So, what is a Kubernetes Operator? it is software extensions to Kubernetes to provide it with the ability to provision resources or changes outside of the cluster. Think about the ability to provision resources in a cloud provider but as Kubernetes resources instead of using other means to build resources.
Consider that Kubernetes can be the universal platform that can handle provisioning across the different services.
Here you can also see a list of different operators that are available for Kubernetes –> OperatorHub.io | The registry for Kubernetes Operators
There are also more available, but currently in development and one of those that I will explore today is the Kubernetes Operator for Azure which is currently in the beta stage –> azure-service-operator/README.md at main · Azure/azure-service-operator (github.com)
In the current stage, the Operator supports a handful of Azure resources which can be viewed here –> Resources | Azure Service Operator
So how to deploy the Kubernetes Operator for Azure?
1: Install Cert-Manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
2: Create an Azure Service Principal that has access to provision resources within a given scope, such as an Subscription
The simplest way is to use Azure CLI
az ad sp create-for-rbac -n "azure-service-operator" --role contributor \ --scopes /subscriptions/subscriptionid
Then define the different values as variables
AZURE_TENANT_ID=<your-tenant-id-goes-here> AZURE_SUBSCRIPTION_ID=<your-subscription-id-goes-here> AZURE_CLIENT_ID=<your-client-id> AZURE_CLIENT_SECRET=<your-client-secret>
3: Install the lastest Operator from GitHub (You can find the lastest release here –> Releases · Azure/azure-service-operator (github.com)
kubectl apply --server-side=true -f azureserviceoperator_v2.0.0-alpha.5.yaml
NOTE: That the operator will be deployed within a separate namespace called azureserviceoperator-system where it will run a separate pod.
4: Create a Secret for the Service Operator from the values defined as variables
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Secret metadata: name: aso-controller-settings namespace: azureserviceoperator-system stringData: AZURE_SUBSCRIPTION_ID: "$AZURE_SUBSCRIPTION_ID" AZURE_TENANT_ID: "$AZURE_TENANT_ID" AZURE_CLIENT_ID: "$AZURE_CLIENT_ID" AZURE_CLIENT_SECRET: "$AZURE_CLIENT_SECRET" EOF
NOTE: The service operator supports either service principal or managed identity. That requires either that you have a resource within Azure such as managed Kubernetes platform there or running Azure/aad-pod-identity: Assign Azure Active Directory Identities to Kubernetes applications. (github.com)
5: Now we are ready to deploy some resources
Define this as a YAML file that will deploy a Log Analytics Workspace
apiVersion: operationalinsights.azure.com/v1alpha1api20210601 kind: Workspace metadata: name: sampleworkspace namespace: default spec: location: westcentralus owner: name: aso-sample-rg sku: name: Standalone
Then Apply. Using kubectl apply -f (nameoffile)
There are a lot of different examples defined in this Github repository here –> azure-service-operator/v2/config/samples at main · Azure/azure-service-operator (github.com)
Now the samples only provide certain attributes, but there are a lot more supported, but you just have to dig into the go code underneath to see what kind of attributes are supported. For instance, here for Log Analytics Workspace –>
azure-service-operator/workspace__status_arm_types_gen.go at main · Azure/azure-service-operator (github.com)
That was a quick introduction to the Kubernetes Operator for Azure, I hope for a lot of supported features here in the upcoming releases, but I see that there has been a lot of development lately so looking forward to this release in the future.