To follow the procedures in Consuming Azure Flexible Server for PostgreSQL on Tanzu Application Platform with Azure Service Operator (ASO) you need:
If you do not already have a cluster that meets these requirements, you can follow this procedure to create and configure a cluster:
Install the Azure CLI. For how to do so, see the Microsoft documentation.
Ensure that you are logged in to Azure by running:
az login
Create an Azure Kubernetes Service (AKS) cluster. The quickest and simplest way to create an AKS cluster is to use the Azure CLI, as in the following example that creates a new ResourceGroup and AKS cluster:
# Name of the resource group to contain the AKS cluster
RESOURCE_GROUP_NAME=tap-psql-demo
# Location of the Cluster
LOCATION=centralus
# Cluster name
CLUSTER_NAME=tap-psql-demo-cluster
# Arbitrary labels for the cluster
LABELS="key=value key2=value2"
# Number of k8s nodes
NODES=2
az group create --name "${RESOURCE_GROUP_NAME}" --location "${LOCATION}"
az aks create -g "${RESOURCE_GROUP_NAME}" -n "${CLUSTER_NAME}" --enable-managed-identity --node-count "${NODES}" --enable-addons monitoring --tags "${LABELS}" -s Standard_DS3_v2 --generate-ssh-keys --uptime-sla
az aks get-credentials --resource-group "${RESOURCE_GROUP_NAME}" --name "${CLUSTER_NAME}"
Note: This creates an AKS cluster with a paid tier using the
--uptime-slaflag. Not setting this flag will cause the Kubernetes Control plane to potentially have resource limitation issues. See https://learn.microsoft.com/en-us/azure/aks/quotas-skus-regions#service-quotas-and-limits
For more information about AKS, see the Microsoft documentation.
Install Tanzu Application Platform v1.2.0 or later and Cluster Essentials v1.2.0 or later on the Kubernetes cluster. For more information, see Installing Tanzu Application Platform
Verify that you have the appropriate versions by running:
kubectl api-resources | grep secrettemplate
This command returns the SecretTemplate API. If it does not work for you, you might not have Cluster Essentials for VMware Tanzu v1.2.0 or later installed.
Install the Azure Service Operator (ASO) and configure it in the cluster. You must have the appropriate permission in Azure to create a service principal and configure Azure access. v2.0.0-beta.2 is known to work with this use case. Install the latest stable version of the operator by running:
AZURE_TENANT_ID=$(az account show | jq -r '.tenantId')
AZURE_SUBSCRIPTION_ID=$(az account show | jq -r '.id')
az ad sp create-for-rbac -n tap-azure-service-operator --role contributor \
--scopes /subscriptions/"${AZURE_SUBSCRIPTION_ID}" > /tmp/aso-creds.json
AZURE_CLIENT_ID=$(cat /tmp/aso-creds.json | jq -r '.appId')
AZURE_CLIENT_SECRET=$(cat /tmp/aso-creds.json | jq -r '.password' )
rm -f /tmp/aso-creds.json
# requires carvel kapp v0.46+
kapp deploy -a aso -f https://github.com/Azure/azure-service-operator/releases/download/v2.0.0-beta.2/azureserviceoperator_v2.0.0-beta.2.yaml -y --wait=false
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: aso-controller-settings
namespace: azureserviceoperator-system
stringData:
AZURE_SUBSCRIPTION_ID: "${AZURE_SUBSCRIPTION_ID}"
AZURE_TENANT_ID: "${AZURE_TENANT_ID}"
AZURE_CLIENT_ID: "${AZURE_CLIENT_ID}"
AZURE_CLIENT_SECRET: "${AZURE_CLIENT_SECRET}"
EOF
kubectl wait deployment -n azureserviceoperator-system -l app=azure-service-operator-v2 --for=condition=Available=True
