Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
Deploying an application on Anthos clusters on Azure
3.
Set default settings for the g-cloud CLI
4.
Select Azure resource IDs for your cluster
4.1.
Select a resource group ID
4.2.
Select a virtual network ID
4.3.
Select a subnet ID
4.4.
Select CIDR ranges for your cluster
5.
Create a cluster
6.
Create a node pool
7.
View your cluster status
8.
Get authentication credentials for the cluster.
9.
Deploy an application to cluster
9.1.
Create the Deployment
9.2.
Expose the Deployment
9.3.
Inspect and view the application
10.
Clean up
11.
Create a cluster
11.1.
Create an AzureClient
11.2.
Create an ssh key pair
12.
Select your Fleet host project
12.1.
Cross-project registration
13.
Create a cluster
14.
Authorize Cloud Logging / Cloud Monitoring
15.
Create a node pool
16.
Anthos clusters on Azure architecture
16.1.
Resource management
16.2.
Authenticating to Azure
17.
Cluster architecture
18.
Supported VM sizes
18.1.
Minimum supported cluster configuration
18.2.
Recommended control plane VM sizing
19.
Supported regions
20.
Frequently Asked Question
20.1.
What is an Anthos cluster?
20.2.
Does Anthos use cluster API?
20.3.
Describe an Azure.
20.4.
What does CIDR stand for?
21.
Conclusion 
Last Updated: Mar 27, 2024

Anthos Clusters on Azure

Author Muskan Sharma
0 upvote

Introduction

Are you interested in knowing about the Anthos Cluster On Azure? You are in the right place👍

Azure- Microsoft's public cloud computing platform is called Microsoft Azure, formerly known as Windows Azure. It offers numerous cloud services, such as computation, analytics, storage, and networking.

Below you will find more information about Anthos Cluster On Azure.

Deploying an application on Anthos clusters on Azure

In this section, you'll learn how to set up an Anthos cluster on Azure, build a node pool, and deploy a sample application.

Set default settings for the g-cloud CLI

Follow these steps to create defaults:

  1. Setup the default project:
g-cloud config set project PROJECT_ID

Substitute your project ID in PROJECT_ID.

2. Setup the default management location:

g-cloud config set container_azure/location GOOGLE_CLOUD_LOCATION

Put your location in place of GOOGLE_CLOUD_LOCATION.

Select Azure resource IDs for your cluster

Select a resource group ID

Run the following command to save the resource group for your cluster to an environment variable:

CLUSTER_RESOURCE_GROUP_ID=$(az group show --query id --output tsv \
    --resource-group=CLUSTER_RESOURCE_GROUP_NAME)

To provision your cluster resources, change CLUSTER RESOURCE GROUP NAME to the name of the resource group.

Select a virtual network ID

Run the command below to store the VNet ID for your cluster in an environment variable:

VNET_ID=$(az network vnet show --query id --output tsv \
    --resource-group=VNET_RESOURCE_GROUP_NAME \
    --name=VNET_NAME)
  • Replace VNET RESOURCE GROUP NAME with the name of the resource group containing your virtual network.
  • Replace VNET NAME with your virtual network's name.

Select a subnet ID

Run the command below to save the subnet ID of your cluster to an environment variable:

SUBNET_ID=$(az network vnet subnet show --query id --output tsv \
    --resource-group VNET_RESOURCE_GROUP_NAME \
    --vnet-name VNET_NAME \
    --name SUBNET_NAME)
  • Replace VNET RESOURCE GROUP NAME with the name of the resource group containing your virtual network.
  • Replace VNET NAME with your virtual network's name.
  • Replace SUBNET NAME with your subnet's name.

Select CIDR ranges for your cluster

Two CIDR ranges must be provided to Kubernetes for the cluster. These CIDR ranges should be selected to avoid crossing over with the CIDR ranges that your VPC subnets use. They should be big enough to accommodate your cluster's largest possible size.
Pod address CIDR range: An IP address from this range is assigned to a new Pod when created. for instance, 192.168.208.0–20

  • Service address CIDR range: An IP address from this range is assigned when a new Service is created. for instance, 192.168.224.0/20

Create a cluster

Enter the following command to construct a cluster in Azure's Anthos clusters.

