the resource name and resource group name inputs used in the enable-akshciarcconnection PowerShell command.
The cluster metadata includes information such as cluster version, agent version, and number of nodes.
You can also use the Azure portal to view the connected cluster and its resources.
Here's a list of the Azure Arc agents for Kubernetes that are deployed to the azure-arc namespace:
- cluster-metadata-operator
- clusterconnect-agent
- clusteridentityoperator
- config-agent
- controller-manager
- extension-manager
- flux-logs-agent
- kube-aad-proxy
- metrics-agent
- resource-sync-agent
These agents are responsible for various tasks such as gathering cluster metadata, synchronizing cluster metadata to Azure, and collecting metrics from other Arc agents.
Frequently Asked Questions
What is the difference between Azure Kubernetes and Azure Arc Kubernetes?
Azure Kubernetes (AKS) is a managed service for deploying and scaling Kubernetes clusters, while Azure Arc Kubernetes extends Azure to run across datacenters, edges, and multicloud environments, offering greater flexibility and hybrid management.
What is the difference between Azure and Azure ARC?
Azure is a comprehensive cloud platform, while Azure Arc is a service that extends Azure to run applications across multiple environments, including datacenters, edges, and multiclouds. Think of Azure as the core platform and Azure Arc as the bridge that connects it to more places.
What is the difference between Azure Stack Hub and ARC?
Azure Stack Hub brings Azure services to the edge or on-premises servers, whereas Azure Arc projects edge and on-premises resources back into Azure. This key difference enables Azure Arc to connect diverse infrastructures with Azure's robust platform.
What is the key benefit of Azure ARC-enabled Kubernetes clusters?
Azure Arc-enabled Kubernetes clusters offer centralized management, consistent experience, hybrid connectivity, and improved security, making them a secure and compliant choice for organizations. This streamlined management helps ensure the stability and efficiency of your clusters.
Sources
- https://learn.microsoft.com/en-us/azure/aks/hybrid/connect-to-arc
- https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/quickstart-connect-cluster
- https://nordcloud.com/tech-community/a-guide-to-azure-arc-enabled-kubernetes/
- https://turbo360.com/blog/azure-arc-for-kubernete
- https://learn.microsoft.com/en-us/azure/architecture/hybrid/arc-hybrid-kubernetes
Featured Images: pexels.com