kubernetes-hackfest
Delivering modern cloud-native applications with open source technologies on Azure Kubernetes Service
Module 1: Joining AKS cluster to Calico Cloud
Goal: Join AKS cluster to Calico Cloud management plane.
IMPORTANT: In order to complete this module, you must have Calico Cloud trial account. Issues with being unable to navigate menus in the UI are often due to browsers blocking scripts - please ensure you disable any script blockers.
Steps
-
Navigate to calicocloud and sign up for a 14 day trial account - no credit cards required. Returning users can login.
-
Upon signing into the Calico Cloud UI the Welcome screen shows four use cases which will give a quick tour for learning more. This step can be skipped. Tip: the menu icons on the left can be expanded to display the worded menu as shown:
-
Join AKS cluster to Calico Cloud management plane.
Click the “Managed Cluster” in your left side of browser.
Click on “connect cluster”
choose AKS and click next
Run installation script in your aks cluster, script should look similar to this
Output should look similar to:
namespace/calico-cloud created customresourcedefinition.apiextensions.k8s.io/installers.operator.calicocloud.io created serviceaccount/calico-cloud-controller-manager created role.rbac.authorization.k8s.io/calico-cloud-leader-election-role created clusterrole.rbac.authorization.k8s.io/calico-cloud-metrics-reader created clusterrole.rbac.authorization.k8s.io/calico-cloud-proxy-role created rolebinding.rbac.authorization.k8s.io/calico-cloud-leader-election-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/calico-cloud-installer-rbac created clusterrolebinding.rbac.authorization.k8s.io/calico-cloud-proxy-rolebinding created configmap/calico-cloud-manager-config created service/calico-cloud-controller-manager-metrics-service created deployment.apps/calico-cloud-controller-manager created % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 365 100 365 0 0 1312 0 --:--:-- --:--:-- --:--:-- 1312 secret/api-key created installer.operator.calicocloud.io/aks-calicocloud-repo createdJoining the cluster to Calico Cloud can take a few minutes. Meanwhile the Calico resources can be monitored until they are all reporting
AvailableasTruekubectl get tigerastatus -w NAME AVAILABLE PROGRESSING DEGRADED SINCE apiserver True False False 96s calico True False False 16s compliance True False False 21s intrusion-detection True False False 41s log-collector True False False 21s management-cluster-connection True False False 51s monitor True False False 2m1s -
Navigating the Calico Cloud UI
Once the cluster has successfully connected to Calico Cloud you can review the cluster status in the UI. Click on
Managed Clustersfrom the left side menu and look for theconnectedstatus of your cluster. You will also see aTigera-labscluster for demo purposes. Ensure you are in the correct cluster context by clicking theClusterdropdown in the top right corner. This will list the connected clusters. Click on your cluster to switch context otherwise the current cluster context is in bold font.
-
Configure log aggregation and flush intervals in aks cluster, we will use 10s instead of default value 300s for lab testing only.
kubectl patch felixconfiguration.p default -p '{"spec":{"flowLogsFlushInterval":"10s"}}' kubectl patch felixconfiguration.p default -p '{"spec":{"dnsLogsFlushInterval":"10s"}}' kubectl patch felixconfiguration.p default -p '{"spec":{"flowLogsFileAggregationKindForAllowed":1}}' -
Configure Felix to collect TCP stats - this uses eBPF TC program and requires miniumum Kernel version of v5.3.0. Further documentation
kubectl patch felixconfiguration default -p '{"spec":{"flowLogsCollectTcpStats":true}}'