Page tree

Michael O'Brien

Skip to end of metadata
Go to start of metadata


Azure Developer Guide

Azure Arc GA

Install Azure CLI on OSX

$ brew install azure-cli
==> Installing dependencies for azure-cli: openssl@1.1, gdbm, readline, sqlite, xz and python@3.8
==> Installing azure-cli dependency: openssl@1.1
  /usr/local/Cellar/python@3.8/3.8.1: 4,094 files, 62.8MB
==> Installing azure-cli
==> Downloading

# upgrade
brew upgrade azure-cli

Create Azure Jumpbox on Ubuntu



Login to Azure CLI

$ az login
You have logged in. Now let us find all the subscriptions to which you have access...
    "cloudName": "AzureCloud",
    "homeTenantId": "bcb.4f",
    "id": "f4b7..70e8b",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Pay-As-You-Go",
    "state": "Enabled",
    "tenantId": "bcb..f4f",
    "user": {
      "name": "",
      "type": "user"

Kubernetes on Azure

see Kubernetes Developer Guide#SwitchingcontextfromAzureAKSbacktolocalDockerDesktopKubernetes

Kubernetes on Azure AKS - Managed

biometric:azure michaelobrien$ az aks install-cli
Downloading client to "/usr/local/bin/kubectl" from ""

# will not conflict with a local docker desktop kubernetes install
biometric:azure michaelobrien$ az aks get-credentials --resource-group obl_dev_aks --name obl-dev
Merged "obl-dev" as current context in /Users/michaelobrien/.kube/config

# add clusterrolebinding to avoid RBAC errors on the dashboard
biometric:azure michaelobrien$ kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard created

# check the cluster for the pod
kube-system   kube-proxy-h89tp                        1/1     Running   0          172m

# view the kubernetes dashboard
biometric:azure michaelobrien$ az aks browse --resource-group obl_dev_aks --name obl-dev
Merged "obl-dev" as current context in /var/folders/vv/d6dvwfmx0cgd19qs2yw51p1m0000gn/T/tmphexar_yl
Proxy running on
Press CTRL+C to close the tunnel...

AKS Costing Model

It looks like Microsoft Azure is not charging for the control plane - just the underlying VMs - I ran both an unmanaged RKE K8S cluster on a Standard_D2s_v3 and an AKS Standard_DS2_v2 for a day and the costs were about the same for both VMs at .81 and .53 for 8h.

Kubernetes on Azure VM - Direct Unmanaged via RKE

Provision one or more VMs via ARM

Create Resource Group

git clone
cd azure
biometric:azure michaelobrien$ az group create --name obl_dev_kubernetes_eastus --location eastus

Run ARM template

biometric:azure michaelobrien$ az group deployment create --resource-group obl_dev_kubernetes_eastus --template-file arm_deploy_obl_dev_kubernetes.json --parameters @arm_deploy_obl_dev_kubernetes_parameters.json 

Wait for Rancher/Kubernetes install

The script will be run as a cloud-init script on the VM

# on your laptop
biometric:opt michaelobrien$ scp ~/.ssh/onap_rsa ubuntu@
# on the host
biometric:opt michaelobrien$ ssh ubuntu@
chmod 400 onap_rsa 
sudo mkdir ~/.ssh
cp onap_rsa ~/.ssh
sudo chown ubuntu:ubuntu ~/.ssh/onap_rsa 
git clone --recurse-submodules
cd magellan/kubernetes/
sudo ./ -b master -s -e obl -k onap_rsa -l ubuntu

ubuntu@obl-dev-kubernetes:~$ kubectl get pods --all-namespaces
NAMESPACE       NAME                                      READY   STATUS      RESTARTS   AGE
ingress-nginx   default-http-backend-5954bd5d8c-28lhq     1/1     Running     0          13m
ingress-nginx   nginx-ingress-controller-t9h5g            1/1     Running     0          13m
kube-system     canal-6zgp7                               2/2     Running     0          14m
kube-system     coredns-autoscaler-5d5d49b8ff-9lgkd       1/1     Running     0          13m
kube-system     coredns-bdffbc666-dvqff                   1/1     Running     0          14m
kube-system     metrics-server-7f6bd4c888-gtgl6           1/1     Running     0          13m
kube-system     rke-coredns-addon-deploy-job-9jwsq        0/1     Completed   0          14m
kube-system     rke-ingress-controller-deploy-job-pzs6h   0/1     Completed   0          13m
kube-system     rke-metrics-addon-deploy-job-hng52        0/1     Completed   0          13m
kube-system     rke-network-plugin-deploy-job-nnh4j       0/1     Completed   0          14m
kube-system     tiller-deploy-7f4d76c4b6-j6rgm            1/1     Running     0          11m
ubuntu@obl-dev-kubernetes:~$ helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}



Azure SA Expert :



AKS CLI behind a VPN

to fix the timeout

PS F:\> az aks install-cli
The command failed with an unexpected error. Here is the traceback:

<urlopen error [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond>
Traceback (most recent call last):
  File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\urllib\", line 1318, in do_open


  • No labels

1 Comment

  1. AKS accounts secured with Azure AD Managed Identity MI
    AKS authentication via AAD as the IDM provider (app level) - OAuth 2.0
    token: access + refresh

    mobile clean OAuth 2.0 auth code flow

    app: single tenant AAD v2A