gcloud container azure clusters create azure-cluster-0 \
    --cluster-version 1.23.7-gke.1300 \
    --azure-region AZURE_REGION \
    --fleet-project FLEET_PROJECT_ID \
    --client CLIENT_NAME \
    --resource-group-id $CLUSTER_RESOURCE_GROUP_ID \
    --vnet-id $VNET_ID \
    --subnet-id $SUBNET_ID \
    --pod-address-cidr-blocks POD_CIDR_BLOCK \
    --service-address-cidr-blocks SERVICE_CIDR_BLOCK \
    --ssh-public-key "SSH_PUBLIC_KEY" \
    --tags "google:gkemulticloud:cluster=azure-cluster-0"

Create a node pool

Use the Google Cloud CLI to create a node pool:

 gcloud container azure node-pools create pool-0 \
    --cluster azure-cluster-0 \
    --node-version 1.23.7-gke.1300 \
    --vm-size Standard_B2s \
    --max-pods-per-node 110 \
    --min-nodes 1 \
    --max-nodes 5 \
    --ssh-public-key "SSH_PUBLIC_KEY" \
    --subnet-id $SUBNET_ID \
    --tags "google:gkemulticloud:cluster=azure-cluster-0"

View your cluster status

With the Google Cloud CLI or the Google Cloud console, you may check the status of a cluster after creating it and its node pool. Choose between using the Google Cloud console or the Google Cloud CLI to monitor the status of the cluster, then perform the following actions:

gcloud

To learn more about your cluster, use the gcloud container azure clusters describe command:

gcloud container aws clusters describe CLUSTER_NAME \
  --location GOOGLE_CLOUD_LOCATION

Get authentication credentials for the cluster.

You must obtain authentication credentials to communicate with your cluster after it has been created:

gcloud container azure clusters get-credentials azure-cluster-0

Deploy an application to cluster

You can now deploy a containerized application to the cluster you just constructed. You can set up our sample web application, hello-app, for this quickstart.

Create the Deployment

You must deploy the application by performing the subsequent command before launching hello-app in your cluster:

kubectl create deployment hello-server --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0

With this Kubernetes command, a deployment with the name hello-server is created.

Expose the Deployment

You must expose the program to the internet after it has been deployed so that consumers can use it. You can expose your application by building a Service, a Kubernetes resource that makes your application accessible to outside traffic.

kubectl expose deployment hello-server --type LoadBalancer --port 80 --target-port 8080


Passing in the --type LoadBalancer flag creates an Azure load balancer for your container. The --port flag initializes public port 80 to the internet, and the --target-port flag routes the traffic to port 8080 of the application.

Inspect and view the application

  1. Using kubectl get pods, check the active Pods:
kubectl get pods

2. Using kubectl get service, examine the hello-server service:

kubectl get service hello-server

3. Use the external IP and exposed port to view the program in your web browser:

http://EXTERNAL-IP

Clean up

  1. Remove the Service and Deployment for the application:
kubectl delete service hello-server
kubectl delete deployment hello-server

2. Run gcloud container azure node-pools delete to remove your node pool:

gcloud container azure node-pools delete pool-0 --cluster azure-cluster-0

3. Run gcloud container azure clusters delete to remove your cluster:

gcloud container azure clusters delete azure-cluster-0

Create a cluster

In this, you'll learn how to set up a cluster and node pool in an Anthos cluster using Kubernetes version 1.23.7-gke.1300 on Azure.

Create an AzureClient

An AzureClient resource is used by the management service to log in to Azure. Google generates a key pair for each client you create. To Azure Active Directory, you upload the public key (Azure AD). Create an SSH key pair before moving on if you already have an AzureClient.

Run the commands below to create an AzureClient:

  1. Your Azure tenant and application IDs should be used to set environment variables:
export SUBSCRIPTION_ID=$(az account show --query "id" --output tsv)
export TENANT_ID=$(az account list \
  --query "[?id=='${SUBSCRIPTION_ID}'].{tenantId:tenantId}" --output tsv)
export APPLICATION_ID=$(az ad app list --all \
  --query "[?displayName=='APPLICATION_NAME'].appId" --output tsv)

2. Making the client

gcloud container azure clients create CLIENT_NAME \
  --location=GOOGLE_CLOUD_LOCATION \
  --tenant-id="${TENANT_ID}" \
  --application-id="${APPLICATION_ID}"

3. Obtain the certificate from an AzureClient, then store it in an environment variable.

CERT=$(gcloud container azure clients get-public-cert --location=GOOGLE_CLOUD_LOCATION \
      CLIENT_NAME)

4. Add the certificate to your Azure AD application:

az ad app credential reset --id "${APPLICATION_ID}" --cert "${CERT}" --append

Create or choose an SSH key pair for your cluster after creating a client.

