Adding Azure

README.md

@@ -6,6 +6,7 @@ This tutorial is optimized for learning, which means taking the long route to he
 
 * [Google Compute Engine](https://cloud.google.com/compute)
 * [Amazon EC2](https://aws.amazon.com/ec2)
+* [Microsoft Azure VMs](https://azure.microsoft.com/en-us/services/virtual-machines/?b=16.51b)
 
 > The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning!
 
@@ -47,16 +48,21 @@ AWS
 
 * The us-west-2 region will be used
 
+Azure
+
+* The westus region will be used
+
 ## Platforms
 
 This tutorial assumes you have access to one of the following:
 
 * [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/) (125.0.0+)
 * [Amazon Web Services](https://aws.amazon.com), the [AWS CLI](https://aws.amazon.com/cli) (1.10.63+), and [jq](https://stedolan.github.io/jq) (1.5+)
+* [Microsoft Azure](https://azure.com) and the [Azure CLI](https://github.com/azure/azure-cli)
 
 ## Labs
 
-While GCP or AWS will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
+While GCP, AWS or Azure will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
 
 * [Cloud Infrastructure Provisioning](docs/01-infrastructure.md)
 * [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md)

docs/01-infrastructure.md

@@ -1,8 +1,9 @@
 # Cloud Infrastructure Provisioning
 
-Kubernetes can be installed just about anywhere physical or virtual machines can be run. In this lab we are going to focus on [Google Cloud Platform](https://cloud.google.com/) and [Amazon Web Services](https://aws.amazon.com).
+Kubernetes can be installed just about anywhere physical or virtual machines can be run. In this lab we are going to focus on [Google Cloud Platform](https://cloud.google.com/), [Amazon Web Services](https://aws.amazon.com) and [Microsoft Azure](https://azure.com).
 
 This lab will walk you through provisioning the compute instances required for running a H/A Kubernetes cluster. 
 
 * [Cloud Infrastructure Provisioning - Google Cloud Platform](01-infrastructure-gcp.md)
 * [Cloud Infrastructure Provisioning - Amazon Web Services](01-infrastructure-aws.md)
+* [Cloud Infrastructure Provisioning - Microsoft Azure](01-infrastructure-azure.md)

docs/02-certificate-authority.md

@@ -38,7 +38,6 @@ chmod +x cfssljson_darwin-amd64
 sudo mv cfssljson_darwin-amd64 /usr/local/bin/cfssljson
 ```
 
-
 ### Linux
 
 ```
@@ -137,6 +136,13 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
   jq -r '.LoadBalancerDescriptions[].DNSName')
 ```
 
+#### Azure
+
+```shell
+KUBERNETES_PUBLIC_ADDRESS=$(az network public-ip show -g kubernetes \
+  -n kubernetes-pip --query "ipAddress" -otsv)
+```
+
 ---
 
 Create the `kubernetes-csr.json` file:
@@ -239,3 +245,19 @@ for host in ${KUBERNETES_HOSTS[*]}; do
     ubuntu@${PUBLIC_IP_ADDRESS}:~/
 done
 ```
+
+### Azure
+
+The following command will:
+ * Extract the public IP address for each Kubernetes host
+ * Copy the TLS certificates and keys to each Kubernetes host using `scp`
+
+```shell
+for host in ${KUBERNETES_HOSTS[*]}; do
+  PUBLIC_IP_ADDRESS=$(az network public-ip show -g kubernetes \
+    -n ${host}-pip --query "ipAddress" -otsv)
+
+  scp ca.pem kubernetes-key.pem kubernetes.pem \
+    $(whoami)@${PUBLIC_IP_ADDRESS}:~/
+done
+```

docs/03-etcd.md

@@ -107,6 +107,12 @@ INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
 INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
 ```
 
+#### Azure
+
+```shell
+INTERNAL_IP=$(ip addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
+```
+
 ---
 
 Each etcd member must have a unique name within an etcd cluster. Set the etcd name:

docs/04-kubernetes-controller.md

@@ -138,6 +138,12 @@ INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
 INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
 ```
 
+#### Azure
+
+```shell
+INTERNAL_IP=$(ip addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
+```
+
 ---
 
