Containerizing a .Net core application using Docker, ACS and kubernetes — Part 3
In my previous post we have seen how to create a docker image of our application and push the image to docker hub.
In this post we will first create a kubernetes cluster using Azure Container service and then we will connect to the cluster using a client.
Let’s begin with a brief introduction of Azure container service.
Azure Container Service provides rapid deployment of popular open-source container clustering and orchestration solutions.
Azure Container Service makes it simpler for you to create, configure, and manage a cluster of virtual machines that are preconfigured to run containerized applications. It uses an optimized configuration of popular open-source scheduling and orchestration tools. This enables you to use your existing skills, or draw upon a large and growing body of community expertise, to deploy and manage container-based applications on Microsoft Azure.
Prerequisites for this hands-on:
Azure subscription: If you don’t have one, sign up for a free trial.
SSH RSA public key: When deploying through the portal or one of the Azure quickstart templates, you need to provide the public key for authentication against Azure Container Service virtual machines. To create Secure Shell (SSH) RSA keys, see the OS X and Linux or Windows guidance.
Service principal client ID and secret (Kubernetes only): For more information and guidance to create an Azure Active Directory service principal, see About the service principal for a Kubernetes cluster.
Step 1: Create SSH-RSA keys necessary for creating the cluster
As mentioned in the prerequisites azure requires at least 2048-bit, ssh-rsa formatted public and private keys. So lets create them using the following steps.
Install Git for windows
you can download it from https://git-for-windows.github.io/.
Next run Git bash from Start menu with elevated privileges and create key file using openssl.exe
mkdir keyscd keysopenssl.exe req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout myPrivateKey.key -out myCert.pem
The output looks similar to the following example:
Generating a 2048 bit RSA private key
.......................................+++
.......................+++
writing new private key to 'myPrivateKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:Answer the prompt and you are done.
Now we need to create the Public key using the following command.
openssl.exe rsa -pubout -in myPrivateKey.key -out myPublicKey.keyThe default directory when we start git bash is C:\Users\%username%\, in the demo I have generated the keys in C:\Users\%username%\keys. Can be different in your case if you start the bash from separate directory.
In order to use PuTTY SSL client for windows so we need another kind of key extracted from the private key that we have just created above.
openssl rsa -in ./myPrivateKey.key -out myPrivateKey_rsaPlease save these two keys myPrivateKey.key and myPrivateKey_rsa carefully for creating the cluster and later connecting to it.
For more information on how to create private key for PuTTY please check here.
Step 2: Create kubernetes cluster from Azure portal
Please refer to the official Microsoft documentation to setup a kubernetes cluster using Azure container service.
Make sure you select Orchestrator: Kubernetes in the first step because in this demo we will be using kubernetes cluster.For this demo I have used linux machines as my agent and my master node. Windows machine for agent is currently available in preview in azure. You can choose master and agent of any allowed size. In this demo I have used master node of size Standard A2 and agent of size Standard A0. In the SSH Public key option make sure you use the public key myPublicKey.key that we created in the previous step.
Once you have successfully setup a cluster you will be able to see all the resources you have created in the portal inside the Resource Group that you have selected/created.
Let us look at some of the resource that are created inside the resource group that you specified:
**Note: You can also setup the cluster from the command line using Azure CLI 2.0. For more information about creating cluster using Azure CLI 2.0 see here.
Step 3: Connect to the cluster using kubectl client:
Now that we have successfully setup a kubernetes cluster we will connect to the cluster using kubectl client from our local machine. In our case we will be using a windows machine to connect to the cluster.
Step 3.1:
First we need to install Python 3.5 x in our machine. You can download from here.
Verify your installation by doing python --version in the command prompt.
Install Azure CLI 2.0 using pip.
pip install --user azure-cliAdd the Path that contains the file az.bat to the PATH environment variable.
%USERPROFILE%\AppData\Roaming\Python\Python<version-installed>\Scriptse.g. if you have python 3.6 installed the Path would be %USERPROFILE%\AppData\Roaming\Python\Python36\Scripts
Step 3.2:
Now we are ready to download the kubectl client for windows using the azure CLI:
# Windowsaz acs kubernetes install-cli [ — install-location=C:\some\directory\kubectl.exe]Please put in the directory where you want to download the kubectl.exe file.# Linux or OS Xaz acs kubernetes install-cli [ — install-location=/some/directory/kubectl]**Note: Add the path containing kubectl.exe in the PATH environment of your machine.
Alternatively, you can download the latest client directly from the kubernetes releases page. For more information, see Installing and Setting up kubectl.
Step 3.3:
Now we will need to download the cluster credential in our local machine to be able to connect to the cluster.
There are couple of ways to do that.
az loginLogin using your azure portal credentials.
az acs kubernetes get-credentials — resource-group=<cluster-resource-group> — name=<cluster-name> --ssh-key-file=<file-path> e.g. az acs kubernetes get-credentials — resource-group=<cluster-resource-group>— name=<cluster-name>— ssh-key-file=C:\Users\%username%\keys\myPrivateKey_rsa
The config file will get downloaded in your local machine at %USERPROFILE%/.kube/config
Alternatively you can ssh into the master node and secure copy the cluster credential from $HOME/.kube/config (this is where the cluster credential is located in the master node).
Step 4: Check the installation
kubectl get nodes
As we can see it shows me two nodes 1 master and 1 agent in my cluster.
So now we have a very basic kubernetes cluster running in azure container service.
In the next part we will run the .Net core application that we have containerized earlier inside the cluster and also expose the application so that it can be accessed from outside the cluster.
