updates and tests to scripts

Author: jorgearteiro

README.md

@@ -6,7 +6,7 @@ Slide Deck: https://www.slideshare.net/JorgeArteiro/manage-your-kubernetes-clust
 Meetup reference: https://www.meetup.com/en-AU/Microsoft-Reactor-Sydney/events/279879195
 
 Follow us at https://youtube.com/AzureTar , https://AzureTar.com and  @AzureTar
-### Scripts are grouped the follwing way:
+### Scripts are grouped the following way:
 
 (Dependencies) - All environment/installation scripts required.
 
@@ -31,9 +31,21 @@ Follow us at https://youtube.com/AzureTar , https://AzureTar.com and  @AzureTar
     curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
     chmod 700 get_helm.sh
     ./get_helm.sh
+
+
+### (Dependencies) Install/Update Extensions
+    az extension list
+
+    az upgrade  (to upgrade all installed extensions)
+
+    az extension add -n connectedk8s  or  az extension update -n connectedk8s
+
+    az extension add -n k8s-configuration  or  az extension update -n k8s-configuration
+
+    az extension add -n aks-preview  or  az extension update -n aks-preview
 ### (Management Cluster) Create AKS - Azure Kubernetes Services to install Cluster API management
-    Create Azure resource Group
-    az group create -l australiaeast -n capi-controlplane
+    Create Azure resource Group on eastus regions where GitOps preview is available
+    az group create -l eastus -n capi-controlplane
 
     Create Azure Kubernetes Services (Edit Script with your IDs)
     az aks create --resource-group capi-controlplane --name capi-controlplane \
@@ -42,27 +54,33 @@ Follow us at https://youtube.com/AzureTar , https://AzureTar.com and  @AzureTar
         --enable-addons monitoring,azure-policy \
         --enable-managed-identity --generate-ssh-keys \
         --vm-set-type VirtualMachineScaleSets --zones 1 2 3 --load-balancer-sku standard \
-        --attach-acr "<ACRResourceId>" \
         --enable-aad --aad-admin-group-object-ids "<AdminGroupObjectId>" \
-        --workspace-resource-id "<LogAnalyticsWorkspaceResourceId>" \
         --max-pods 110 \
         --yes 
 
 ### (Management Cluster) Get AKS Management Cluster .kubeconfig Credential. Config will be merged on the ~/.kube/config file
     az aks get-credentials --resource-group capi-controlplane --name capi-controlplane
 
-    kubectl get nodes
+    kubectl get nodes (to test connection)
 
 ### (Management Cluster) Connect AKS control plane to Azure Arc
-    az connectedk8s connect \
-        --name capi-controlplane --resource-group capi-controlplane --location australiaeast  
+    az feature register --namespace Microsoft.ContainerService --name AKS-GitOps
 
+    az provider register --namespace Microsoft.ContainerService
+
+    az provider register --namespace Microsoft.KubernetesConfiguration
+
+    az feature show --namespace Microsoft.ContainerService --name AKS-GitOps (make sure it's Registered)
+
+    az aks enable-addons -a gitops -n capi-controlplane -g capi-controlplane
+
+    az connectedk8s connect --name capi-controlplane --resource-group capi-controlplane --location eastus  
 ### (Management Cluster) Add GitOps Configuration to deploy workload cluster from YAML files, --git-path=clusters
     az k8s-configuration create \
         --name capi-controlplane --cluster-name capi-controlplane --resource-group capi-controlplane \
         --operator-instance-name capi-controlplane --operator-namespace default \
         --repository-url https://github.com/azuretar/clusterapi-gitops \
-        --scope cluster --cluster-type connectedClusters \
+        --scope cluster --cluster-type managedClusters \
         --operator-params "--git-poll-interval 3s --git-readonly --git-path=clusters/ --git-branch main"
 
 ### (Workload cluster) Edit and Run arc_capi_azure.sh bash script to Initialize CAPI control plane and create workload cluster.
@@ -82,7 +100,7 @@ Follow us at https://youtube.com/AzureTar , https://AzureTar.com and  @AzureTar
     Based on JumpStart https://azurearcjumpstart.io/azure_arc_jumpstart/azure_arc_k8s/cluster_api/capi_azure/
 
 ### (Workload cluster) Use --kubeconfig created by Init Script to connect the workload cluster
-    kubectl --kubeconfig=./azuretar-reactor-1.kubeconfig get pods
+    kubectl --kubeconfig=./azuretar-reactor-1.kubeconfig get pods -A
 
     ps: do not push .kuconfig files to git repo. Please include *.kubeconfig in your .gitignore file
 
@@ -94,11 +112,11 @@ Follow us at https://youtube.com/AzureTar , https://AzureTar.com and  @AzureTar
         --scope cluster --cluster-type connectedClusters \
         --operator-params "--git-poll-interval 3s --git-readonly --git-path=workloads/ --git-branch main"
 
+    kubectl --kubeconfig=./azuretar-reactor-1.kubeconfig get pods -n default -w
 ### (Workload cluster) Install Azure Arc Extension to Azure Monitoring from az cli
     az k8s-extension create --name azuremonitor-containers --cluster-name azuretar-reactor-1 \
     --resource-group azuretar-reactor-1 \
-    --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers \
-    --configuration-settings logAnalyticsWorkspaceResourceID="<LogAnalyticsWorkspaceResourceId>" 
+    --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers  
 
 ### (General) Using clusterctl commands
     clusterctl describe cluster azuretar-reactor-1
@@ -107,7 +125,7 @@ Follow us at https://youtube.com/AzureTar , https://AzureTar.com and  @AzureTar
 
     kubectl get kubeadmcontrolplane --all-namespaces
 
-    kubectl delete cluster azuretar-reactor-1
+    kubectl delete cluster azuretar-reactor-1 (to clean up resources)
 
 ### (Reference Links)
 https://github.com/azuretar/clusterapi-gitops

clusters-examples/azuretar-reactor-1.yaml

@@ -0,0 +1,262 @@
+apiVersion: cluster.x-k8s.io/v1alpha4
+kind: Cluster
+metadata:
+  labels:
+    cni: calico
+  name: azuretar-reactor-1
+  namespace: default
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+      - 192.168.0.0/16
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+    kind: KubeadmControlPlane
+    name: azuretar-reactor-1-control-plane
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+    kind: AzureCluster
+    name: azuretar-reactor-1
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+kind: AzureCluster
+metadata:
+  name: azuretar-reactor-1
+  namespace: default
+spec:
+  identityRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+    kind: AzureClusterIdentity
+    name: cluster-identity
+  location: eastus
+  networkSpec:
+    vnet:
+      name: azuretar-reactor-1-vnet
+      cidrBlocks:
+        - 10.0.0.0/16
+    subnets:
+      - name: azuretar-reactor-1-subnet-cp
+        role: control-plane
+        cidrBlocks: 
+          - 10.0.1.0/24
+        securityGroup:
+          name: azuretar-reactor-1-controlplane-nsg
+          securityRules:
+            - name: "allow_apiserver"
+              description: "Allow K8s API Server"
+              direction: "Inbound"
+              priority: 2202
+              protocol: "*"
+              destination: "*"
+              destinationPorts: "6443"
+              source: "*"
+              sourcePorts: "*"
+      - name: azuretar-reactor-1-subnet-node
+        role: node
+        cidrBlocks: 
+          - 10.0.2.0/24
+  resourceGroup: azuretar-reactor-1
+  subscriptionID: 9daa1df0-9df4-4afc-88d0-544a7f4e3cb9
+---
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+kind: KubeadmControlPlane
+metadata:
+  name: azuretar-reactor-1-control-plane
+  namespace: default
+spec:
+  kubeadmConfigSpec:
+    clusterConfiguration:
+      apiServer:
+        extraArgs:
+          audit-log-maxage: "30"
+          audit-log-maxbackup: "10"
+          audit-log-maxsize: "100"
+          audit-log-path: /var/log/kube-apiserver/audit.log
+          audit-policy-file: /etc/kubernetes/audit.yaml
+          cloud-config: /etc/kubernetes/azure.json
+          cloud-provider: azure
+        extraVolumes:
+        - hostPath: /var/log/kube-apiserver
+          mountPath: /var/log/kube-apiserver
+          name: kubeaudit
+        - hostPath: /etc/kubernetes/audit.yaml
+          mountPath: /etc/kubernetes/audit.yaml
+          name: audit-policy
+          readOnly: true
+        - hostPath: /etc/kubernetes/azure.json
+          mountPath: /etc/kubernetes/azure.json
+          name: cloud-config
+          readOnly: true
+        timeoutForControlPlane: 20m
+      controllerManager:
+        extraArgs:
+          allocate-node-cidrs: "false"
+          cloud-config: /etc/kubernetes/azure.json
+          cloud-provider: azure
+          cluster-name: azuretar-reactor-1
+        extraVolumes:
+        - hostPath: /etc/kubernetes/azure.json
+          mountPath: /etc/kubernetes/azure.json
+          name: cloud-config
+          readOnly: true
+      etcd:
+        local:
+          dataDir: /var/lib/etcddisk/etcd
+          extraArgs:
+            quota-backend-bytes: "8589934592"
+    diskSetup:
+      filesystems:
+      - device: /dev/disk/azure/scsi1/lun0
+        extraOpts:
+        - -E
+        - lazy_itable_init=1,lazy_journal_init=1
+        filesystem: ext4
+        label: etcd_disk
+      - device: ephemeral0.1
+        filesystem: ext4
+        label: ephemeral0
+        replaceFS: ntfs
+      partitions:
+      - device: /dev/disk/azure/scsi1/lun0
+        layout: true
+        overwrite: false
+        tableType: gpt
+    files:
+    - contentFrom:
+        secret:
+          key: control-plane-azure.json
+          name: azuretar-reactor-1-control-plane-azure-json
+      owner: root:root
+      path: /etc/kubernetes/azure.json
+      permissions: "0644"
+    - contentFrom:
+        secret:
+          key: audit.yaml
+          name: audit
+      owner: root:root
+      path: /etc/kubernetes/audit.yaml
+      permissions: "0644"
+    initConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          azure-container-registry-config: /etc/kubernetes/azure.json
+          cloud-config: /etc/kubernetes/azure.json
+          cloud-provider: azure
+        name: '{{ ds.meta_data["local_hostname"] }}'
+    joinConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          azure-container-registry-config: /etc/kubernetes/azure.json
+          cloud-config: /etc/kubernetes/azure.json
+          cloud-provider: azure
+        name: '{{ ds.meta_data["local_hostname"] }}'
+    mounts:
+    - - LABEL=etcd_disk
+      - /var/lib/etcddisk
+    postKubeadmCommands: []
+    preKubeadmCommands: []
+  machineTemplate:
+    infrastructureRef:
+      apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+      kind: AzureMachineTemplate
+      name: azuretar-reactor-1-control-plane
+  replicas: 1
+  version: v1.20.10
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+kind: AzureMachineTemplate
+metadata:
+  name: azuretar-reactor-1-control-plane
+  namespace: default
+spec:
+  template:
+    spec:
+      dataDisks:
+      - diskSizeGB: 256
+        lun: 0
+        nameSuffix: etcddisk
+      osDisk:
+        diskSizeGB: 128
+        osType: Linux
+      sshPublicKey: ""
+      vmSize: Standard_D2s_v3
+---
+apiVersion: cluster.x-k8s.io/v1alpha4
+kind: MachineDeployment
+metadata:
+  name: azuretar-reactor-1-md-0
+  namespace: default
+spec:
+  clusterName: azuretar-reactor-1
+  replicas: 1
+  selector:
+    matchLabels: null
+  template:
+    spec:
+      bootstrap:
+        configRef:
+          apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
+          kind: KubeadmConfigTemplate
+          name: azuretar-reactor-1-md-0
+      clusterName: azuretar-reactor-1
+      infrastructureRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+        kind: AzureMachineTemplate
+        name: azuretar-reactor-1-md-0
+      version: v1.20.10
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+kind: AzureMachineTemplate
+metadata:
+  name: azuretar-reactor-1-md-0
+  namespace: default
+spec:
+  template:
+    spec:
+      osDisk:
+        diskSizeGB: 128
+        osType: Linux
+      sshPublicKey: ""
+      vmSize: Standard_D2s_v3
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
+kind: KubeadmConfigTemplate
+metadata:
+  name: azuretar-reactor-1-md-0
+  namespace: default
+spec:
+  template:
+    spec:
+      files:
+      - contentFrom:
+          secret:
+            key: worker-node-azure.json
+            name: azuretar-reactor-1-md-0-azure-json
+        owner: root:root
+        path: /etc/kubernetes/azure.json
+        permissions: "0644"
+      joinConfiguration:
+        nodeRegistration:
+          kubeletExtraArgs:
+            azure-container-registry-config: /etc/kubernetes/azure.json
+            cloud-config: /etc/kubernetes/azure.json
+            cloud-provider: azure
+          name: '{{ ds.meta_data["local_hostname"] }}'
+      preKubeadmCommands: []
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+kind: AzureClusterIdentity
+metadata:
+  labels:
+    clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
+  name: cluster-identity
+  namespace: default
+spec:
+  allowedNamespaces: {}
+  clientID: 7472d9ca-3081-48eb-9976-73cd7e288e33
+  clientSecret:
+    name: cluster-identity-secret
+    namespace: default
+  tenantID: 72f988bf-86f1-41af-91ab-2d7cd011db47
+  type: ServicePrincipal

init/arc_capi_azure.sh

@@ -29,7 +29,7 @@ export AZURE_ENVIRONMENT="AzurePublicCloud" # Do not change!
 export KUBERNETES_VERSION="1.20.10" # Do not change!
 export CONTROL_PLANE_MACHINE_COUNT="1"
 export WORKER_MACHINE_COUNT="1"
-export AZURE_LOCATION="australiaeast" # Name of the Azure datacenter location. For example: "eastus"
+export AZURE_LOCATION="eastus" # Name of the Azure datacenter location. For example: "eastus"
 export AZURE_CONTROL_PLANE_MACHINE_TYPE="Standard_D2s_v3" # For example: "Standard_D2s_v3"
 export AZURE_NODE_MACHINE_TYPE="Standard_D2s_v3" # For example: "Standard_D4s_v3"