This is the starting point for the instructions on deploying the AKS baseline multi cluster reference implementation. There is required access and tooling you'll need in order to accomplish this. Follow the instructions below and on the subsequent pages so that you can get your environment ready to proceed with the creation of the AKS clusters.
-
Login into your Azure subscription, and save your Azure subscription's tenant id.
⚠️ The user or service principal initiating the deployment process must have the following minimal set of Azure Role-Based Access Control (RBAC) roles:- Contributor role is required at the subscription level to have the ability to create resource groups and perform deployments.
- User Access Administrator role is required at the subscription level since you'll be performing role assignments to managed identities across various resource groups.
az login TENANTID_AZURERBAC=$(az account show --query tenantId -o tsv) TENANTS=$(az rest --method get --url https://management.azure.com/tenants?api-version=2020-01-01 --query 'value[].{TenantId:tenantId,Name:displayName}' -o table)
💡 If you don't have an Azure subscription, you can create a free account.
-
Validate your saved Azure subscription's tenant id is correct
echo "${TENANTS}" | grep -z ${TENANTID_AZURERBAC}
⚠️ Do not procced if the tenant highlighted in red is not correct. Start over byaz logininto the proper Azure subscription -
From the list printed in the previous step, select an Azure AD tenant to associate your Kubernetes RBAC Cluster API authentication and login into.
⚠️ The user or service principal initiating the deployment process must have the following minimal set of Azure AD permissions assigned:- Azure AD User Administrator is required to create a "break glass" AKS admin Active Directory Security Group and User. Alternatively, you could get your Azure AD admin to create this for you when instructed to do so.
- If you are not part of the User Administrator group in the tenant associated to your Azure subscription, please consider creating a new tenant to use while evaluating this implementation. The Azure AD tenant backing your Cluster's API RBAC does NOT need to be the same tenant associated with your Azure subscription.
az login --allow-no-subscriptions -t <Replace-With-ClusterApi-AzureAD-TenantId>
- Azure AD User Administrator is required to create a "break glass" AKS admin Active Directory Security Group and User. Alternatively, you could get your Azure AD admin to create this for you when instructed to do so.
-
Validate that the new saved tenant id is correct one for Kubernetes Cluster API authorization
TENANTID_K8SRBAC=$(az account show --query tenantId -o tsv) echo "${TENANTS}" | grep -z ${TENANTID_K8SRBAC}
⚠️ If the tenant highlighted in red is not correct, start over by login into the proper Azure Directory Tenant for Kubernetes Cluster API authorization. -
Latest Azure CLI installed or you can perform this from Azure Cloud Shell by clicking below.
-
Install GitHub CLI
-
Login GitHub Cli
gh auth login -s "repo,admin:org" -
Fork the repository first, and clone it
gh repo fork mspnp/aks-baseline-multi-region --clone=true --remote=false cd aks-baseline-multi-region git remote remove upstream💡 The steps shown here and elsewhere in the reference implementation use Bash shell commands. On Windows, you can use the Windows Subsystem for Linux to run Bash.
-
Get your GitHub user name
GITHUB_USER_NAME=$(echo $(gh auth status 2>&1) | sed "s#.*as \(.*\) (.*#\1#") -
Ensure the following tooling is also installed:
