Azure using Konvoy Image Builder
This procedure describes how to use the Konvoy Image Builder (KIB) to create a Cluster API compliant Azure Virtual Machine (VM) Image. The VM Image contains the base operating system you specify and all the necessary Kubernetes components. The Konvoy Image Builder uses variable overrides
to specify the base image and container images to use in your new Azure VM image.
The default Azure image is not recommended for use in production. We suggest using KIB for Azure to build the image in order to take advantage of enhanced cluster operations. To explore more information on this topic refer to the Azure Infrastructure.
Prerequisites
Before you begin, you must:
Download the Konvoy Image Builder bundle for your version of DKP.
Check the Supported Kubernetes Version for your Provider.
Create a working
Docker
setup.
Extract the KIB Bundle
Extract the bundle and cd
into the extracted konvoy-image-bundle-$VERSION_$OS
folder. The bundled version of konvoy-image
contains an embedded docker
image that contains all the requirements for building.
The konvoy-image
binary and all supporting folders are also extracted. When extracted, konvoy-image
bind mounts the current working directory (${PWD}
) into the container to be used.
Configure Azure Prerequisites
If you have already followed the Azure Prerequisites topic steps, then the environment variables needed by KIB ([AZURE_CLIENT_SECRET
, AZURE_CLIENT_ID
, AZURE_TENANT_ID
, AZURE_SUBSCRIPTION_ID
] ) are set and do not need repeated if you are still working in the same window.
If you have not executed the Azure Prerequisite steps, they are listed below.
Sign in to Azure:
CODEaz login
CODE[ { "cloudName": "AzureCloud", "homeTenantId": "a1234567-b132-1234-1a11-1234a5678b90", "id": "b1234567-abcd-11a1-a0a0-1234a5678b90", "isDefault": true, "managedByTenants": [], "name": "Mesosphere Developer Subscription", "state": "Enabled", "tenantId": "a1234567-b132-1234-1a11-1234a5678b90", "user": { "name": "user@azuremesosphere.onmicrosoft.com", "type": "user" } } ]
Create an Azure Service Principal (SP) by running the following command:
If an SP with the name exists, this command will rotate the password.
CODEaz ad sp create-for-rbac --role contributor --name "$(whoami)-konvoy" --scopes=/subscriptions/$(az account show --query id -o tsv) --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"
CODE{ "client_id": "7654321a-1a23-567b-b789-0987b6543a21", "client_secret": "Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C", "tenant_id": "a1234567-b132-1234-1a11-1234a5678b90" }
Set the
AZURE_CLIENT_SECRET
environment variable:CODEexport AZURE_CLIENT_SECRET="<azure_client_secret>" # Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C export AZURE_CLIENT_ID="<client_id>" # 7654321a-1a23-567b-b789-0987b6543a21 export AZURE_TENANT_ID="<tenant_id>" # a1234567-b132-1234-1a11-1234a5678b90 export AZURE_SUBSCRIPTION_ID="<subscription_id>" # b1234567-abcd-11a1-a0a0-1234a5678b90
Ensure you have an override file to configure specific attributes of your Azure image.