 Create the systemd unit file:
@@ -340,3 +346,26 @@ aws elb register-instances-with-load-balancer \
   --load-balancer-name kubernetes \
   --instances ${CONTROLLER_0_INSTANCE_ID} ${CONTROLLER_1_INSTANCE_ID} ${CONTROLLER_2_INSTANCE_ID}
 ```
+
+### Azure
+
+```shell
+az network lb probe create -g kubernetes \
+  -n kubernetes-apiserver-check \
+  --lb-name kubernetes-lb \
+  --protocol http \
+  --port 8080 \
+  --path /healthz
+```
+
+```shell
+az network lb rule create -g kubernetes \
+  -n kubernetes-apiserver-rule \
+  --protocol tcp \
+  --lb-name kubernetes-lb \
+  --frontend-ip-name LoadBalancerFrontEnd \
+  --frontend-port 6443 \
+  --backend-pool-name kubernetes-lb-pool \
+  --backend-port 6443 \
+  --probe-name kubernetes-apiserver-check
+```

docs/05-kubernetes-worker.md

@@ -15,7 +15,6 @@ Kubernetes worker nodes are responsible for running your containers. All Kuberne
 
 Some people would like to run workers and cluster services anywhere in the cluster. This is totally possible, and you'll have to decide what's best for your environment.
 
-
 ## Provision the Kubernetes Worker Nodes
 
 Run the following commands on `worker0`, `worker1`, `worker2`:

docs/06-kubectl.md

@@ -36,6 +36,14 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
   --load-balancer-name kubernetes | \
   jq -r '.LoadBalancerDescriptions[].DNSName')
 ```
+
+#### Azure
+
+```shell
+KUBERNETES_PUBLIC_ADDRESS=$(az network public-ip show -g kubernetes \
+  -n kubernetes-pip --query "ipAddress" -otsv)
+```
+
 ---
 
 Recall the token we setup for the admin user:

docs/07-network.md

@@ -118,3 +118,44 @@ aws ec2 create-route \
   --destination-cidr-block 10.200.2.0/24 \
   --instance-id ${WORKER_2_INSTANCE_ID}
 ```
+
+### Azure
+
+```shell
+az network route-table create -g kubernetes \
+  -n kubernetes-routes
+```
+
+```shell
+az network vnet subnet update -g kubernetes \
+  -n kubernetes-subnet \
+  --vnet-name kubernetes-vnet \
+  --route-table kubernetes-routes
+```
+
+```shell
+az network route-table route create -g kubernetes \
+  -n kubernetes-route-10-200-0-0-24 \
+  --route-table-name kubernetes-routes \
+  --address-prefix 10.200.0.0/24 \
+  --next-hop-ip-address 10.240.0.20 \
+  --next-hop-type VirtualAppliance
+```
+
+```shell
+az network route-table route create -g kubernetes \
+  -n kubernetes-route-10-200-1-0-24 \
+  --route-table-name kubernetes-routes \
+  --address-prefix 10.200.1.0/24 \
+  --next-hop-ip-address 10.240.0.21 \
+  --next-hop-type VirtualAppliance
+```
+
+```shell
+az network route-table route create -g kubernetes \
+  -n kubernetes-route-10-200-2-0-24 \
+  --route-table-name kubernetes-routes \
+  --address-prefix 10.200.2.0/24 \
+  --next-hop-ip-address 10.240.0.22 \
+  --next-hop-type VirtualAppliance
+```

docs/09-smoke-test.md

@@ -79,6 +79,29 @@ NODE_PUBLIC_IP=$(aws ec2 describe-instances \
   jq -j '.Reservations[].Instances[].PublicIpAddress')
 ```
 
+#### Azure
+
+```shell
+az network nsg rule create -g kubernetes \
+  -n kubernetes-allow-nginx \
+  --access allow \
+  --destination-address-prefix '*' \
+  --destination-port-range ${NODE_PORT} \
+  --direction inbound \
+  --nsg-name kubernetes-nsg \
+  --protocol tcp \
+  --source-address-prefix '*' \
+  --source-port-range '*' \
+  --priority 1002
+```
+
+Grab the `EXTERNAL_IP` for one of the worker nodes:
+
+```
+NODE_PUBLIC_IP=$(gcloud compute instances describe worker0 \
+  --format 'value(networkInterfaces[0].accessConfigs[0].natIP)')
+```
+
 ---
 
 Test the nginx service using cURL:

docs/10-cleanup.md

@@ -205,3 +205,9 @@ DHCP_OPTION_SET_ID=$(aws ec2 describe-dhcp-options \
 aws ec2 delete-dhcp-options \
   --dhcp-options-id ${DHCP_OPTION_SET_ID}
 ```
+
+## GCP
+
+```shell
+az group delete -n kubernetes
+```