Blog Post

Networking Blog
4 MIN READ

Azure Kubernetes Service on Azure Stack HCI Parity with AKS PowerShell

jessicaguan's avatar
jessicaguan
Former Employee
Mar 03, 2021

AksHci PowerShell February Release 

If you were one of many people who gave us feedback on our December release, we have exciting news for you! In our February release, we’ve delivered one of the most requested features, additional networking options! While you can use PowerShell or Windows Admin Center to provision and manage your Azure Kubernetes Service clusters on Azure Stack HCI (AKS-HCI), this post will focus on  the AksHci PowerShell module and how it is moving closer to being aligned with the AKS PowerShell module. 

 

What’s new? 

In this version of the AksHci PowerShell, new capabilities are now available such as creating a private virtual network, static IP deployment, and Active Directory integration. 

 

Now, with the new command `New-AksHciNetworkSetting`, users are given the option to deploy with DHCP or static IP. We recommend deploying with Static IP because the IP addresses remain the same over time unless it is changed manually. This command will create a configuration object for a virtual network for the control plane, load balancer, agent endpoints, and a static IP range for nodes in all clusters. To deploy a cluster with a virtual network based on the configuration object created, you will pass the assigned name of the object to the new parameter `-vnet` in the command `Set-AksHciConfig`. 

 

New-AksHciNetworkSetting example for static IP deployment 

$vnet = New-AksHciNetworkSetting -vnetName "External" -k8sNodeIpPoolStart "172.16.10.0"

-k8sNodeIpPoolEnd "172.16.10.255" -vipPoolStart "172.16.255.0" -vipPoolEnd "172.16.255.254"

-ipAddressPrefix "172.16.0.0/16" -gateway "172.16.0.1" -dnsServers "172.16.0.1"  

 

Set-AksHciConfig -imageDir c:\clusterstorage\volume1\Images

-cloudConfigLocation c:\clusterstorage\volume1\Config -vnet $vnet -enableDiagnosticData 

-cloudservicecidr "172.16.10.10/16" 

 

Install-AksHci 

*Note: The values for the parameters need to be configured to your environment. 

 

New-AksHciNetworkSetting example for a DHCP deployment 

$vnet = New-AksHciNetworkSetting -vnetName "External" -vipPoolStart "172.16.255.0"

-vipPoolEnd "172.16.255.254" 

 

Set-AksHciConfig -imageDir c:\clusterstorage\volume1\Images

-cloudConfigLocation c:\clusterstorage\volume1\Config -vnet $vnet -enableDiagnosticData" 

 

Install-AksHci 

*Note: The values for the parameters need to be configured to your environment. 

 

For more information about the `New-AksHciNetworkSetting` command and its parameters, go here.

 

For more information on virtual network, Static IP, and DHCP, go here.

 

In addition to the new virtual network and Static IP features, you can now integrate Active Directory (AD) with Azure Kubernetes Service on Azure Stack HCI. Without Active Directory, connection to the API server relied on a certificate-based kubeconfig file. Having secrets such as these certs in the kubeconfig file creates a greater opportunity for those secrets to be leaked. Now, users can enable AD authentication to use AD single sign-on (SSO) to securely connect to the API server. This new feature introduces a new parameter, -enableAdAuth`, to the command `New-AksHciCluster` and a new command, `Install-AksHciAdAuth` 

 

Install-AksHciAdAuth example 

New-AksHciCluster -name mynewcluster1 –enableADAuth 

 

Install-AksHciAdAuth -name mynewcluster1 -keytab <.\current.keytab>

-previousKeytab <.\previous.keytab> -SPN <service/principal@CONTOSO.COM>

-adminUser CONTOSO\Bob 

 

 *Note: The values for the parameters need to be configured to your environment. 

 

For more information on the `Install-AksHciAdAuth` command and its parameters, go here

 

For a tutorial on Active Directory integration with AKS-HCI, go here.

 

Parity with Azure Kubernetes Service (AKS) PowerShell 

Not only do these new features provide a wider range of capabilities and configuration for our customers, but they also bring the AKS-HCI platform to be more closely aligned with AKS capabilities. The AKS-HCI team is working on bringing parity between the two platforms. One of the goals for this is to make sure that the user experience for AKS and AKS-HCI is as closely aligned as possible. There are two ways to provision and manage your AKS-HCI clusters: Windows Admin Center and the AKS-HCI PowerShell module, which are designed to have the same user experience as the Azure Portal and AKS PowerShell respectively. 

 

Below, these are some examples of AKS-HCI and AKS commands. 

 

Provision a Kubernetes cluster 

AKS-HCI 

AKS 

New-AksHciCluster -name mycluster 

New-AzAksCluster -name mycluster

-resourceGroupName myresourcegroup 

*Note: The parameter ‘-resourceGroupName’ is different because AKS-HCI is run on-premises and its resource are not grouped. 

 

List deployed Kubernetes clusters 

AKS-HCI 

AKS 

Get-AksHciCluster 

Get-AzAksCluster 

 

Delete a Kubernetes cluster 

AKS-HCI 

AKS 

Remove-AksHciCluster -name mycluster 

Remove-AzAksCluster -name mycluster 

-resourceGroupName myresourcegroup 

*Note: The parameter ‘-resourceGroupName’ is different because AKS-HCI is run on-premises and its resource are not grouped. 

 

There are still some disparities between the two modules, but we are working on closing these gaps in future releases to provide customers with a seamless experience for a hybrid environment in AKS and AKS-HCI. 

 

We would love feedback on AKS consistency in PowerShell, hearing about any other AKS features you would like to see in AKS-HCI, or if you are interested in an on-premises Kubernetes solution! Please fill out this quick survey here.

 

Learn how to set up your Azure Kubernetes Service host on Azure Stack HCI here.

Updated Mar 02, 2021
Version 1.0
No CommentsBe the first to comment