So, what is a Kubernetes Operator? it is software extensions to Kubernetes to provide it with the ability to provision resources or changes outside of the cluster. Think about the ability to provision resources in a cloud provider but as Kubernetes resources instead of using other means to build resources.

Consider that Kubernetes can be the universal platform that can handle provisioning across the different services.

Here you can also see a list of different operators that are available for Kubernetes –> OperatorHub.io | The registry for Kubernetes Operators

There are also more available, but currently in development and one of those that I will explore today is the Kubernetes Operator for Azure which is currently in the beta stage –> azure-service-operator/README.md at main · Azure/azure-service-operator (github.com)

In the current stage, the Operator supports a handful of Azure resources which can be viewed here –> Resources | Azure Service Operator

So how to deploy the Kubernetes Operator for Azure?

1: Install Cert-Manager

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml

2: Create an Azure Service Principal that has access to provision resources within a given scope, such as an Subscription

The simplest way is to use Azure CLI

az ad sp create-for-rbac -n "azure-service-operator" --role contributor \
    --scopes /subscriptions/subscriptionid

Then define the different values as variables

AZURE_TENANT_ID=<your-tenant-id-goes-here>
AZURE_SUBSCRIPTION_ID=<your-subscription-id-goes-here>
AZURE_CLIENT_ID=<your-client-id> 
AZURE_CLIENT_SECRET=<your-client-secret>

3: Install the lastest Operator from GitHub (You can find the lastest release here –> Releases · Azure/azure-service-operator (github.com)

kubectl apply --server-side=true -f azureserviceoperator_v2.0.0-alpha.5.yaml

NOTE: That the operator will be deployed within a separate namespace called azureserviceoperator-system where it will run a separate pod.

4: Create a Secret for the Service Operator from the values defined as variables

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: aso-controller-settings
  namespace: azureserviceoperator-system
stringData:
  AZURE_SUBSCRIPTION_ID: "$AZURE_SUBSCRIPTION_ID"
  AZURE_TENANT_ID: "$AZURE_TENANT_ID"
  AZURE_CLIENT_ID: "$AZURE_CLIENT_ID"
  AZURE_CLIENT_SECRET: "$AZURE_CLIENT_SECRET"
EOF

NOTE: The service operator supports either service principal or managed identity. That requires either that you have a resource within Azure such as managed Kubernetes platform there or running Azure/aad-pod-identity: Assign Azure Active Directory Identities to Kubernetes applications. (github.com)

5: Now we are ready to deploy some resources

Define this as a YAML file that will deploy a Log Analytics Workspace

apiVersion: operationalinsights.azure.com/v1alpha1api20210601
kind: Workspace
metadata:
 name: sampleworkspace
 namespace: default
spec:
 location: westcentralus
 owner:
 name: aso-sample-rg
 sku:
 name: Standalone

Then Apply. Using kubectl apply -f (nameoffile)

 

There are a lot of different examples defined in this Github repository here –> azure-service-operator/v2/config/samples at main · Azure/azure-service-operator (github.com)

Now the samples only provide certain attributes, but there are a lot more supported, but you just have to dig into the go code underneath to see what kind of attributes are supported. For instance, here for Log Analytics Workspace –>

azure-service-operator/workspace__status_arm_types_gen.go at main · Azure/azure-service-operator (github.com)

That was a quick introduction to the Kubernetes Operator for Azure, I hope for a lot of supported features here in the upcoming releases, but I see that there has been a lot of development lately so looking forward to this release in the future.

 


0 Comments

Leave a Reply

Your email address will not be published.