Banzai Cloud Logo Close
Home Benefits Blog Company Contact
Sign in
Author Flora Piszker

Azure Managed Kubernetes (AKS) Go SDK

At Banzai Cloud we use different cloud providers or managed Kubernetes offerings, one of which is Microsoft Azure Managed Kubernetes. It’s a pretty soid service that allows you to deploy a managed k8s cluster without requiring you to deal with low level Kubernetes building blocks, tooling, or cloud infrastructure provisioning. However, there is one temporary issue which is a cornerstone of our PasS, Pipeline: the Azure Go-SDK does not contain the bindings for our new service. As you can see from the following issues and PRs pertaining to the Azure Rest API Swagger specification and Azure SDK for Go, the requisite implementation is missing.

TL;DR: We’ve just open sourced a Golang SDK for Azure managed Kubernetes - an Azure AKS Golang binding

Pipeline is written in Golang and uses Azure, AWS and other provider SDKs to install k8s infrastructure. We had no alternative but to implement and open source a new Azure AKS Golang binding in order to provision managed AKS clusters on Azure. This binding uses the core Azure SDK and extends it via authenticated REST API calls to previously established AKS endpoints. Its implementation is straightforward and simple. It contains only one interesting part: the re-passing of security credentials, the token extraction and replaying of the authentication flow without actually extracting or exposing it. To accomplish that we used the Autorest framework to implement an HTTP request pipeline suitable for use across multiple go-routines and to provide the necessary shared routines. The package breaks the sending, and responding to, of HTTP requests into three phases: Preparing, Sending, and Responding.

If you’d like to give it a try, there are a few Azure pre-requisites you need to set, first, since Azure Managed Kubernetes (AKS) is not switched on by default.

Prerequisities

You will need the following ENV variables exported: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID

You can get this information from the portal, but the easiest and fastest way is to use the Azure CLI tool.

Install the tool and log in using the following commands.

$ curl -L https://aka.ms/InstallAzureCli | bash
$ exec -l $SHELL
$ az login

Create a Service Principal for the Azure Active Directory using the following command.

$ az ad sp create-for-rbac

You should get something like:

{

  "appId": "1234567-1234-1234-1234-1234567890ab",
  "displayName": "azure-cli-2017-08-18-19-25-59",
  "name": "http://azure-cli-2017-08-18-19-25-59",
  "password": "1234567-1234-1234-be18-1234567890ab",
  "tenant": "1234567-1234-1234-be18-1234567890ab"
}

Translate the output from the previous command into newly exported environmental variables.

Service Principal Variable Name Environmental variable
appId AZURE_CLIENT_ID
password AZURE_CLIENT_SECRET
tenant AZURE_TENANT_ID

Run the following command to get you Azure subscription ID.

$ az account show --query id
"1234567-1234-1234-1234567890ab"

Finally, export that value as an environmental variable as well.

Command Environmental variable
az account show –query id AZURE_SUBSCRIPTION_ID

At this point you should have set the following four environmental variables!

export AZURE_CLIENT_ID = "1234567-1234-1234-1234567890ab"
export AZURE_CLIENT_SECRET = "1234567-1234-1234-1234567890ab"
export AZURE_TENANT_ID = "1234567-1234-1234-1234567890ab"
export AZURE_SUBSCRIPTION_ID = "1234567-1234-1234-1234567890ab"

AKS requires a few services to be pre-registred for the subscription. You can add these via the portal or CLI. The required pre-registered service providers are:

Microsoft.Compute
Microsoft.Storage
Microsoft.Network
Microsoft.ContainerService

You can check the registered providers with: az provider list --query "[].{Provider:namespace, Status:registrationState}" --out table

If the above are not registered, you can add them:

az provider register --namespace Microsoft.ContainerService
az provider register --namespace Microsoft.Compute
az provider register --namespace Microsoft.Storage
az provider register --namespace Microsoft.Network

Take a break while the registration goes through all the different zones and datacenters. Have a coffee. You can check statuses by hitting az provider show -n Microsoft.ContainerService for each individual service.

Validate and test the cluster

You should now be able to embed and use the Azure AKS Golang binding in your code, or run one of the tests. You can list, create and delete AKS clusters, and the library will take care of rest calls, status checks and failover handling. You can also validate your code by using the Azure CLI tool.

Install the AKS CLI tool by running az aks install-cli. Get the credentials to the cluster by running az aks get-credentials --resource-group YOUR_RG_NAME --name YOUR_AKS_CLUSTER_NAME.

You can now use *kubectl to operate the cluster. Get the number of nodes and validate the result:

$ kubectl get nodes
NAME                        STATUS    ROLES     AGE       VERSION
aks-agentpool1-36552431-0   Ready     agent     12m       v1.7.7

You can retrieve more information about the cluster by running kubectl cluster-info.

To scale the cluster: az aks scale --name AKS_CLUSTER_NAME --resource-group YOUR_RG_NAME --node-count 1 --resource-group YOUR_RG_NAME.

If you’re interested in our technology and open source projects, follow us on GitHub, LinkedIn or Twitter:

Star


Comments

comments powered by Disqus