Create an ssh key pair

An SSH key pair must be supplied when creating a cluster. Skip this step if you already have a key combination you want to utilize.

  1. Use the command-line utility ssh-keygen to generate a new key pair:
ssh-keygen -m PEM -t rsa -b 4096 -f KEY_PATH

2. Keep the key in a variable in the environment:

`SSH_PUBLIC_KEY=$(cat KEY_PATH.pub)

3. Run the following command, for instance, to generate a fresh key pair at /.ssh/anthos-multicloud-key.pub and save the public key in an environment variable:

ssh-keygen -m PEM -t rsa -b 4096 -f ~/.ssh/anthos-multicloud-key
SSH_PUBLIC_KEY=$(cat ~/.ssh/anthos-multicloud-key.pub)

You are prepared to construct a cluster once the public key has been saved to an environment variable.

Select your Fleet host project

Google Cloud uses fleets as a concept to aggregate clusters into larger groups. With fleets, you can administer numerous clusters across clouds and implement uniform policies. When a cluster is formed, the Anthos Multi-Cloud API immediately registers it with a Fleet.

Cross-project registration

You must add IAM policy binding to the Multi-Cloud Service Agent service account if you want to use a Fleet Host project other than the Google Cloud project hosted by the cluster. The service account is now able to administer Fleets via the Fleet Host Project.

  1. Run the following command to include the Service Agent in your project:
gcloud beta services identity create --service=gkemulticloud.googleapis.com \
  --project=CLUSTER_PROJECT_NUMBER

2. Utilize the following command to assign this binding:

gcloud projects add-iam-policy-binding FLEET_PROJECT_ID \
  --member="serviceAccount:service-CLUSTER_PROJECT_NUMBER@gcp-sa-gkemulticloud.iam.gserviceaccount.com" \
  --role="roles/gkemulticloud.serviceAgent"

Create a cluster

Execute the following commands to build a cluster:

  1. Save the IDs for your VNet, subnet, and Azure resource group to environment variables:
  CLUSTER_RG_ID=$(az group show --resource-group=CLUSTER_RESOURCE_GROUP_NAME \
  --query "id" -otsv)
VNET_ID=$(az network vnet show --resource-group=VNET_RESOURCE_GROUP_NAME \
  --name=VNET_NAME --query "id" -otsv)
SUBNET_ID=$(az network vnet subnet show \
  --resource-group=VNET_RESOURCE_GROUP_NAME --vnet-name=VNET_NAME \
  --name default --query "id" -otsv)

2. Utilizing the Google Cloud CLI, create a cluster:

gcloud container azure clusters create CLUSTER_NAME \
    --location GOOGLE_CLOUD_LOCATION \
    --fleet-project=FLEET_PROJECT \
    --client CLIENT_NAME \
    --azure-region AZURE_REGION \
    --pod-address-cidr-blocks POD_CIDR \
    --service-address-cidr-blocks SERVICE_CIDR \
    --vm-size VM_SIZE \
    --cluster-version 1.23.7-gke.1300 \
    --ssh-public-key "$SSH_PUBLIC_KEY" \
    --resource-group-id "$CLUSTER_RG_ID" \
    --vnet-id "$VNET_ID" \
    --subnet-id "$SUBNET_ID" # Optional, see following note \
    --tags="control-plane=CLUSTER_NAME"

3. Check your cluster's condition:

    gcloud container azure clusters describe CLUSTER_NAME  --location GOOGLE_CLOUD_LOCATION

Authorize Cloud Logging / Cloud Monitoring

It has to be authorised for Anthos clusters running on Azure to generate and upload system logs and metrics to Google Cloud's operations suite.

Run the following command to grant permission for the Kubernetes workload identity gke-system/gke-telemetry-agent to write logs and metrics to Google Cloud Logging and Google Cloud Monitoring, respectively:

gcloud projects add-iam-policy-binding GOOGLE_PROJECT_ID \
  --member="serviceAccount:GOOGLE_PROJECT_ID.svc.id.goog[gke-system/gke-telemetry-agent]" \
  --role=roles/gkemulticloud.telemetryWriter

Create a node pool

You should issue the following instructions to build a node pool:

  1. Save your SSH public key and Azure VNet subnet ID to environment variables:
 SUBNET_ID=$(az network vnet subnet show \
  --resource-group=VNET_RESOURCE_GROUP_NAME --vnet-name=VNET_NAME \
  --name default --query "id" -otsv)
SSH_PUBLIC_KEY=$(cat KEY_PATH.pub)

2. Utilizing the Google Cloud CLI, create a node pool:

gcloud container azure node-pools create NODE_POOL_NAME \
    --cluster CLUSTER_NAME \
    --location GOOGLE_CLOUD_LOCATION \
    --node-version 1.23.7-gke.1300 \
    --vm-size VM_SIZE \
    --max-pods-per-node 110 \
    --min-nodes MIN_NODES \
    --max-nodes MAX_NODES \
    --ssh-public-key "${SSH_PUBLIC_KEY}" \
    --subnet-id "${SUBNET_ID}"

3. Check your node pool's condition:

gcloud container azure node-pools describe NODE_POOL_NAME \
    --cluster CLUSTER_NAME \
    --location GOOGLE_CLOUD_LOCATION

Anthos clusters on Azure architecture

Kubernetes clusters in your Azure account may be set up, run, and scaled with the aid of Anthos clusters on Azure, a managed service.

Resource management

The resources your cluster needs, such as virtual machines, managed discs, virtual machine scale sets, network security groups, and load balancers, are provisioned by Anthos clusters on Azure using Azure APIs.

Authenticating to Azure

An Azure Active Directory (Azure AD) application and service principal with the necessary rights is created when Anthos clusters are configured on Azure. Additionally, you produce a client certificate that the Anthos Multi-Cloud API utilizes to verify your identity as the service principal for the application.

Cluster architecture

The Azure Virtual Private Cloud's Anthos clusters create clusters using private subnets. These elements are found in each cluster:

Control Panel: A high-availability architecture with three replicas is used by the Kubernetes control plane. Every Kubernetes component is active on every replica, including kube-apiserverkube-controller-managerkube-scheduleretcd. Each etcd instance uses an Azure Disk volume to store data and a network interface to connect to other etcd instances. Traffic to the kube-apiserver endpoint of the Kubernetes API is balanced using a conventional load balancer.

Nodes Pool: A set of Kubernetes worker nodes with the same instance type, disc configuration, and instance profile are referred to as a node pool. A node pool's nodes all operate on the same subnet. In the same Azure region, you can provision numerous node pools across various subnets for high availability.

Supported VM sizes

Minimum supported cluster configuration

A minimum of five Standard DS2 v2 Azure VMs are needed for Anthos clusters maintained on Azure. Your initial node pool comprises the latter two, while the first three comprise your control plane instances.

Recommended control plane VM sizing

 

Supported VM sizes

Supported regions

You can only manage your Azure clusters from a certain Google region because the Anthos Multi-Cloud API is regional. Which Anthos Multi-Cloud API supports azure regions depends on the Google Cloud region where it is deployed. If the location you require is not listed below, contact the Google Cloud account team.

Supported regions

Also read, kubernetes interview questions

Frequently Asked Question

What is an Anthos cluster?

As a component of Anthos, Anthos clusters offer a consistent approach to interface with Kubernetes clusters, enabling GKE to operate in many contexts.

Does Anthos use cluster API?

This opens up strong compositions and capabilities for how we may manage the lifecycle of our clusters and use Anthos and its features in our settings. To orchestrate the lifecycle of Kubernetes clusters, we can leverage providers and Kubernetes Custom Resource Definitions.

Describe an Azure.

Microsoft's public cloud computing platform is Microsoft Azure, formerly Windows Azure. It offers numerous cloud services, such as computation, analytics, storage, and networking.

What does CIDR stand for?

CIDR, or classless inter-domain routing, is a set of IP addresses that a network use.

Conclusion 

This blog has extensively discussed Anthos Clusters on Azure, How to deploy an application on Anthos Clusters on Azure, creating a cluster, cluster architecture, etc. We hope This article was helpful and enhanced your knowledge about the Anthos Clusters on Azure. If you want to learn more deeply, check out the excellent content on the Coding Ninjas Website:

Cloud Logging in GCP, Monitoring Agent , Identity Access Management

Refer to our guided paths on the Coding Ninjas Studio platform to learn more about DSA, DBMS, Competitive Programming, Python, Java, JavaScript, etc. 

Refer to the links problemstop 100 SQL problemsresources, and mock tests to enhance your knowledge.

For placement preparations, visit interview experiences and interview bundle.

Thank you

Do upvote our blog to help other ninjas grow. Happy Coding!

Live masterclass