Deckhouse Kubernetes Platform in Microsoft Azure

1
Selecting infrastructure
2
Installation information
3
Preparing environment
4
Installation
5
Getting access to the cluster
6
What can I do next?

Only regions where Availability Zones are available are supported.

Before installation, ensure the following:

  • Cloud provider quotas for cluster deployment.
  • The cloud-init package is installed on the VMs. After the VM starts, services cloud-config.service, cloud-final.service, cloud-init.service must be running.
  • The virtual machine template contains only one disk.

Additional requirements and notes

  • For ContainerdV2 on cluster nodes, the OS on virtual machines must meet the requirements:
    • Linux kernel version 5.8 or newer;
    • CgroupsV2 support;
    • Systemd version 244 or newer;
    • erofs kernel module support.

    For more information, see the ClusterConfiguration resource.

  • From version 1.74, Deckhouse has a module integrity control mechanism (protection against replacement and modification). It turns on automatically when the OS on the nodes supports the erofs kernel module. Without it, Deckhouse runs as before but the mechanism is off — an alert will indicate it is unavailable.

To rule the Microsoft Azure cloud, you need an account and at least a single Subscription connected to id.

You have to create a service account with Microsoft Azure so that Deckhouse Kubernetes Platform can manage cloud resources. The detailed instructions for creating a service account with Microsoft Azure are available in the documentation. Below, we will provide a brief overview of the necessary actions (run them on the personal computer).

Install the Azure CLI and perform a login.

Export the environment variable by substituting the subscription ID instead of the my-subscription-id:

export SUBSCRIPTION_ID=$(az login | jq -r '.[0].id')

Create a service account:

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID" --name "account_name"

At this step, a service account will be created, with a secret (used in the clientSecret parameter of the AzureClusterConfiguration resource) validity period of one year without automatic renewal. Refer to the official documentation to create a service account with a longer secret expiration date.

Go back Next: Installation