Azure using Konvoy Image Builder

This procedure describes how to use the Konvoy Image Builder (KIB) to create a Cluster API compliant Azure Virtual Machine (VM) Image. The VM Image contains the base operating system you specify and all the necessary Kubernetes components. The Konvoy Image Builder uses variable overrides to specify the base image and container images to use in your new Azure VM image.

The default Azure image is not recommended for use in production. We suggest using KIB for Azure to build the image in order to take advantage of enhanced cluster operations. To explore more information on this topic refer to the Azure Infrastructure.

Prerequisites

Before you begin, you must:

• Check the DKP 2.5.0 Supported Kubernetes Versions

• Check the Supported Infrastructure Operating Systems

• Download the Konvoy Image Builder bundle for your version of DKP prefixed with konvoy-image-bundle for your OS.

• Create a working Docker setup

Extract the KIB Bundle

Extract the bundle and cd into the extracted konvoy-image-bundle-$VERSION_$OS folder. The bundled version of konvoy-image contains an embedded docker image that contains all the requirements for building.

The konvoy-image binary and all supporting folders are also extracted. When extracted, konvoy-image bind mounts the current working directory (${PWD}) into the container to be used.

Configure Azure Prerequisites

If you have already followed the Azure Prerequisites topic steps, then the environment variables needed by KIB ([AZURE_CLIENT_SECRET, AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID] ) are set and do not need repeated if you are still working in the same window.

If you have not executed the Azure Prerequisite steps, they are listed below.

1. Sign in to Azure:

   CODE

   az login

    

   CODE

   [
     {
       "cloudName": "AzureCloud",
       "homeTenantId": "a1234567-b132-1234-1a11-1234a5678b90",
       "id": "b1234567-abcd-11a1-a0a0-1234a5678b90",
       "isDefault": true,
       "managedByTenants": [],
       "name": "Mesosphere Developer Subscription",
       "state": "Enabled",
       "tenantId": "a1234567-b132-1234-1a11-1234a5678b90",
       "user": {
         "name": "user@azuremesosphere.onmicrosoft.com",
         "type": "user"
       }
     }
   ]

2. Create an Azure Service Principal (SP) by running the following command:

   If an SP with the name exists, this command will rotate the password.

   CODE

   az ad sp create-for-rbac --role contributor --name "$(whoami)-konvoy" --scopes=/subscriptions/$(az account show --query id -o tsv) --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"

   CODE

   {
     "client_id": "7654321a-1a23-567b-b789-0987b6543a21",
     "client_secret": "Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C",
     "tenant_id": "a1234567-b132-1234-1a11-1234a5678b90"
   }

3. Set the AZURE_CLIENT_SECRET environment variable:

   CODE

   export AZURE_CLIENT_SECRET="<azure_client_secret>" # Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C
   export AZURE_CLIENT_ID="<client_id>"               # 7654321a-1a23-567b-b789-0987b6543a21
   export AZURE_TENANT_ID="<tenant_id>"               # a1234567-b132-1234-1a11-1234a5678b90
   export AZURE_SUBSCRIPTION_ID="<subscription_id>"   # b1234567-abcd-11a1-a0a0-1234a5678b90

4. Ensure you have an override file to configure specific attributes of your Azure image.

Next Step:

Azure Bootstrap