Microsoft Azure

Creating Azure API Credentials for Kublr

Before You Get Started

To use Kublr, you’ll need a Microsoft Azure subscription account, as well as validated Kublr credentials.

Required Permissions

To register your application, you must have sufficient permissions with your Azure AD tenant and assign the application to a role in your Azure subscription. To ensure you have the right permissions, please perform the following steps.

Check Azure Active Directory Permissions

  1. Log in to your Azure Account through the Azure portal.
  2. Select Azure Active Directory. Select Azure Active Directory
  3. In Azure Active Directory, select User settings. User settings
  4. Check the App registrations setting. If set to Yes, non-admin users can register AD apps. This setting means any user in the Azure AD tenant can register an app. You can proceed to Check Azure subscription permissions. Application registrations
  5. If the app registrations setting is set to No, only admin users can register apps. Check whether your account is an admin for the Azure AD tenant. Select Overview and Find a user from Quick tasks. Find a user
  6. Search for your account, and select it when you find it. Search results
  7. For your account, select Directory role. Directory role
  8. View your assigned directory role in Azure AD. If your account is assigned to the User role, but the app registration setting (from the preceding steps) is limited to admin users, ask your administrator to either assign you to an administrator role, or to enable users to register apps. View user's role

Check Azure Subscription Permissions

In your Azure subscription, your account must have Microsoft.Authorization/Write permission to assign an AD app to a role. This action is granted through the Owner role or User Access Administrator role. If your account is assigned to the Contributor role, you do not have required permission and will receive an error when attempting to assign the service principal to a role.

To check your subscription permissions:

  1. If you are not already looking at your Azure AD account from the preceding steps, select Azure Active Directory from the left pane.
  2. Find your Azure AD account. Select Overview and Find a user from Quick tasks. Find a user
  3. Search for your account, and select it when you find it. Search results
  4. Select Azure resources. Select Azure resources
  5. View your assigned roles, and determine if you have adequate permissions to assign an AD app to a role. If not, ask your subscription administrator to add you to User Access Administrator role. In the following image, the user is assigned to the Owner role for two subscriptions, which means that that user has the required permission level. Viewing assigned roles

Getting Subscription ID

  1. Log in to your Azure Account through the Azure portal.
  2. Open Subscriptions Subscriptions
  3. Copy SUBSCRIPTION ID. This value is your Subscription ID.

Creating an Azure Active Directory Application

  1. Log in to your Azure Account through the Azure portal.
  2. Select Azure Active Directory. Select Azure Active Directory
  3. Select App registrations. Select app registrations
  4. Select New application registration. New application registration
  5. Provide a name and URL for the application. Select Web app / API for the type of application you want to create. You cannot create credentials for a Native application; therefore, that type does not work for an automated application. After setting the values, select Create. Create new application

You have created your application.

Getting Application ID and Authentication Key

When programmatically logging in, you need the ID for your application and an authentication key. To get those values, use the following steps:

  1. From App registrations in Azure Active Directory, select your application. Select application
  2. Copy the Application ID and store it. You will use this value as the Client ID later. Application ID
  3. To generate an authentication key, select Keys. Authentication Keys
  4. Provide a description of the key, and a duration for the key. When done, select Save. Saving a Key
  5. After saving the key, the value of the key is displayed. Copy this value because you are not able to retrieve the key later. Use this value later as Client Secret. Client Secret

Getting Tenant ID

When programmatically logging in, you need to pass the tenant ID with your authentication request.

  1. Select Azure Active Directory. Azure Active Directory
  2. To get the tenant ID, select Properties for your Azure AD tenant. Azure ID Properties
  3. Copy the Directory ID. This value is your Tenant ID. Copy the Directory ID

Assigning Application to Role

To access resources in your subscription, you must assign the application to a role. Decide which role represents the right permissions for the application. To learn about the available roles, see RBAC: Built in Roles.

You can set the scope at the level of the subscription, resource group, or resource. Permissions are inherited to lower levels of scope. For example, adding an application to the Reader role for a resource group means it can read the resource group and any resources it contains. Kublr requires Contributor Role so that it can provision virtual machines and prepare your infrastructure to run Kublr

  1. Navigate to the level of scope you wish to assign the application to. For example, to assign a role at the subscription scope, select Subscriptions. You could instead select a resource group or resource. Subscriptions
  2. Select the particular subscription (resource group or resource) to assign the application to. Select Subscription
  3. Select Access Control (IAM). Select Access Control
  4. Click on Add button Click on Add button
  5. Select the role you wish to assign to the application. The following image shows the Contributor role. Select a role
  6. Search for your application, and select it. Select an application
  7. Select Save to finish assigning the role. You will see your application in the list of users assigned to a role for that scope.

Connect Microsoft Azure and Kublr

  1. Log into Kublr using your credentials.
  2. Click on the Credentials menu in the left navigation menu bar Credentials
  3. Click Add Credentials Add Credentials
  4. Under credential type, select Azure Credentials.
  5. Enter Credentials Name (e.g. Test).
  6. Enter Tenant ID, Subscription ID, Client ID and Client Secret from the steps above.
  7. Click Save Credentials.
  8. “Credentials have been successfully created” popup appears.
  9. Click to verify if credentials are valid and ready to be used

Create a Cluster

Create a Kubernetes Cluster in Kublr

  1. Click on Cluster Menu in the left navigation menu bar Cluster Menu
  2. Click on Add New Cluster Add New Cluster
  3. Enter cluster name Cluster Name
  4. Select Provider: Microsoft Azure Azure Provider
  5. Select Region Select Region
  6. Select credentials created and/or saved in point 2.
  7. Select operating system to be used for Kublr cluster instances Select OS
  8. Select number of master nodes and instance type Select Instance Type
  9. Select number of worker nodes and instance type Select Word Nodes
  10. Click Confirm and Install. Congratulations box appears “Your cluster is being created. It might take a few minutes.”.

kubectl

Install and Configure kubectl

For more details, please refer to the official Kubernetes documentation

For Mac users:

curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl

For Windows users:

  1. Download https://storage.googleapis.com/kubernetes-release/release/v1.7.0/bin/windows/amd64/kubectl.exe
  2. Include the path with the kubectl executable to PATH environment variable. More details: https://msdn.microsoft.com/en-us/library/office/ee537574(v=office.14).aspx

Copy Kublr config File

To retrieve config from Kublr:

  1. Click on cluster in the cluster list to access the cluster details page
  2. On the overview tab, download the config file Config File

For Mac users:

mkdir ~/.kube
cp ~/Downloads/config.yaml ~/.kube/config

For Windows users:

cd %HOME%
mkdir .kube
copy %HOME%\Downloads\config.yaml .kube\

Check that kubectl is working and using right config file:

kubectl config view
kubectl cluster-info

Helm

Install and Use Helm to Deploy WordPress to Your Cluster

Install helm Click here for detailed guidelines.

For Mac users:

curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
chmod +x get_helm.sh
./get_helm.sh --version v2.5.0

For Windows users:

  1. Download helm version 2.5.1 from here: https://github.com/kubernetes/helm/releases:
  2. Extract helm-v2.5.1-windows-amd64.zip to the directory where kubectl is saved

Init and test Helm installation:

helm init

Install WordPress

NOTE: It may take a few minutes for the LoadBalancer IP to become available.

For Mac users:

helm install stable/wordpress --name wordpress
export SERVICE_IP=$(kubectl get svc --namespace default wordpress-wordpress -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/admin
echo Username: user
echo Password: $(kubectl get secret --namespace default wordpress-wordpress -o jsonpath='{.data.wordpress-password}' | base64 --decode)

Open the browser and navigate to the URL from console output.

For Windows users:

  1. Run the following commands to get hostname and password: kubectl get svc --namespace default wordpress-wordpress -o jsonpath='{.status.loadBalancer.ingress[0].ip}' kubectl get secret --namespace default wordpress-wordpress -o jsonpath='{.data.wordpress-password}
  2. Open browser to http://%hostname%/admin, where %hostname% is the hostname you got from the kubectl
  3. Decode admin password with https://www.base64decode.org/

Congrats! You just deployed your first app in a Kubernetes cluster with Kublr.


Questions? Suggestions? Need help? Contact us.