Once your Kubernetes cluster has been created you will have a resource group containing:
- One master accessible by SSH on port 22 or kubectl on port 443
- A set of nodes in an availability set. The nodes can be accessed through a master. See agent forwarding for an example of how to do this.
The following image shows the architecture of a container service cluster with 1 master, and 2 agents:
In the image above, you can see the following parts:
- Master Components - The master runs the Kubernetes scheduler, api server, and controller manager. Port 443 is exposed for remote management with the kubectl cli.
- Nodes - the Kubernetes nodes run in an availability set. Azure load balancers are dynamically added to the cluster depending on exposed services.
- Common Components - All VMs run a kubelet, Docker, and a Proxy.
- Networking - All VMs are assigned an ip address in the 10.240.0.0/16 network. Each VM is assigned a /24 subnet for their pod CIDR enabling IP per pod. The proxy running on each VM implements the service network 10.0.0.0/16.
All VMs are in the same private VNET and are fully accessible to each other.
After completing this walkthrough you will know how to:
- Access Kubernetes cluster via SSH,
- Deploy a simple Docker application and expose to the world,
- The location of the Kube config file and how to access the Kubernetes cluster remotely,
- Use
kubectl exec
to run commands in a container, - And finally access the Kubernetes dashboard.
Follow these steps:
- After successfully deploying the template write down the master FQDNs (Fully Qualified Domain Name).
- If using Powershell or CLI, the output parameter is in the OutputsString section named 'masterFQDN'
- If using Portal, to get the output you need to:
- SSH to the master FQDN obtained in step 1.
- Explore your nodes and running pods:
- To see a list of your nodes type
kubectl get nodes
. If you want full detail of the nodes, add-o yaml
to becomekubectl get nodes -o yaml
. - To see a list of running pods type
kubectl get pods --all-namespaces
.
- To see a list of your nodes type
- Start your first Docker image by typing
kubectl run nginx --image nginx
. This will start the nginx Docker container in a pod on one of the nodes. - Type
kubectl get pods -o yaml
to see the full details of the nginx deployment. You can see the host IP and the podIP. The pod IP is assigned from the pod CIDR on the host. Run curl to the pod ip to see the nginx output, eg.curl 10.244.1.4
- The next step is to expose the nginx deployment as a Kubernetes service on the private service network 10.0.0.0/16:
- The final step is to expose the service to the world. This is done by changing the service type from
ClusterIP
toLoadBalancer
:- Edit the service:
kubectl edit svc/nginx
- Change
type
fromClusterIP
toLoadBalancer
and save it. This will now cause Kubernetes to create an Azure Load Balancer with a public IP. - The change will take about 2-3 minutes. To watch the service change from "pending" to an external ip, type
watch 'kubectl get svc'
- Once you see the external IP, you can browse to it in your browser:
- Edit the service:
- The next step in this walkthrough is to show you how to remotely manage your Kubernetes cluster. First download Kubectl to your machine and put it in your path:
- The Kubernetes master contains the kube config file for remote access under the home directory ~/.kube/config. Download this file to your machine, set the KUBECONFIG environment variable, and run kubectl to verify you can connect to cluster:
- Windows to use pscp from putty. Ensure you have your certificate exposed through pageant:
# MASTERFQDN is obtained in step1 pscp -P 22 azureuser@MASTERFQDN:.kube/config . SET KUBECONFIG=%CD%\config kubectl get nodes
- OS X or Linux:
# MASTERFQDN is obtained in step1 scp azureuser@MASTERFQDN:.kube/config . export KUBECONFIG=`pwd`/config kubectl get nodes
- Windows to use pscp from putty. Ensure you have your certificate exposed through pageant:
- The next step is to show you how to remotely run commands in a remote Docker container:
- The final step of this tutorial is to show you the dashboard: