Azure Service Operator Fundamentals Explained

Author

Reads 859

Experience a serene ocean view with an expansive blue sky and distant islands on the horizon.
Credit: pexels.com, Experience a serene ocean view with an expansive blue sky and distant islands on the horizon.

Azure Service Operator is a Kubernetes operator that allows you to manage Azure resources from within your Kubernetes cluster. It's a game-changer for DevOps teams.

The operator provides a set of APIs that enable you to create and manage Azure resources, such as virtual machines, storage accounts, and networks. This allows you to manage your entire application lifecycle within your Kubernetes cluster.

Azure Service Operator supports a wide range of Azure services, including Azure Virtual Machines, Azure Storage, and Azure Networking. This means you can use the operator to manage all your Azure resources from a single place.

By using Azure Service Operator, you can automate the provisioning and management of your Azure resources, which can save you a lot of time and effort.

What Is It?

The Azure Service Operator (ASO) is a tool that helps you provision Azure resources and connect your applications to them from within Kubernetes. It allows you to manage Azure resources using Kubernetes tooling and primitives, such as `kubectl apply`.

Credit: youtube.com, Azure Service Operator demo within Kubernetes | KubeCon 2022

If you want to use Azure resources but prefer to manage them using Kubernetes tooling, then ASO might be for you. This is especially useful if you're already familiar with Kubernetes and want to leverage its features to manage your Azure resources.

ASO provides Custom Resource Definitions (CRDs) for each of the Azure services you can provision. This means you can define the desired state of your Azure resources using Kubernetes custom resources.

The Kubernetes controller that manages the Azure resources represented by the user-specified Custom Resources attempts to synchronize the desired state with the actual state of that resource in Azure. This ensures that your Azure resources are always in sync with your Kubernetes configuration.

Getting Started

To get started with the Azure Service Operator, you'll need to create a Kubernetes cluster with at least version 1.16. You can check your cluster version with `kubectl version`.

You'll also need an Azure Subscription to provision resources into. If you want to try it out quickly, spin up a local cluster using Kind.

Credit: youtube.com, Azure Service Operators with Azure Kubernetes Services

To use the Azure Service Operator, you'll need an Azure Service Principal. You can create one using the Azure CLI or by following the installation instructions. See the Azure Workload Identity setup for an alternative method.

You'll need to set environment variables for your Azure Tenant ID and Subscription ID. You can find these values by using the Azure CLI: `az account show`.

To create a service principal, use the `az ad sp create-for-rbac` command with Contributor permissions for your subscription. This will give you an app ID, password, and tenant ID.

Here are the environment variables you'll need to set:

Once you have created a service principal, you can install the Azure Service Operator using the Helm chart. You'll need to add the Helm repository and upgrade the chart with the necessary settings.

Here are the settings you'll need to pass to the Helm chart:

You can install the Azure Service Operator using the following command: `helm upgrade --install aso2 aso2/azure-service-operator ...`.

Usage

Credit: youtube.com, Azure Service Operator Demo with Azure MySQL Stephen Bylo Sep 2020

Once you've installed the Azure Service Operator controller in your cluster, you should see the ASO pod running.

The ASO controller is a pod that runs in your cluster, and you can view its logs to see what's happening. To do this, take note of the pod name and then run the following command.

The output will show you the logs for the running ASO controller, which can help you troubleshoot any issues.

You can also use the ASO controller to delete resources from your cluster, including resource groups. If you delete a resource group, it will also be deleted from Azure.

For more information on using the ASO controller, be sure to check out the resource samples directory.

Configuration

To configure Azure Service Operator, you'll need to create a Managed Identity or Service Principal, which will be used to authenticate with Azure.

This identity or service principal will grant permissions to create resources in your subscription, so it's essential to get this right. Create a service principal with Contributor permissions for your subscription.

You can optionally use a service principal with more restricted permissions, but that will limit what you can do with ASO. Set the variables to your app ID and password values once you've created the service principal.

Create Managed Identity

Credit: youtube.com, Azure Managed Identities - explained in plain English in 5 mins with a step by step demo

To get started with Azure Service Operator, you'll need to create a Managed Identity or Service Principal to authenticate with Azure.

You can use a Service Principal, which is the easiest way to get started, but Managed Identity with Azure Workload Identity is recommended for use-cases other than testing.

Create a service principal with Contributor permissions for your subscription, which will give you the necessary permissions to create resources.

You can optionally use a service principal with more restricted permissions, but this will limit what you can do with Azure Service Operator.

Set the following variables to your app ID and password values once you have created a service principal.

The variables you'll need are the app ID and password values from your service principal.

Aso V2

Aso V2 is a significant upgrade from its predecessor, offering a range of improvements that make it a more reliable and efficient choice for managing Azure resources.

ASO v2 supports more than 150 different Azure resources, with more added every release. See the full list of supported resources.

Computer server in data center room
Credit: pexels.com, Computer server in data center room

One of the key benefits of ASO v2 is its ability to quickly add new resources as they are requested, thanks to its code-generated CRDs based on Azure OpenAPI specifications.

ASO v2 resources are very uniform due to their code-generated nature, making it easier to manage and debug your resources.

You can view the actual state of the resource in Azure through ASO v2, which enables you to see server-side applied defaults and more easily debug issues.

The state a resource is in is exposed via a Ready condition, providing clearer resource states.

Here are the key improvements in ASO v2:

  • Supports code-generated CRDs based on Azure OpenAPI specifications.
  • More powerful Status.
  • Dedicated storage versions.
  • Uniformity.
  • Clearer resource states.

We strongly recommend new users consider ASO v2 instead of ASO v1, as it is under active development and offers a more stable and efficient experience.

Folders and Files

The Azure Service Operator has a well-organized folder structure, with a clear separation of concerns. This makes it easy to navigate and find what you need.

Credit: youtube.com, Setting File and Folder Permissions

The operator's code is organized into several folders, each with its own purpose. The `.devcontainer` folder is used for development container settings, while the `.github` folder contains GitHub-related files.

The `api` folder is dedicated to API-related code, while the `charts` folder is used for Helm charts. The `config` folder contains configuration files, and the `controllers` folder is used for controller-related code.

The `devops` folder is used for DevOps-related tasks, and the `docs` folder contains documentation. The `examples/demo` folder is used for demonstration purposes, and the `hack/crossplane` folder is used for Crossplane-related code.

The `pkg` folder contains package-related code, and the `scripts` folder is used for scripts. The `test/common` folder is used for common test code, and the `v2` folder is used for version 2-related code.

The operator also has several configuration files, including `.dockerignore`, `.envrc`, `.gitattributes`, `.gitignore`, `.gitmodules`, `.golangci.yml`, `CODE_OF_CONDUCT.md`, `CONTRIBUTING.md`, `Dockerfile`, `LICENSE`, `Makefile`, `PROJECT`, `README.md`, `ROADMAP.md`, `SECURITY.md`, `SUPPORT.md`, `Taskfile.yml`, `azure-pipelines.yml`, `codecov.yml`, `dev.sh`, `go.mod`, `go.sum`, `main.go`, and `workspace.code-workspace`.

Here is a list of the operator's folders and their purposes:

Frequently Asked Questions

What is an Azure operator?

An Azure operator is a cloud-based service manager responsible for orchestrating complex edge network services. They work on the Azure Operator Nexus platform to simplify management and deployment of these services.

What is the difference between Crossplane and Azure service operator?

The main difference between Crossplane and Azure Service Operator (ASO) is that ASO is a simpler, Microsoft-maintained solution, while Crossplane offers more advanced abstractions and is community-driven. If you're looking for a straightforward way to manage Azure services, ASO might be the better choice, but if you need more flexibility and customization, Crossplane is worth exploring.

What is an aso operator?

The Azure Service Operator (ASO) is a tool that helps manage Azure services within an OpenShift cluster. It provides a way to create, update, and delete Azure resources using Custom Resource Definitions (CRDs).

Calvin Connelly

Senior Writer

Calvin Connelly is a seasoned writer with a passion for crafting engaging content on a wide range of topics. With a keen eye for detail and a knack for storytelling, Calvin has established himself as a versatile and reliable voice in the world of writing. In addition to his general writing expertise, Calvin has developed a particular interest in covering important and timely subjects that impact society.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.