Deploying Azure Cloud Infrastructure Using the Ready-Made ARM Template
Note: The ready-made Azure Resource Manager (ARM) template automates the Azure cloud infrastructure deployment process, deploys all the necessary infrastructure including the Azure Kubernetes Service Cluster (AKS cluster), and ensures a reference configuration compliant with the requirements and principles and illustrated by the deployment diagram. All IP ranges are pre-defined in the ARM template.
To build your Azure cloud infrastructure using the ready-made ARM template:
- Create a service principal which the Azure Kubernetes Service Cluster (AKS Cluster) will use to access your Azure cloud infrastructure. For more information, please refer to Azure documentation.
- To ensure data exchange security, generate the necessary certificates and keys (for instructions, please refer to Azure VPN gateway documentation):
- Generate a root certificate for your VPN gateway.
- Generate a child certificate signed by the root certificate above.
- Export private keys from both the root and the child certificate and save them for future use.
- Export the public key from the root certificate. Save it for further use.
- Generate a pair of private and public SSH keys and save them for further use.
- Deploy the ready-made ARM template.
- Establish VNet peering.
Deploying the ready-made ARM template in Azure
To deploy the ready-made ARM template, follow one of these ways:
Note: See Deploying the ARM template via Azure portal below for general instructions. When deploying via Azure CLI or PowerShell, pass the values of the respective parameters described in Deploying the ARM template via Azure portal.
- Deploy the template via Azure portal.
- Deploy the template via Azure CLI.
- Deploy the template via PowerShell.
Deploying the Ready-Made ARM Template via Azure Portal
When deploying the ARM template via Azure portal (for instructions, please follow this link):
- Replace the blank JSON template (at step 4) with this ready-made Azure Resource Manager (ARM) template. Save the template.
- After you save the template, continue from step 8.
- After you complete the instruction, a deployment configuration screen will appear. Complete the fields:
- Environment: Choose Production or Staging to create installations with different non-overlapping IP ranges for production or staging usage, respectively.
Accounts Capacity: Choose the necessary performance level.
Note: You can change this parameter later for the already created virtual machines.
- Admin Username: Enter a name which will be used as an SSH-capable user for all the created virtual machines.
- Admin Password: Enter a password for the Admin Username user.
- AKSDNS prefix: Enter a prefix for your AKS cluster. You can use any convenient name.
- VPN Client Root Certificate: Enter the public part of a key for your VPN gateway which will be used for the management of virtual machines. For more information, please follow this link.
- AKS Service Principal ClientID: Enter a client ID ("application ID", in Azure terminology) for the service principal which will be used for the management of Azure infrastructure from the AKS cluster side.
- Enter AKS Service Principal Secret: Enter a secret key ("authentication key", in Azure terminology).
- Click Purchase at the bottom of the template configuration screen. Wait until the deployment is finished.
Establishing VNet Peering
Establish peering between the VNet from the main IAAS resource group (to which you deployed the ready-made ARM template) and the automatically created resource group of the AKS cluster. The resource group of the AKS cluster can be found by name, which has the following structure: mc_<main_resource_group_name>_<aks-cluster-resource-name>_<region_of_the_main_resource_group>
.
For example, for a main resource group “cbprod” from region “westeurope” and AKS resource name “akscluster”, the automatically created resource group will have this name: mc_cbprod_akscluster_westeurope
.
For instructions on how to establish VNet peering, please follow this link.