Microsoft has announced another capability to its hybrid and multi-cloud service Azure Arc called “Azure Arc enabled Kubernetes” during its yearly conference event Microsoft Build 2020. With this capability in Azure Arc, now we can connect any Kubernetes cluster (Azure AKS or any external Kubernetes service like AWS EKS, Rancher Kubernetes, Google Kubernetes) to Azure Arc and configure the cluster and deploy the application and control it like any other native Azure resource.
This feature is in preview at the moment and with this capability adding more power to Azure Arc in hybrid and multi-cloud space as it provides unified single-pane-of-glass experience from manageability perspective and we can use native Azure capabilities like Azure Policy, Azure Monitor, and Azure Resource Graph across any Kubernetes clusters connected to Azure Arc. We can also use GitOps workflows on connected Kubernetes clusters to configure the cluster and deploy applications.
I was recently exploring this new feature in Azure and thought to share this here, So I will walk you through how to connect your AWS EKS (Elastic Kubernetes Cluster) to Azure Arc.
Below are requirements that you need to keep in mind before you plan to connect external Kubernetes cluster with Azure Arc.
1. You should be able to access your Kubernetes cluster using KUBECONFIG file and should have rights on the cluster to deploy Azure Arc agent for Kubernetes.
2. Azure Arc agent is deployed to your Kubernetes cluster that will be using following ports and public endpoints to talk to Azure, we need to make sure that network policies are not blocking these.
TCP on port 443 –> https
TCP on port 9418 –> git
https://management.azure.com —Required for the agent to connect to Azure and register the cluster.
https://eastus.dp.kubernetesconfiguration.azure.com –Data plane endpoint for the agent to push status and fetch configuration information.
https://westeurope.dp.kubernetesconfiguration.azure.com— Data plane endpoint for the agent to push status and fetch configuration information.
https://docker.io –Required to pull container images.
https://github.com, git://github.com –Example GitOps repos are hosted on GitHub. Configuration agent requires connectivity to whichever git endpoint you specify.
https://login.microsoftonline.com –Required to fetch and update Azure Resource Manager tokens.
https://azurearcfork8s.azurecr.io –Required to pull container images for Azure Arc agents.
3. Azure Arc enabled Kubernetes feature is available in “East US” and “West Europe” region only at the moment.
4. Azure CLI version 2.3+ is required for installing the Azure Arc enabled Kubernetes CLI extensions.
5. Kubernetes command-line tool (kubectl) on your machine.
Connect AWS Elastic Kubernetes Services (EKS) Cluster to Azure Arc:
1. Now I will go ahead and start on-boarding my AWS EKS cluster to Azure Arc, I have following EKS cluster “AWS-EKS-CL01” running in my AWS account. This cluster is running Kubernetes version 1.16.
2. I ran below AWS EKS CLI command to create KUBECONFIG file on my local machine, this CLI command generates KUBECONFIG file automatically.
This KUBECONFIG file contains your Kubernetes cluster information like Cluster, User, Server and Certificate information that is required to access Kubernetes Cluster. If you open “config” file (which is actually KUBECONFIG) available under $HOME/.kube directory, you will the details like this.
3. I had kubectl already installed on my local machine, so I just ran below command to test configuration. By default, kubectl looks for a file named config in the $HOME/.kube directory.
Until this step we have ensured that we can connect to our EKS cluster in AWS, further I will go ahead and run Azure CLI commands to onboard my cluster to Azure.
4. I already had latest Azure CLI installed on my local Windows 10 machine, so I went ahead and installed Helm 3.2.2 version.
5. Now I will add Azure Arc enabled Kubernetes CLI extensions using below Az CLI command, there are two extensions that we need to install as below.
6. I’m logging to my Azure subscription now to proceed further to connect my Kubernetes cluster to Azure Arc.
7. I have two Azure subscription so I’m selecting one where I will be onboarding my Kubernetes cluster, if you have just one subscription then you can simply skip this step.
8. Now in this step, I will be registering couple of providers related to Kubernetes in my Azure subscription. Registration is an asynchronous process. Registration may take approximately 10 minutes.
9. Create a Resource Group which will store metadata of my connected Kubernetes cluster.
10. Once the above Resource Group is created successfully, we can use “az connectedk8s connect” CLI command to connect EKS cluster with Azure Arc. This CLI command deploys Azure Arc Agents for Kubernetes using Helm 3, into the azure-arc namespace and connects Kubernetes cluster to Azure Arc.
The connectedk8s connect command takes few minutes to complete because it will deploy some artifacts to the Kubernetes cluster running in AWS. Once the command completes it will return below output.
11. We can run “connectedk8s list” and “kubectl” command to see the details of connected cluster.
At some point if you would like to delete connected Kubernetes cluster from Azure, you can simply run “az connectedk8s delete” to remove the connected K8s cluster.
So until here we have successfully connected our external Kubernetes cluster (AWS EKS) to Azure Arc, I will cover further details about what all we can perform on this external connected Kubernetes cluster from Azure Arc in my next blog post.
Please let me know via comment if you have feedback regarding this or if I have missed something to cover in this topic.