Microsoft's Azure Container Service (AKS) manages your hosted Kubernetes environment, making it quick and easy to deploy and manage containerized applications without container orchestration expertise. It also eliminates the burden of ongoing operations and maintenance by provisioning, upgrading, and scaling resources on demand, without taking your applications offline. For more information, see the AKS documentation.
Follow this step-by-step guide to set up a Nuclio development environment that uses Azure Container Service (AKS).
- Prerequisites
- Set up your AKS cluster
- Create a container registry using the Azure CLI
- Grant Kubernetes and Nuclio access to the ACR
- Install Nuclio
- What's next
Before starting the set-up procedure, ensure that the following prerequisites are met:
- You have an Azure account. If you don't have an account, you can create one for free.
- The Azure CLI (
az
) is installed on your installation machine. See the Azure CLI installation guide.
-
Create a resource group by running the following
az
command (see the Azure CLI documentation):az group create --name <resource-group-name> --location <location>
The following example creates a resource group named "my-nuclio-k8s-rg" that is located in Western Europe (location "westeurope"):
az group create --name my-nuclio-k8s-rg --location westeurope
-
Create a Kubernetes cluster by running the following
az
command (see the Azure CLI documentation):az aks create --resource-group <resource-group-name> --name <cluster-name> --node-count <number>
The following example creates a cluster named "myNuclioCluster" in the "my-nuclio-k8s-rg" resource group that was created in the example in the previous step:
az aks create --resource-group my-nuclio-k8s-rg --name myNuclioCluster --node-count 2 --generate-ssh-keys
After several minutes, the deployment completes and returns information about the AKS deployment, in JSON format.
-
Install the kubectl CLI. If the CLI is already installed, you can skip to the next step. The
kubectl
Kubernetes command-line application enables you to connect to the Kubernetes cluster from your client computer. To installkubectl
locally, run the followingaz
command (see the Azure CLI documentation):az aks install-cli
-
Connect to the cluster with kubectl by running the following
az
command, which configures thekubectl
CLI to connect to your Kubernetes cluster (see the Azure CLI documentation):az aks get-credentials --resource-group=<resource-group-name> --name=<cluster-name>
For example, the following command gets the credentials of a cluster named "myNuclioCluster" in the "my-nuclio-k8s-rg" resource group that was created in the examples in the previous steps:
az aks get-credentials --resource-group=my-nuclio-k8s-rg --name=myNuclioCluster
-
Verify the connection to your cluster by running the following
kubectl
command (see the Kubernetes documentation):kubectl get nodes
The output is expected to resemble the following example:
NAME STATUS AGE VERSION k8s-myNuclioCluster-36346190-0 Ready 49m v1.7.7
Azure Container Registry (ACR) is a managed Docker container registry service that's used for storing private container container images.
For more information, see the ACR documentation.
Microsoft's Create a container registry using the Azure CLI guide explains how to use the az
CLI to create a container registry.
The Nuclio dashboard builds and pushes functions to a Docker registry. For the Nuclio ACR setup, ACR serves as the Docker registry.
Create an ACR instance by using the az acr create
command (see the Azure CLI documentation):
Note: The name of the registry (
<registry-name>
) must be unique.
az acr create --resource-group <resource-group-name> --name <registry-name> --sku Basic
The following example creates a registry named "mynuclioacr" in the "my-nuclio-k8s-rg" resource group:
az acr create --resource-group my-nuclio-k8s-rg --sku Basic --name mynuclioacr
To grant the AKS Kubernetes cluster and the Nuclio dashboard access to the Azure Container Registry (ACR), as part of the Nuclio installation you'll need to create a secret that stores the registry credentials. You can select between the following two methods for authenticating with the ACR:
Note: The admin-account method has some security concerns, including no option to assign roles. Therefore, it's considered better practice to create a service principal.
You can assign a service principal to your registry, and use it from your application or service to implement headless authentication.
You can use the following command to create a service principal:
az ad sp create-for-rbac --scopes /subscriptions/<subscription-id>/resourcegroups/<resource-group-name>/providers/Microsoft.ContainerRegistry/registries/<registry-name> --role Contributor --name <service-prinicpal-name>
For example, the following command creates a service principal for a container registry named "mynuclioacr" in the "my-nuclio-k8s-rg" resource group:
az ad sp create-for-rbac --role Contributor --scopes /subscriptions/$(az account show --query id -o tsv)/resourcegroups/my-nuclio-k8s-rg/providers/Microsoft.ContainerRegistry/registries/mynuclioacr --name mynuclioacr-sp
Make a note of the username (the service principal's clientID
) and the password, as you'll need them when you install Nuclio.
Each container registry includes an admin user account, which is disabled by default. You can enable the admin user and manage its credentials in the Azure portal or by using the Azure CLI.
At this stage you should have a functioning Kubernetes cluster, a Docker registry, and a working Kubernetes CLI (kubectl
), and you can proceed to install the Nuclio services on the cluster (i.e., deploy Nuclio).
Follow the instructions of How to run nuclio in Production.
NOTE: Replace the
--docker-server <URL>
with--docker-server <registry-name>.azurecr.io
Use your username password registry credentials
Use the command kubectl --namespace nuclio get pods
to verify both the controller and dashboard are running.
Forward the Nuclio dashboard port: the Nuclio dashboard publishes a service at port 8070. To use the dashboard, you first need to forward this port to your local IP address:
kubectl port-forward -n nuclio $(kubectl get pods -n nuclio -l nuclio.io/app=dashboard -o jsonpath='{.items[0].metadata.name}') 8070:8070
See the following resources to make the best of your new Nuclio environment: