Outshift Logo

4 min read

Blog thumbnail
CN

by Flora Piszker

Published on 11/23/2017
Last updated on 02/05/2024

Azure Managed Kubernetes (AKS) Go SDK

Share

At Banzai Cloud we use different cloud providers or managed Kubernetes offerings, one of which is Microsoft Azure Managed Kubernetes. It's a pretty solid service that allows you to deploy a managed k8s cluster without requiring you to deal with low level Kubernetes building blocks, tooling, or cloud infrastructure provisioning. However, there is one temporary issue which is a cornerstone of our PasS, Pipeline: the Azure Go-SDK does not contain the bindings for our new service. As you can see from the following issues and PRs pertaining to the Azure Rest API Swagger specification and Azure SDK for Go, the requisite implementation is missing. TL;DR: We've just open sourced a Golang SDK for Azure managed Kubernetes - an Azure AKS Golang binding Pipeline is written in Golang and uses Azure, AWS and other provider SDKs to install k8s infrastructure. We had no alternative but to implement and open source a new Azure AKS Golang binding in order to provision managed AKS clusters on Azure. This binding uses the core Azure SDK and extends it via authenticated REST API calls to previously established AKS endpoints. Its implementation is straightforward and simple. It contains only one interesting part: the re-passing of security credentials, the token extraction and replaying of the authentication flow without actually extracting or exposing it. To accomplish that we used the Autorest framework to implement an HTTP request pipeline suitable for use across multiple go-routines and to provide the necessary shared routines. The package breaks the sending, and responding to, of HTTP requests into three phases: Preparing, Sending, and Responding. If you’d like to give it a try, there are a few Azure pre-requisites you need to set, first, since Azure Managed Kubernetes (AKS) is not switched on by default.

Prerequisities

You will need the following ENV variables exported: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID You can get this information from the portal, but the easiest and fastest way is to use the Azure CLI tool. Install the tool and log in using the following commands.
$ curl -L https://aka.ms/InstallAzureCli | bash
$ exec -l $SHELL
$ az login
Create a Service Principal for the Azure Active Directory using the following command.
$ az ad sp create-for-rbac
You should get something like:
{

  "appId": "1234567-1234-1234-1234-1234567890ab",
  "displayName": "azure-cli-2017-08-18-19-25-59",
  "name": "http://azure-cli-2017-08-18-19-25-59",
  "password": "1234567-1234-1234-be18-1234567890ab",
  "tenant": "1234567-1234-1234-be18-1234567890ab"
}



Translate the output from the previous command into newly exported environmental variables.
Service Principal Variable Name Environmental variable
appId AZURE_CLIENT_ID
password AZURE_CLIENT_SECRET
tenant AZURE_TENANT_ID
Run the following command to get you Azure subscription ID.
$ az account show --query id
"1234567-1234-1234-1234567890ab"

Finally, export that value as an environmental variable as well.

Command Environmental variable
az account show --query id AZURE_SUBSCRIPTION_ID
At this point you should have set the following four environmental variables!
export AZURE_CLIENT_ID = "1234567-1234-1234-1234567890ab"
export AZURE_CLIENT_SECRET = "1234567-1234-1234-1234567890ab"
export AZURE_TENANT_ID = "1234567-1234-1234-1234567890ab"
export AZURE_SUBSCRIPTION_ID = "1234567-1234-1234-1234567890ab"
AKS requires a few services to be pre-registered for the subscription. You can add these via the portal or CLI. The required pre-registered service providers are:
Microsoft.Compute
Microsoft.Storage
Microsoft.Network
Microsoft.ContainerService
You can check the registered providers with: az provider list --query "[].{Provider:namespace, Status:registrationState}" --out table If the above are not registered, you can add them:
az provider register --namespace Microsoft.ContainerService
az provider register --namespace Microsoft.Compute
az provider register --namespace Microsoft.Storage
az provider register --namespace Microsoft.Network
Take a break while the registration goes through all the different zones and datacenters. Have a coffee. You can check statuses by hitting az provider show -n Microsoft.ContainerService for each individual service.

Validate and test the cluster

You should now be able to embed and use the Azure AKS Golang binding in your code, or run one of the tests. You can list, create and delete AKS clusters, and the library will take care of rest calls, status checks and failover handling. You can also validate your code by using the Azure CLI tool. Install the AKS CLI tool by running az aks install-cli. Get the credentials to the cluster by running az aks get-credentials --resource-group YOUR_RG_NAME --name YOUR_AKS_CLUSTER_NAME. You can now use *kubectl to operate the cluster. Get the number of nodes and validate the result:
$ kubectl get nodes
NAME                        STATUS    ROLES     AGE       VERSION
aks-agentpool1-36552431-0   Ready     agent     12m       v1.7.7
You can retrieve more information about the cluster by running kubectl cluster-info. To scale the cluster: az aks scale --name AKS_CLUSTER_NAME --resource-group YOUR_RG_NAME --node-count 1 --resource-group YOUR_RG_NAME.
Subscribe card background
Subscribe
Subscribe to
the Shift!

Get emerging insights
on emerging technology straight to your inbox.

Unlocking Multi-Cloud Security: Panoptica's Graph-Based Approach

Discover why security teams rely on Panoptica's graph-based technology to navigate and prioritize risks across multi-cloud landscapes, enhancing accuracy and resilience in safeguarding diverse ecosystems.

thumbnail
I
Subscribe
Subscribe
 to
the Shift
!
Get
emerging insights
on emerging technology straight to your inbox.

The Shift keeps you at the forefront of cloud native modern applications, application security, generative AI, quantum computing, and other groundbreaking innovations that are shaping the future of technology.

Outshift Background