Create a cluster
Prerequisites
Install the latest version of the Azure CLI.
Login to your account, which needs to have the permissions to create an AKS cluster, by executing:
az login
Prepare using the AKS preview
CoCo on AKS is currently in preview. An extension for the az
CLI is needed to create such a cluster.
Add the extension with the following commands:
az extension add \
--name aks-preview \
--allow-preview true
az extension update \
--name aks-preview \
--allow-preview true
Then register the required feature flags in your subscription to allow access to the public preview:
az feature register \
--namespace "Microsoft.ContainerService" \
--name "KataCcIsolationPreview"
The registration can take a few minutes. The status of the operation can be checked with the following
command, which should show the registration state as Registered
:
az feature show \
--namespace "Microsoft.ContainerService" \
--name "KataCcIsolationPreview" \
--output table
Afterward, refresh the registration of the ContainerService provider:
az provider register \
--namespace "Microsoft.ContainerService"
Create resource group
The AKS with CoCo preview is currently available in the following locations:
CentralIndia
eastus
EastUS2EUAP
GermanyWestCentral
japaneast
northeurope
SwitzerlandNorth
UAENorth
westeurope
westus
Set the name of the resource group you want to use:
azResourceGroup="ContrastDemo"
You can either use an existing one or create a new resource group with the following command:
azLocation="westus" # Select a location from the list above
az group create \
--name "${azResourceGroup:?}" \
--location "${azLocation:?}"
Create AKS cluster
First create an AKS cluster:
# Select the name for your AKS cluster
azClusterName="ContrastDemo"
az aks create \
--resource-group "${azResourceGroup:?}" \
--name "${azClusterName:?}" \
--kubernetes-version 1.29 \
--os-sku AzureLinux \
--node-vm-size Standard_DC4as_cc_v5 \
--node-count 1 \
--generate-ssh-keys
We then add a second node pool with CoCo support:
az aks nodepool add \
--resource-group "${azResourceGroup:?}" \
--name nodepool2 \
--cluster-name "${azClusterName:?}" \
--node-count 1 \
--os-sku AzureLinux \
--node-vm-size Standard_DC4as_cc_v5 \
--workload-runtime KataCcIsolation
Finally, update your kubeconfig with the credentials to access the cluster:
az aks get-credentials \
--resource-group "${azResourceGroup:?}" \
--name "${azClusterName:?}"
For validation, list the available nodes using kubectl:
kubectl get nodes
It should show two nodes:
NAME STATUS ROLES AGE VERSION
aks-nodepool1-32049705-vmss000000 Ready <none> 9m47s v1.29.0
aks-nodepool2-32238657-vmss000000 Ready <none> 45s v1.29.0
Cleanup
After trying out Contrast, you might want to clean up the cloud resources created in this step. In case you've created a new resource group, you can just delete that group with
az group delete \
--name "${azResourceGroup:?}"
Deleting the resource group will also delete the cluster and all other related resources.
To only cleanup the AKS cluster and node pools, run
az aks delete \
--resource-group "${azResourceGroup:?}" \
--name "${azClusterName:?}"