Prepare Your AKS Platform


To set up the Azure Kubernetes Service (AKS) to use Portworx, follow the steps below. For more information on AKS, see this article.

Install the Azure CLI

Follow the steps here to install the Azure CLI.

Login to the Azure and set the subscription

az login
az account set -–subscription <Your-Azure-Subscription-UUID>

Check locations to create AKS cluster

Get the Azure locations using the Azure CLI command:

az account list-locations

Example locations:

centralus,eastasia,southeastasia,eastus,eastus2,westus,westus2,northcentralus
southcentralus,westcentralus,northeurope,westeurope,japaneast,japanwest
brazilsouth,australiasoutheast,australiaeast,westindia,southindia,centralindia
canadacentral,canadaeast,uksouth,ukwest,koreacentral,koreasouth

Create an Azure Resource Group

Create a Resource Group by specifying its name and location in which you will be deploying your AKS cluster.

az group create -–name <resource-group-name> –-location <location>

Create the AKS cluster

Create the AKS cluster in the above Resource Group using either the Azure CLI or the Azure Portal. This is described on the AKS docs page. If you have already deployed an AKS cluster, then create the Service Principal for the Resource Group in which your AKS cluster is present.

Create a custom role for Portworx

az role definition create --role-definition '{
        "Name": "portworx-cloud-drive",
        "Description": "",
        "AssignableScopes": [
            "/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9"
        ],
        "Permissions": [
            {
                "Actions": [
                    "Microsoft.ContainerService/managedClusters/agentPools/read",
                    "Microsoft.Compute/disks/delete",
                    "Microsoft.Compute/disks/write",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read"
                ],
                "NotActions": [],
                "DataActions": [],
                "NotDataActions": []
            }
        ]
}'

Create a Service Principal and secret in Azure AD

  1. Find the AKS cluster Infrastructure Resource Group:

    az aks show -n <aks-cluster-name> -g <aks-resource-group> | jq -r '.nodeResourceGroup'
  2. Create a service principal for Portworx with the custom role:

    az ad sp create-for-rbac --role=portworx-cloud-drive --scopes="/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9/resourceGroups/<aks-infrastructure-resource-group>"
    {
      "appId": "1311e5f6-xxxx-xxxx-xxxx-ede45a6b2bde",
      "displayName": "azure-cli-2020-10-10-10-10-10",
      "name": "http://azure-cli-2020-10-10-10-10-10",
      "password": "ac49a307-xxxx-xxxx-xxxx-fa551e221170",
      "tenant": "ca9700ce-xxxx-xxxx-xxxx-09c48f71d0ce"
    }
  3. Create a secret called px-azure to give Portworx access to Azure APIs by updating the following fields with the associated fields from the service principal you created in the step above:

    kubectl create secret generic -n kube-system px-azure --from-literal=AZURE_TENANT_ID=<tenant> \
                                                          --from-literal=AZURE_CLIENT_ID=<appId> \
                                                          --from-literal=AZURE_CLIENT_SECRET=<password>
    secret/px-azure created

Now that you’ve created the secret, you’re ready to create the spec and deploy Portworx. The spec generator automatically incorporates the secret that you created, and Portworx will fetch the secret to authenticate. Proceed to the next section to install Portworx.



Last edited: Tuesday, Jul 5, 2022