Deploy test applications to Azure Kubernetes Service on Azure Stack Hub

This is a guide to get you started using the Azure Kubernetes Service (AKS) service on Azure Stack Hub. This article describes how to deploy some test apps to your cluster so that you can get familiarized with AKS on Azure Stack Hub. The functionality available in Azure Stack Hub is a subset of what is available in public Azure.

Before you get started, make sure that can create an AKS cluster on your Azure Stack Hub instance. For instruction on getting set-up and creating your first cluster, see Using Azure Kubernetes Service on Azure Stack Hub with the CLI.

Deploy test apps

If your stamp is connected, you can follow these instructions to deploy Prometheus and Grafana to the cluster.

  1. Download and install Helm 3:

    curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
    chmod 700 get_helm.sh
    ./get_helm.sh
    

    Note

    For Windows user use Chocolatey to install Helm:

    choco install kubernetes-helm
    
  2. Ensure you have the latest stabled helm repository:

    helm repo add stable https://charts.helm.sh/stable
    helm repo update
    
  3. Install Prometheus.

    helm install my-prometheus stable/prometheus --set server.service.type=LoadBalancer --set rbac.create=false
    
  4. Give cluster administrative access to Prometheus account. Lower permissions are better for security reasons.

    kubectl create clusterrolebinding my-prometheus-server --clusterrole=cluster-admin --serviceaccount=default:my-prometheus-server
    
  5. Install Grafana.

    helm install my-grafana stable/grafana --set service.type=LoadBalancer --set rbac.create=false
    
  6. Get secret for Grafana portal.

    kubectl get secret --namespace default my-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
    

Note

On Windows use the following PowerShell cmdlets to get the secret:

\$env:Path = \$env:Path + ";\$env:USERPROFILE\\.azure-kubectl"
[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String(\$(kubectl get secret --namespace default my-grafana -o jsonpath="{.data.admin-password}")))

Deploy apps to AKS using ACR

At this point, your client machine is connected to the cluster and you can proceed to use kubectl to configure the cluster and deploy your applications. If you are also testing the Azure Container Registry (ACR) service, you can follow the instructions below.

Docker registry secret for accessing local ACR

If you are deploying application images from a local ACR, you will need to store a secret in order for the Kubernetes cluster to have access to pull the images from the registry. To do this you will need to provide a service principal ID (SPN) and Secret, add the SPN as a contributor to the source registry and create the Kubernetes secret. You will also need to update your YAML file to reference the secret.

Add the SPN to the ACR

Add the SPN as a contributor to the ACR.

Note

This script has been modified from the Azure Container Registry site (bash sample) as Azure Stack Hub does not yet have the ACRPULL role. This sample is a PowerShell script, equivalent can be written in bash. Be sure to add the values for your system.

# Modify for your environment. The ACR_NAME is the name of your Azure Container
# Registry, and the SERVICE_PRINCIPAL_ID is the SPN's 'appId' or
# one of its 'servicePrincipalNames' values.
ACR_NAME=mycontainerregistry
SERVICE_PRINCIPAL_ID=<service-principal-ID>

# Populate value required for subsequent command args
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)

# Assign the desired role to the SPN. 
az role assignment create --assignee $SERVICE_PRINCIPAL_ID --scope $ACR_REGISTRY_ID --role contributor

Create the secret in Kubernetes

Use the following command to add the secret to the Kubernetes cluster. Be sure to add the values for your system in the code snippets.

kubectl create secret docker-registry <secret name> \
kubectl create secret docker-registry <secret name> \
    --docker-server=<ACR container registry URL> \
    --docker-username=<service principal ID> \
    --docker-password=<service principal secret> 

Example of referencing the secret in your app YAML

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment 
spec:
selector:
  matchLabels:
   app: nginx
replicas: 2
template:
  metadata:
   labels:
    app: nginx
  spec:
   containers:
   - name: nginx
     image: democr2.azsacr.redmond.ext-n31r1208.masd.stbtest.microsoft.com/library/nginx:1.17.3
     imagePullPolicy: Always
     ports: 
      - containerPort: 80
   imagePullSecrets:
     - name: democr2
 
 
---
apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  selector:
    app: nginx
  ports:
  - protocol: "TCP"
    port: 80
    targetPort: 80
  type: LoadBalancer

Next steps

Using Azure Kubernetes Service on Azure Stack Hub with the CLI