Azure Arc allows you to connect your Kubernetes cluster to Azure. Connecting a cluster to Azure has many benefits including, Deploying applications, Monitoring, Threat detection and cluster Management.
Table of Contents
Prerequisites
- A Windows PC with WSL2 installed
- An Azure account
Install K3s on Windows WSL2
One of the simplest ways to get Linux up and running on your Windows PC is via the Microsoft Store.
- Install Ubuntu 22.04 from the Microsoft Store
- Launch the app to open a command prompt:
- Enable legacy iptables, Kubernetes doesn't support nftables:
$ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
$ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy- Download K3s:
$ curl -sfL https://get.k3s.io | sh -Warning
This will give an error at the end of installation related to systemd. You can ignore this as you can manually start k3s.
- Run the config check to make sure everything is good:
$ k3s check-config
STATUS: pass- Start the k3s server:
$ sudo k3s server- Open a new console and check to make everything is installed and running normally:
$ sudo kubectl cluster-info
Kubernetes control plane is running at https://127.0.0.1:6443
CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/https:metrics-server:https/proxy
$ sudo kubectl get nodes
NAME STATUS ROLES AGE VERSION
home Ready control-plane,master 2d15h v1.26.4+k3s1
$ sudo kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system local-path-provisioner-76d776f6f9-cxknw 1/1 Running 0 28m
kube-system helm-install-traefik-crd-hglbh 0/1 Completed 0 28m
kube-system helm-install-traefik-kljff 0/1 Completed 1 28m
kube-system svclb-traefik-1bbd6dcd-vwjqc 2/2 Running 0 28m
kube-system coredns-59b4f5bbd5-d7njz 1/1 Running 0 28m
kube-system traefik-56b8c5fb5c-z92nc 1/1 Running 0 28m
kube-system metrics-server-7b67f64457-7kmvm 1/1 Running 0 28mK3s is now up and running, the deployment contains a single node in WSL2.
Configure Port Forwarding
By default, the Kubernetes API server listens on port 6443. To access the cluster from outside WSL2, setup port forwarding.
First get the IP address of the WSL installation by running the following command from the Ubuntu shell. The address returned below is the IP address of my installation, yours will be different.
- Get the WSL2 Linux IP address:
$ ip addr show dev eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1
172.19.230.75- From an administrator Powershell on the host Windows machine, execute the following commands, substituting the IP address you received above for the connectaddress:
> netsh interface portproxy set v4tov4 listenport=6443 listenaddress=0.0.0.0 connectport=6443 connectaddress=172.19.230.75
> netsh advfirewall firewall add rule name=6443 dir=in action=allow protocol=TCP localport=6443"- To display the newly created rule:
> netsh interface portproxy show v4tov4
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
0.0.0.0 6443 172.23.109.127 6443Install Azure CLI & Extensions
Within the WSL2 Linux container, we will install the Azure CLI and the required extensions that will be used to connect the cluster to Azure Arc.
- Install the Azure CLI:
$ curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash- Login to Azure by generating a device code and entering this at https://microsoft.com/devicelogin:
$ az login --use-device-code- Install the K8s extension:
$ az extension add --name connectedk8s- Register the Azure Kubernetes providers:
$ az provider register -n Microsoft.Kubernetes
$ az provider register -n Microsoft.KubernetesConfiguration- Monitor the registration to complete, this can take up to 10 minutes:
$ az provider show -n Microsoft.Kubernetes -o table
$ az provider show -n Microsoft.KubernetesConfiguration -o tableConnect the Cluster to Azure
This will install the Azure CLI and the required extensions into the WSL2 Linux container which will then be used to connect the cluster to Azure Arc.
- Copy the config file to the
.kubeuser directory:
$ mkdir ~/.kube
$ sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
$ sudo chown $USER ~/.kube/config- Create a resource group and connect the cluster to Azure. This takes around 5 minutes:
$ az group create --name arc --location westus
$ az connectedk8s connect --name WSL-K3S --resource-group Arc- View the Azure Arc agents and make sure they are all running:
$ sudo kubectl get deployments,pods -n azure-arc
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/flux-logs-agent 1/1 1 1 3m32s
deployment.apps/extension-events-collector 1/1 1 1 3m32s
deployment.apps/cluster-metadata-operator 1/1 1 1 3m32s
deployment.apps/resource-sync-agent 1/1 1 1 3m32s
deployment.apps/metrics-agent 1/1 1 1 3m32s
deployment.apps/clusterconnect-agent 1/1 1 1 3m32s
deployment.apps/controller-manager 1/1 1 1 3m32s
deployment.apps/clusteridentityoperator 1/1 1 1 3m32s
deployment.apps/extension-manager 1/1 1 1 3m32s
deployment.apps/config-agent 1/1 1 1 3m32s
deployment.apps/kube-aad-proxy 1/1 1 1 3m32s
NAME READY STATUS RESTARTS AGE
pod/flux-logs-agent-6f8f5cbcf7-2qkbc 1/1 Running 0 3m32s
pod/extension-events-collector-f57458c99-4gz2p 2/2 Running 0 3m32s
pod/cluster-metadata-operator-7df6668564-r4jgf 2/2 Running 0 3m31s
pod/resource-sync-agent-6494f7d4ff-pzd5d 2/2 Running 0 3m32s
pod/metrics-agent-bfc8bd9b7-rnbqz 2/2 Running 0 3m32s
pod/clusterconnect-agent-5d4d5fdd9c-qtc8c 3/3 Running 0 3m32s
pod/controller-manager-7f944679cf-fbj6p 2/2 Running 0 3m32s
pod/clusteridentityoperator-676f47d557-rfdtw 2/2 Running 0 3m31s
pod/extension-manager-5b976df5b9-dv7d2 3/3 Running 0 3m32s
pod/config-agent-59b64c97c5-crpl6 2/2 Running 0 3m31s
pod/kube-aad-proxy-6ff4455b89-qf4w9 2/2 Running 0 3m32sAt this point, the Azure Arc resource “WSL-K3S” will now be present in the Azure Portal.
Create Service Token
Creating a service token allows secure connection from Azure to the cluster. Without the token, you will most likely be prompted to sign in when viewing the Azure resource.
- Create service account called arc-user:
$ sudo kubectl create serviceaccount arc-user -n default- Grant appropriate permissions on the cluster:
$ sudo kubectl create clusterrolebinding arc-user-binding --clusterrole cluster-admin --serviceaccount default:arc-user- Create service account token for the new account:
sudo kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: arc-user-secret
annotations:
kubernetes.io/service-account.name: arc-user
type: kubernetes.io/service-account-token
EOF- Get the newly created token:
$ sudo kubectl get secret arc-user-secret -o jsonpath='{$.data.token}' | base64 -d | sed $'s/$/\\n/g'- Go to the
WSL-K3Sresource in the Azure Portal. Choose theKubernetes resources | Workloadsto view the workloads for the cluster. You will be prompted to enter a Service account bearer token. Enter the token generated above.
- You can now view the workloads and other details of the Azure Arc enabled cluster!
Cleaning Up
If you decide that you no longer want to have the cluster connected to Azure Arc, execute the following commands on the WSL2 instance to remove the connection and delete the Azure resource.
$ az connectedk8s delete --name WSL-K3S --resource-group Arc
$ sudo kubectl -n azure-arc delete pods,svc --all
These instructions really helped and got me through the process way faster than I was on my own. Thanks Ryan!