Prepare your Azure Arc-enabled Kubernetes cluster
Important
Azure IoT Operations Preview – enabled by Azure Arc is currently in preview. You shouldn't use this preview software in production environments.
You'll need to deploy a new Azure IoT Operations installation when a generally available release becomes available. You won't be able to upgrade a preview installation.
For legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability, see the Supplemental Terms of Use for Microsoft Azure Previews.
An Azure Arc-enabled Kubernetes cluster is a prerequisite for deploying Azure IoT Operations Preview. This article describes how to prepare a cluster before you deploy Azure IoT Operations. This article includes guidance for both Ubuntu and Windows.
The steps in this article prepare your cluster for a secure settings deployment, which is a longer but production-ready process. If you want to deploy Azure IoT Operations quickly and run a sample workload with only test settings, see the Quickstart: Run Azure IoT Operations Preview in GitHub Codespaces with K3s instead. For more information about test settings and secure settings, see Deployment details > Choose your features.
Prerequisites
Microsoft supports Azure Kubernetes Service (AKS) Edge Essentials for deployments on Windows and K3s for deployments on Ubuntu. For a list of specific hardware and software combinations that are tested and validated, see Validated environments.
If you want to deploy Azure IoT Operations to a multi-node solution, use K3s on Ubuntu.
To prepare an Azure Arc-enabled Kubernetes cluster, you need:
An Azure subscription. If you don't have an Azure subscription, create one for free before you begin.
Azure CLI version 2.64.0 or newer installed on your development machine. Use
az --version
to check your version andaz upgrade
to update if necessary. For more information, see How to install the Azure CLI.The latest version of the following extensions for Azure CLI:
az extension add --upgrade --name azure-iot-ops az extension add --upgrade --name connectedk8s
Hardware that meets the system requirements:
- Ensure that your machine has a minimum of 16-GB available RAM and 8 available vCPUs reserved for Azure IoT Operations.
- Azure Arc-enabled Kubernetes system requirements.
- K3s requirements.
If you're going to deploy Azure IoT Operations to a multi-node cluster with fault tolerance enabled, review the hardware and storage requirements in Prepare Linux for Edge Volumes.
Create and Arc-enable a cluster
This section provides steps to create clusters in validated environments on Linux and Windows.
To prepare a K3s Kubernetes cluster on Ubuntu:
Install K3s following the instructions in the K3s quick-start guide.
Check to see that kubectl was installed as part of K3s. If not, follow the instructions to Install kubectl on Linux.
kubectl version --client
Follow the instructions to Install Helm.
Create a K3s configuration yaml file in
.kube/config
:mkdir ~/.kube sudo KUBECONFIG=~/.kube/config:/etc/rancher/k3s/k3s.yaml kubectl config view --flatten > ~/.kube/merged mv ~/.kube/merged ~/.kube/config chmod 0600 ~/.kube/config export KUBECONFIG=~/.kube/config #switch to k3s context kubectl config use-context default sudo chmod 644 /etc/rancher/k3s/k3s.yaml
Run the following command to increase the user watch/instance limits.
echo fs.inotify.max_user_instances=8192 | sudo tee -a /etc/sysctl.conf echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf sudo sysctl -p
For better performance, increase the file descriptor limit:
echo fs.file-max = 100000 | sudo tee -a /etc/sysctl.conf sudo sysctl -p
Configure multi-node clusters for Azure Container Storage
On multi-node clusters with at least three nodes, you have the option of enabling fault tolerance for storage with Azure Container Storage enabled by Azure Arc when you deploy Azure IoT Operations.
If you want to enable fault tolerance during deployment, configure your clusters by following the steps in Prepare Linux for Edge Volumes using a multi-node Ubuntu cluster.
Arc-enable your cluster
Connect your cluster to Azure Arc so that it can be managed remotely.
On the machine where you deployed the Kubernetes cluster, sign in with Azure CLI:
az login
If at any point you get an error that says Your device is required to be managed to access your resource, run
az login
again and make sure that you sign in interactively with a browser.After you sign in, the Azure CLI displays all of your subscriptions and indicates your default subscription with an asterisk
*
. To continue with your default subscription, selectEnter
. Otherwise, type the number of the Azure subscription that you want to use.Register the required resource providers in your subscription.
Note
This step only needs to be run once per subscription. To register resource providers, you need permission to do the
/register/action
operation, which is included in subscription Contributor and Owner roles. For more information, see Azure resource providers and types.az provider register -n "Microsoft.ExtendedLocation" az provider register -n "Microsoft.Kubernetes" az provider register -n "Microsoft.KubernetesConfiguration" az provider register -n "Microsoft.IoTOperations" az provider register -n "Microsoft.DeviceRegistry" az provider register -n "Microsoft.SecretSyncController"
Use the az group create command to create a resource group in your Azure subscription to store all the resources:
For the list of currently supported Azure regions, see Supported regions.
az group create --location <REGION> --resource-group <RESOURCE_GROUP> --subscription <SUBSCRIPTION_ID>
Use the az connectedk8s connect command to Arc-enable your Kubernetes cluster and manage it as part of your Azure resource group.
az connectedk8s connect --name <CLUSTER_NAME> -l <REGION> --resource-group <RESOURCE_GROUP> --subscription <SUBSCRIPTION_ID> --enable-oidc-issuer --enable-workload-identity
Get the cluster's issuer URL.
az connectedk8s show --resource-group <RESOURCE_GROUP> --name <CLUSTER_NAME> --query oidcIssuerProfile.issuerUrl --output tsv
Save the output of this command to use in the next steps.
Create a k3s config file.
sudo nano /etc/rancher/k3s/config.yaml
Add the following content to the
config.yaml
file, replacing the<SERVICE_ACCOUNT_ISSUER>
placeholder with your cluster's issuer URL.kube-apiserver-arg: - service-account-issuer=<SERVICE_ACCOUNT_ISSUER> - service-account-max-token-expiration=24h
Save the file and exit the nano editor.
Get the
objectId
of the Microsoft Entra ID application that the Azure Arc service uses in your tenant and save it as an environment variable. Run the following command exactly as written, without changing the GUID value.export OBJECT_ID=$(az ad sp show --id bc313c14-388c-4e7d-a58e-70017303ee3b --query id -o tsv)
Use the az connectedk8s enable-features command to enable custom location support on your cluster. This command uses the
objectId
of the Microsoft Entra ID application that the Azure Arc service uses. Run this command on the machine where you deployed the Kubernetes cluster:az connectedk8s enable-features -n <CLUSTER_NAME> -g <RESOURCE_GROUP> --custom-locations-oid $OBJECT_ID --features cluster-connect custom-locations
Restart K3s.
systemctl restart k3s
Verify your cluster
To verify that your cluster is ready for Azure IoT Operations deployment, you can use the verify-host helper command in the Azure IoT Operations extension for Azure CLI. When run on the cluster host, this helper command checks connectivity to Azure Resource Manager and Microsoft Container Registry endpoints.
az iot ops verify-host
Advanced configuration
At this point, when you have an Azure Arc-enabled Kubernetes cluster but before you deploy Azure IoT Operations to it, you might want to configure your cluster for advanced scenarios.
- If you want to enable observability features on the cluster, follow the steps in Deploy observability resources and set up logs.
- If you want to configure your own certificate issuer on the cluster, follow the steps in Certificate management > Bring your own issuer.
Next steps
Now that you have an Azure Arc-enabled Kubernetes cluster, you can deploy Azure IoT Operations.