Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this tutorial, part one of five, you learn how to:
- Install the Kubernetes CLI,
kubectl. - Create an Azure resource group.
- Create and deploy an ACL cluster.
- Configure
kubectlto connect to your ACL cluster.
In later tutorials, you learn how to add an ACL node pool to an existing cluster and migrate existing nodes to ACL.
Azure Container Linux (ACL) considerations and limitations
Before you begin, review the following considerations and limitations for ACL:
- ACL is generally available starting AKS v1.34.
- ACL requires Trusted Launch with Secure Boot and vTPM. Non-Trusted Launch variants aren't available.
- ACL on Arm64 requires Cobalt-based (v6) SKUs to enable Trusted Launch compatibility.
NodeImageandNoneare the only supported operating system (OS) upgrade channels.UnmanagedandSecurityPatchare incompatible with ACL due to the immutable/usrdirectory.- Artifact Streaming isn't supported.
- Pod Sandboxing isn't supported.
- Confidential Virtual Machines (CVMs) aren't supported.
- Generation 1 VMs aren't supported.
- FIPS-enabled nodes aren't supported.
Prerequisites
- Azure Container Linux requires Azure CLI version 2.86.0 or higher. Use the
az versioncommand to find the version. To upgrade to the latest version, use theaz upgradecommand.
Set environment variables
Set the following environment variables to create unique resource names for each deployment:
export RESOURCE_GROUP="<your-resource-group-name>"
export REGION="<your-region>"
export CLUSTER_NAME="<your-cluster-name>"
Create a resource group
When creating a resource group in Azure, you're required to specify a location. This location is the storage location of your resource group metadata and where your resources run in Azure if you don't specify another region when creating a resource.
Create a resource group using the az group create command.
az group create --name $RESOURCE_GROUP --location $REGION
Example output:
{
"id": "/subscriptions/xxxxx/resourceGroups/myACLResourceGroup",
"location": "westus",
"managedBy": null,
"name": "myACLResourceGroup",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}
Create an ACL cluster
Create an AKS cluster using the az aks create command with the --os-sku AzureContainerLinux parameter to provision an ACL cluster. The following example creates an ACL cluster with three nodes:
az aks create \
--name $CLUSTER_NAME \
--resource-group $RESOURCE_GROUP \
--os-sku AzureContainerLinux \
--node-count 3 \
--generate-ssh-keys
Example output:
{
"id": "/subscriptions/xxxxx/resourceGroups/myACLResourceGroup/providers/Microsoft.ContainerService/managedClusters/myACLCluster",
"location": "westus",
"name": "myACLCluster",
"properties": {
"provisioningState": "Succeeded"
},
"type": "Microsoft.ContainerService/managedClusters"
}
After a few minutes, the command completes and returns JSON-formatted information about the cluster.
Connect to the cluster using kubectl
Configure kubectl to connect to your Kubernetes cluster using the az aks get-credentials command. The following example gets credentials for the ACL cluster:
az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME
Verify the connection to your cluster
Verify the connection to your cluster using the kubectl get nodes command to return a list of the cluster nodes.
kubectl get nodes
Example output:
NAME STATUS ROLES AGE VERSION
aks-nodepool1-00000000-0 Ready agent 10m v1.34.0
aks-nodepool1-00000000-1 Ready agent 10m v1.34.0
aks-nodepool1-00000000-2 Ready agent 10m v1.34.0
Next step
In this tutorial, you created and deployed an ACL cluster. In the next tutorial, you learn how to add an ACL node pool to an existing cluster.