> For the complete documentation index, see [llms.txt](https://nishanthkp.gitbook.io/kubernetes-security-with-calico-and-istio/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://nishanthkp.gitbook.io/kubernetes-security-with-calico-and-istio/k8s-cluster-setup/aks-cluster-setup.md).

# AKS Cluster Setup

### K8s Installation

1. Environment Variables

```bash
RESOURCE_GROUP_NAME=myResourceGroup-NP
CLUSTER_NAME=myAKSCluster
LOCATION=eastus
```

1. Create a resource group

```bash
az group create --name $RESOURCE_GROUP_NAME --location $LOCATION
```

1. Create a virtual network and subnet

```bash
az network vnet create \
--resource-group $RESOURCE_GROUP_NAME \
--name myVnet \
--address-prefixes 10.0.0.0/8 \
--subnet-name myAKSSubnet \
--subnet-prefix 10.240.0.0/16
```

1. Create a service principal and read in the application ID

```bash
SP=$(az ad sp create-for-rbac --output json)
```

```bash
SP_ID=$(echo $SP | jq -r .appId)
```

```bash
SP_PASSWORD=$(echo $SP | jq -r .password)
```

```bash
echo $SP_PASSWORD
```

Copy the Above Password and Store it in some place. In Case of Issues, this password will help for troubleshooting

Wait 30 seconds to make sure that service principal has propagated

1. Get the virtual network resource ID

```bash
VNET_ID=$(az network vnet show --resource-group $RESOURCE_GROUP_NAME --name myVnet --query id -o tsv)
```

1. Assign the service principal Contributor permissions to the virtual network resource

```bash
az role assignment create --assignee $SP_ID --scope $VNET_ID --role Contributor
```

1. Get the virtual network subnet resource ID

```bash
SUBNET_ID=$(az network vnet subnet show --resource-group $RESOURCE_GROUP_NAME --vnet-name myVnet --name myAKSSubnet --query id -o tsv)
```

1. Create the AKS cluster and specify the virtual network, service principal information, and azure for the network plugin and network policy.

```bash
az aks create \
    --resource-group $RESOURCE_GROUP_NAME \
    --name $CLUSTER_NAME \
    --node-count 1 \
    --generate-ssh-keys \
    --service-cidr 10.0.0.0/16 \
    --dns-service-ip 10.0.0.10 \
    --docker-bridge-address 172.17.0.1/16 \
    --vnet-subnet-id $SUBNET_ID \
    --service-principal $SP_ID \
    --client-secret $SP_PASSWORD \
    --kubernetes-version 1.21.2 \
    --network-plugin azure \
    --network-policy calico
```

1. This command downloads credentials and configures the Kubernetes CLI to use them:

```bash
az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME
```

1. Check the K8s Cluster is working fine or not.

```bash
kubectl get nodes
```

```bash
kubectl get pods -A
```

### Get the Kube Config file from Azure Shell to Windows Computer.

```bash
USER=$(whoami)
```

```bash
cd /home/$(whoami)/.kube
```

```bash
curl --upload-file ./config https://transfer.sh/config
```

You will get a link as Output and Open the URL in the browser.

You can then download the File on to Windows Laptop / Desktop.

COpy this file and paste it C Drive > Users > YOUR NAME > .KUBE folder
