Creating an Azure Cluster
In this section, you’ll learn how to install an RKE Kubernetes cluster in Azure through Rancher.
First, you will set up your Azure cloud credentials in Rancher. Then you will use your cloud credentials to create a node template, which Rancher will use to provision new nodes in Azure.
Then you will create an Azure cluster in Rancher, and when configuring the new cluster, you will define node pools for it. Each node pool will have a Kubernetes role of etcd, controlplane, or worker. Rancher will install Kubernetes on the new nodes, and it will set up each node with the Kubernetes role defined by the node pool.
caution
When the Rancher RKE cluster is running in Azure and has an Azure load balancer in front, the outbound flow will fail. The workaround for this problem is as follows:
- Terminate the SSL/TLS on the internal load balancer
- Use the L7 load balancer
For more information, refer to the documentation on Azure load balancer limitations.
For more information on configuring the Kubernetes cluster that Rancher will install on the Azure nodes, refer to the RKE cluster configuration reference.
For more information on configuring Azure node templates, refer to the Azure node template configuration reference.
Preparation in Azure
Before creating a node template in Rancher using a cloud infrastructure such as Azure, we must configure Rancher to allow the manipulation of resources in an Azure subscription.
To do this, we will first create a new Azure service principal (SP) in Azure Active Directory (AD), which, in Azure, is an application user who has permission to manage Azure resources.
The following is a template az cli
script that you have to run for creating an service principal, where you have to enter your SP name, role, and scope:
az ad sp create-for-rbac \
--name="<Rancher ServicePrincipal name>" \
--role="Contributor" \
--scopes="/subscriptions/<subscription Id>"
The creation of this service principal returns three pieces of identification information, The application ID, also called the client ID, and The client secret. This information will be used when you create a node template for Azure.
Creating an Azure Cluster
- RKE
- RKE2
- Create your cloud credentials
- Create a node template with your cloud credentials
- Create a cluster with node pools using the node template
1. Create your cloud credentials
- Click ☰ > Cluster Management.
- Click Cloud Credentials.
- Click Create.
- Click Azure.
- Enter your Azure credentials.
- Click Create.
Result: You have created the cloud credentials that will be used to provision nodes in your cluster. You can reuse these credentials for other node templates, or in other clusters.
2. Create a node template with your cloud credentials
Creating a node template for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters.
- Click ☰ > Cluster Management.
- Click RKE1 Configuration > Node Templates.
- Click Add Template.
- Click Azure.
- Fill out a node template for Azure. For help filling out the form, refer to Azure Node Template Configuration.
3. Create a cluster with node pools using the node template
Use Rancher to create a Kubernetes cluster in Azure.
- Click ☰ > Cluster Management.
- On the Clusters page, click Create.
- Click Azure.
- Enter a Cluster Name.
- Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see this section.
- In the Cluster Configuration to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on Show advanced options. For help configuring the cluster, refer to the RKE cluster configuration reference.
- Use Member Roles to configure user authorization for the cluster. Click Add Member to add users that can access the cluster. Use the Role drop-down to set permissions for each user.
- Click Create.
1. Create your cloud credentials
If you already have a set of cloud credentials to use, skip this section.
- Click ☰ > Cluster Management.
- Click Cloud Credentials.
- Click Create.
- Click Azure.
- Enter your Azure credentials.
- Click Create.
Result: You have created the cloud credentials that will be used to provision nodes in your cluster. You can reuse these credentials for other node templates, or in other clusters.
2. Create your cluster
Use Rancher to create a Kubernetes cluster in Azure.
- Click ☰ > Cluster Management.
- On the Clusters page, click Create.
- Toggle the switch to RKE2/K3s.
- Click Azure.
- Select a Cloud Credential, if more than one exists. Otherwise, it’s preselected.
- Enter a Cluster Name.
- Create a machine pool for each Kubernetes role. Refer to the best practices for recommendations on role assignments and counts.
- For each machine pool, define the machine configuration. Refer to the Azure machine configuration reference for information on configuration options.
- Use the Cluster Configuration to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the RKE2 cluster configuration reference.
- Use Member Roles to configure user authorization for the cluster. Click Add Member to add users that can access the cluster. Use the Role drop-down to set permissions for each user.
- Click Create.
Result:
Your cluster is created and assigned a state of Provisioning. Rancher is standing up your cluster.
You can access your cluster after its state is updated to Active.
Active clusters are assigned two Projects:
Default
, containing thedefault
namespaceSystem
, containing thecattle-system
,ingress-nginx
,kube-public
, andkube-system
namespaces
Optional Next Steps
After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster:
- Access your cluster with the kubectl CLI: Follow these steps to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI.
- Access your cluster with the kubectl CLI, using the authorized cluster endpoint: Follow these steps to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster.