# AKS Cluster Setup ### K8s Installation 1. Environment Variables ```bash RESOURCE_GROUP_NAME=myResourceGroup-NP CLUSTER_NAME=myAKSCluster LOCATION=eastus ``` 1. Create a resource group ```bash az group create --name $RESOURCE_GROUP_NAME --location $LOCATION ``` 1. Create a virtual network and subnet ```bash az network vnet create \ --resource-group $RESOURCE_GROUP_NAME \ --name myVnet \ --address-prefixes 10.0.0.0/8 \ --subnet-name myAKSSubnet \ --subnet-prefix 10.240.0.0/16 ``` 1. Create a service principal and read in the application ID ```bash SP=$(az ad sp create-for-rbac --output json) ``` ```bash SP_ID=$(echo $SP | jq -r .appId) ``` ```bash SP_PASSWORD=$(echo $SP | jq -r .password) ``` ```bash echo $SP_PASSWORD ``` Copy the Above Password and Store it in some place. In Case of Issues, this password will help for troubleshooting Wait 30 seconds to make sure that service principal has propagated 1. Get the virtual network resource ID ```bash VNET_ID=$(az network vnet show --resource-group $RESOURCE_GROUP_NAME --name myVnet --query id -o tsv) ``` 1. Assign the service principal Contributor permissions to the virtual network resource ```bash az role assignment create --assignee $SP_ID --scope $VNET_ID --role Contributor ``` 1. Get the virtual network subnet resource ID ```bash SUBNET_ID=$(az network vnet subnet show --resource-group $RESOURCE_GROUP_NAME --vnet-name myVnet --name myAKSSubnet --query id -o tsv) ``` 1. Create the AKS cluster and specify the virtual network, service principal information, and azure for the network plugin and network policy. ```bash az aks create \ --resource-group $RESOURCE_GROUP_NAME \ --name $CLUSTER_NAME \ --node-count 1 \ --generate-ssh-keys \ --service-cidr 10.0.0.0/16 \ --dns-service-ip 10.0.0.10 \ --docker-bridge-address 172.17.0.1/16 \ --vnet-subnet-id $SUBNET_ID \ --service-principal $SP_ID \ --client-secret $SP_PASSWORD \ --kubernetes-version 1.21.2 \ --network-plugin azure \ --network-policy calico ``` 1. This command downloads credentials and configures the Kubernetes CLI to use them: ```bash az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME ``` 1. Check the K8s Cluster is working fine or not. ```bash kubectl get nodes ``` ```bash kubectl get pods -A ``` ### Get the Kube Config file from Azure Shell to Windows Computer. ```bash USER=$(whoami) ``` ```bash cd /home/$(whoami)/.kube ``` ```bash curl --upload-file ./config https://transfer.sh/config ``` You will get a link as Output and Open the URL in the browser. You can then download the File on to Windows Laptop / Desktop. COpy this file and paste it C Drive > Users > YOUR NAME > .KUBE folder --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nishanthkp.gitbook.io/kubernetes-security-with-calico-and-istio/k8s-cluster-setup/aks-cluster-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.