Azure Kubernetes Service(AKS) provides a fast and efficient way to deploy a containerized application to Azure. In this tutorial, we're going to be walking through how to deploy a.Netcore web API and MySQL database to AKS.
This is a follow-up to my previous article on Deploying a. Netcore web API and MySQL on Kubernetes. You can read the previous articles here
- Azure CLI. Install it here
- An Azure account. You can create it for free here. Ps you get 200dollars free Azure credits and 12month's pay as you go.
- Docker docker
- VSCODE vscode
- GitHub branch finished here
1. Clone the git hub project using this command
$ git clone --single-branch --branch Finished https://github.com/GbengaElebsDev/TestApi.git
run a dotnet restore, and build the images using
$ docker-compose -f docker-compose.yml up $ mac@Gbengas-MBP TestApi % docker-compose -f docker-compose.yml up testapi_database_1 is up-to-date Recreating testapi_api_1 ... done Attaching to testapi_database_1, testapi_api_1
2. Login to your Azure account
- Create a Resource and Search for -> Container Registry A container registry is an online repository for your containers. Fill in the details and create a new resource group. A resource group is a collection of all the resources (Virtual machines, databases, and web-apps)for a project.
3. Go to VSCode terminal and login to azure with this command
$ az login
You will be redirected to a browser login
Check if you are in the right subscription
$ az account show
4.Create an Azure service principal with this command and copy your appid, displayName and password
$ az ad sp create-for-rbac --skip-assignment
An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, giving you control over which resources can be accessed and at which level.
You can look at it like an admin for your app resource which you configure its authorization level. Kubernetes can use this service principal to authenticate and pull from the Azure Container Registry.
Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.
- use --skip-assignment to avoid creating a role assignment.
5. Assign this role to the resource group
Click on the notifications icon -> Go to resource -> Add role assignments
Select the Acr role. We want to assign the lowest permission level for a role to perform its duty and in this project, we want the service principal to be able to access our Container Registry.
- Search for the service principal using the display name and input it.
- Select the same resource group as the container registry.
- Give your cluster a name
- Since this is a demo. Let's change the node count to one and the node size to the lowest cost option which in my case is Standard B2s
- Click on authentication and select use existing service principal.
Go to the vscode terminal and login to the ACR using the name of the ACR you created.
$ az acr login --name <nameofacr> Login Succeeded
7. Retag the images to use the ACR login server
In my case
$ docker tag testapi_api gbengaelebs.azurecr.io/testapi_api
$ docker tag mysql:8.0.22 gbengaelebs.azurecr.io/mysql:8.0.22
check that the images have been retagged
$ docker images gbengaelebs.azurecr.io/testapi_api latest 4c9790679e3f 2 months ago 220MB
8. Push the images to the container registry
$ docker push gbengaelebs.azurecr.io/testapi_api $ docker push gbengaelebs.azurecr.io/mysql:8.0.22
Amend the deployment files, change the container images to point to the azure container repo, and comment out the imagePullPolicy line as shown below.
9. Go to your Azure Kubernetes cluster and connect to it
$ az aks get-credentials --resource-group <resourcegroup> --name <resourcegroup>
In my case
$ az aks get-credentials --resource-group aksdemo --name aksdemo Merged "aksdemo" as current context in /Users/mac/.kube/config
10. Run the following commands to deploy the MYSQL and webapi deployment to Kubernetes
$ kubectl apply -f mysql-pv-claim.yaml $ kubectl apply -f mysqlDeployment.yaml $ kubectl apply -f mysqlService.yaml $ kubectl apply -f deployment.yaml $ kubectl apply -f service.yaml
Run this command to check services
$ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 152m mysql8-service NodePort 10.0.83.21 <none> 3306:30405/TCP 2m36s testapi-service LoadBalancer 10.0.228.251 184.108.40.206 8080:31787/TCP 89s
11. Copy the external IP and navigate to the URL
Mine is (http://220.127.116.11:8080/swagger/index.html). Test the API deployment using the swagger page as shown. Our containerized API is now running inside the Azure Kubernetes service and exposed to the internet via the Load Balancer Service. In the next article, we will be automating the whole deployment process using Azure Pipelines via Azure DevOps.
In this article we have:
- Created and configured an Azure Container Registry
- Created and configured an Azure Kubernetes Service
- Deployed our local images to Azure Container Registry
- Deployed our ACR images to Azure Kubernetes Service
- Exposed our API service to Kubernetes via a Load Balancer