Deploy a secure Redpanda cluster and Redpanda Console in Azure Kubernetes Service (AKS). After you deploy, use rpk both as an internal client and an external client to interact with your Redpanda cluster from the command line. Your Redpanda cluster has the following security features:
-
SASL for authenticating users' connections.
-
TLS with self-signed certificates for secure communication between the cluster and clients.
Before you begin, you must have the following:
-
You must satisfy the prerequisites listed in the AKS quickstart to get access to the Azure CLI.
-
kubectl. Minimum required Kubernetes version: {supported-kubernetes-version}.kubectl version --short --client
-
Helm. Minimum required Helm version: {supported-helm-version}
helm version
Your AKS cluster must have one worker node available for each Redpanda broker that you plan to deploy in your Redpanda cluster. You also need to run the worker nodes on a machine type that supports the requirements and recommendations for production deployments.
In this step, you create an AKS cluster with three nodes on Standard_L8s_v3 Azure Virtual Machines (Azure VMs). Deploying three nodes allows your AKS cluster to support a Redpanda cluster with three brokers. The Standard_L8s_v3 Azure VMs come with:
-
2 cores per worker node, which is a requirement for production.
-
Local NVMe disks, which is recommended for best performance.
|
Note
|
The Helm chart configures default podAntiAffinity rules to make sure that only one Pod running a Redpanda broker is scheduled on each worker node. To learn why, see Number of workers.
|
-
Create a resource group for Redpanda:
az group create --name redpandaResourceGroup --location eastus
-
Create an AKS cluster:
az aks create -g redpandaResourceGroup -n <cluster-name> \ --node-count 3 \ --generate-ssh-keys \ --enable-node-public-ip \ --node-vm-size Standard_L8s_v3 \ --disable-file-driver
TipFor all available options, see the AKS documentation.
deploy:partial$kubernetes/guides/create-storageclass.adoc
In this step, you configure your AKS cluster to allow external access to the node ports on which the Redpanda deployment will be exposed. You use these node ports in later steps to configure external access to your Redpanda cluster.
-
Get your subscription ID:
export SUBSCRIPTION_ID=$(az account show --query id --output tsv)
-
Set up a connection to your AKS cluster:
az account set --subscription $SUBSCRIPTION_ID az aks get-credentials --resource-group redpandaResourceGroup --name <cluster-name>
-
Open the Azure Portal, search for 'Network security groups', and click the name of the network security group in the MC_redpandaResourceGroup_redpanda_eastus resource group.
-
Add an inbound security rule with the following values:
-
Destination port ranges:
31644,31092,30082,30081
-
Name
AllowRedpandaNodePorts
-
deploy:partial$kubernetes/guides/deploy-redpanda.adoc
deploy:partial$kubernetes/guides/verify-deployment.adoc
deploy:partial$kubernetes/guides/create-user.adoc
deploy:partial$kubernetes/guides/start-streaming.adoc
deploy:partial$kubernetes/guides/explore-topics-localhost.adoc
deploy:partial$kubernetes/guides/external-access-intro.adoc
deploy:partial$kubernetes/guides/external-access-steps.adoc
deploy:partial$kubernetes/default-components.adoc
deploy:partial$kubernetes/guides/uninstall.adoc
To delete your Kubernetes cluster:
az aks delete --name <cluster-name> --resource-group redpandaResourceGroupdeploy:partial$kubernetes/guides/troubleshoot.adoc
deploy:partial$kubernetes/guides/next-steps.adoc
shared:partial$suggested-reading.adoc
deploy:partial$kubernetes/guides/suggested-reading-content.adoc