pks-jump-azure creates an ubuntu based jumpbox to auto-deploy Pivotal PKS (1.3 and above) on azure.
it is based on an azure rm deployment template.
Cloning or downloading the repo is not required, as the arm automation takes care for all scripts
It will pave the infrastructure using Pivotal terraforming-azure.
Pivotal Operations Manager will be installed and configured using Pivotal om cli.
PKS and Harbor Tiles will be deployed using om cli.
For that, the Tiles and required Stemcell(s) are downloaded automatically.
- automated opsman deployment and configuration
- jumphost with additional datadisk for tiles and sw uploads, pks, k8s, uaac, bbr and other cli´s
- secure deployment bey using system managed identities and keyvault
- pks infrastructure paving using terraform
- autopilot for deploying pks + harbor
- certificate generation using selfsigned or let´s encrypt certificates
- dns registration of api loadbalancer ip
- network peering from jumphost to pks networks
- dns configuration and check
- creation of public lb and dns a records for k8s clusters
- script for additional k8s clusters
- load balancer rules for uaa and api access
- example templates for psp´s and nginx
- deployment of greenplum
- drafted pas on k8s
- a Azure Key Vault hosting all credentials / secrets required
- service principal, needs to have owner rights on subscription in order to create custom roles and Managed Identities
- a pivotal network account ( pivnet ) and a UAA access token
there are are multiple ways to deploy the ARM template. we will describe Azure Portal Template based and az cli based Method
both methods require an SSH Keypair
JUMPBOX_NAME=<you jumpbox name, must be unique>
ADMIN_USERNAME=ubuntu
ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}
## Set temporary Variables
PIVNET_UAA_TOKEN=<your pivnet refresh token>
SERVICE_PRINCIPAL=$(az ad sp create-for-rbac --name ServicePrincipalforPKS --output json)
## SET the Following Secrets from the temporary Variables
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "AZURECLIENTID" --value $(echo $SERVICE_PRINCIPAL | jq -r .appId) --output none
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "AZURETENANTID" --value $(echo $SERVICE_PRINCIPAL | jq -r .tenant) --output none
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "AZURECLIENTSECRET" --value $(echo $SERVICE_PRINCIPAL | jq -r .password) --output none
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "PIVNETUAATOKEN" --value ${PIVNET_UAA_TOKEN} --output none
## unset the temporary variables
unset SERVICE_PRINCIPAL
- use the "deploy to Azure Button" to start a Template Deployment
see this Document for installation using AZ CLI
When the ARM Deployment is finished, the Post Deployment jobs start
Monitor your Deployment using debugging section
When the Deployment has finished, continue to getting started after deployment
the deployment might pause after opsmanager deployment, if your opsmanager fqdn is not resolvable
the log file will, at this stage, show the Azure Name Servers that need to be added to your DNS NS Record
once fixed, the deployment will continue.
a helper script is available to update the deployment this can be
- script updates
- template updates for new versions
Simply run
wget -O - https://raw.githubusercontent.com/bottkars/pks-jump-azure/master/scripts/update.sh | bash
ssh into the Jumpbox
ssh -i ~/${JUMPBOX_NAME} ${ADMIN_USERNAME}@${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com
tail the installation log
tail -f ~/install.log
Simply delete the Resource Groups if using the Advances method, you may use:
az group delete --name ${JUMPBOX_RG} --yes
az group delete --name ${ENV_NAME} --yes
ssh-keygen -R "${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com"
az role definition delete --name ${AZURE_SUBSCRIPTION_ID}-${ENV_NAME}-pks-worker-role
az role definition delete --name ${AZURE_SUBSCRIPTION_ID}-${ENV_NAME}-pks-master-role
see advanced tasks that can make your life easy