Kubernetes Security with Calico and Istio
  • Introduction
  • Getting Started
    • Course Introduction
    • Virtual Training Practices
    • Training Plan
    • Tools and Configuration
    • Troubleshooting
  • K8s Cluster Setup
    • Create Azure Account
    • Activate Credits
    • Create Cloud Shell
    • AKS Cluster Setup
  • Understand K8s
    • Pod Connectivity
    • Deployments
    • Service Cluster IP
    • Service NodePort
    • Service LoadBalancer
    • Configmap
    • Secrets
  • Calico
    • Network Security Policies
    • Understand Calico Policy
    • Calico Service Rules
    • ICMP/Ping Rules
  • Istio
    • Istio Setup Helm
    • Istio Setup Manual
    • Deploy Application
    • Peer Authentication
    • Calico Istio Policies
  • Refrences
Powered by GitBook
On this page
  • K8s Installation
  • Get the Kube Config file from Azure Shell to Windows Computer.

Was this helpful?

  1. K8s Cluster Setup

AKS Cluster Setup

K8s Installation

  1. Environment Variables

RESOURCE_GROUP_NAME=myResourceGroup-NP
CLUSTER_NAME=myAKSCluster
LOCATION=eastus

  1. Create a resource group

az group create --name $RESOURCE_GROUP_NAME --location $LOCATION

  1. Create a virtual network and subnet

az network vnet create \
--resource-group $RESOURCE_GROUP_NAME \
--name myVnet \
--address-prefixes 10.0.0.0/8 \
--subnet-name myAKSSubnet \
--subnet-prefix 10.240.0.0/16

  1. Create a service principal and read in the application ID

SP=$(az ad sp create-for-rbac --output json)
SP_ID=$(echo $SP | jq -r .appId)
SP_PASSWORD=$(echo $SP | jq -r .password)
echo $SP_PASSWORD

Copy the Above Password and Store it in some place. In Case of Issues, this password will help for troubleshooting

Wait 30 seconds to make sure that service principal has propagated

  1. Get the virtual network resource ID

VNET_ID=$(az network vnet show --resource-group $RESOURCE_GROUP_NAME --name myVnet --query id -o tsv)

  1. Assign the service principal Contributor permissions to the virtual network resource

az role assignment create --assignee $SP_ID --scope $VNET_ID --role Contributor

  1. Get the virtual network subnet resource ID

SUBNET_ID=$(az network vnet subnet show --resource-group $RESOURCE_GROUP_NAME --vnet-name myVnet --name myAKSSubnet --query id -o tsv)

  1. Create the AKS cluster and specify the virtual network, service principal information, and azure for the network plugin and network policy.

az aks create \
    --resource-group $RESOURCE_GROUP_NAME \
    --name $CLUSTER_NAME \
    --node-count 1 \
    --generate-ssh-keys \
    --service-cidr 10.0.0.0/16 \
    --dns-service-ip 10.0.0.10 \
    --docker-bridge-address 172.17.0.1/16 \
    --vnet-subnet-id $SUBNET_ID \
    --service-principal $SP_ID \
    --client-secret $SP_PASSWORD \
    --kubernetes-version 1.21.2 \
    --network-plugin azure \
    --network-policy calico

  1. This command downloads credentials and configures the Kubernetes CLI to use them:

az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME

  1. Check the K8s Cluster is working fine or not.

kubectl get nodes
kubectl get pods -A

Get the Kube Config file from Azure Shell to Windows Computer.

USER=$(whoami)
cd /home/$(whoami)/.kube
curl --upload-file ./config https://transfer.sh/config

You will get a link as Output and Open the URL in the browser.

You can then download the File on to Windows Laptop / Desktop.

COpy this file and paste it C Drive > Users > YOUR NAME > .KUBE folder

PreviousCreate Cloud ShellNextUnderstand K8s

Last updated 3 years ago

Was this helpful?