Quickstart: Deploy Azure IoT Operations Preview to an Arc-enabled Kubernetes cluster
Important
Azure IoT Operations Preview – enabled by Azure Arc is currently in PREVIEW. You shouldn't use this preview software in production environments.
See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
In this quickstart, you deploy a suite of IoT services to an Azure Arc-enabled Kubernetes cluster so that you can remotely manage your devices and workloads. Azure IoT Operations is a digital operations suite of services that includes Azure IoT Orchestrator Preview. This quickstart guides you through using Orchestrator to deploy these services to a Kubernetes cluster. At the end of the quickstart, you have a cluster that you can manage from the cloud that generates sample data to use in the following quickstarts.
The services deployed in this quickstart include:
- Azure IoT Orchestrator Preview
- Azure IoT MQ Preview
- Azure IoT OPC UA Broker Preview with simulated thermostat asset to start generating data
- Azure IoT Akri Preview
- Azure Device Registry Preview
- Azure IoT Layered Network Management Preview
- Observability
The following quickstarts in this series build on this one to define sample assets, data processing pipelines, and visualizations. If you want to deploy Azure IoT Operations to a cluster such as AKS Edge Essentials in order to run your own workloads, see Prepare your Azure Arc-enabled Kubernetes cluster and Deploy Azure IoT Operations Preview extensions to a Kubernetes cluster.
Before you begin
This series of quickstarts is intended to help you get started with Azure IoT Operations as quickly as possible so that you can evaluate an end-to-end scenario. In a true development or production environment, these tasks would be performed by multiple teams working together and some tasks might require elevated permissions.
For the best new user experience, we recommend using an Azure free account so that you have owner permissions over the resources in these quickstarts. We also provide steps to use GitHub Codespaces as a virtual environment in which you can quickly begin deploying resources and running commands without installing new tools on your own machines.
Prerequisites
For this quickstart, you create a Kubernetes cluster to receive the Azure IoT Operations deployment.
If you want to rerun this quickstart with a cluster that already has Azure IoT Operations deployed to it, refer to the steps in Clean up resources to uninstall Azure IoT Operations before continuing.
Before you begin, prepare the following prerequisites:
An Azure subscription. If you don't have an Azure subscription, create one for free before you begin.
A GitHub account.
Visual Studio Code installed on your development machine. For more information, see Download Visual Studio Code.
What problem will we solve?
Azure IoT Operations is a suite of data services that run on Kubernetes clusters. You want these clusters to be managed remotely from the cloud, and able to securely communicate with cloud resources and endpoints. We address these concerns with the following tasks in this quickstart:
- Create a Kubernetes cluster and connect it to Azure Arc for remote management.
- Create an Azure Key Vault to manage secrets for your cluster.
- Configure your cluster with a secrets store and service principal to communicate with cloud resources.
- Deploy Azure IoT Operations to your cluster.
Connect a Kubernetes cluster to Azure Arc
Azure IoT Operations should work on any Kubernetes cluster that conforms to the Cloud Native Computing Foundation (CNCF) standards. For speed and convenience, this quickstart uses GitHub Codespaces to host your cluster.
Important
Codespaces are easy to set up quickly and tear down later, but they're not suitable for performance evaluation or scale testing. Use GitHub Codespaces for exploration only. To learn how to deploy Azure IoT Operations to a production cluster such as AKS Edge Essentials, see Prepare your Azure Arc-enabled Kubernetes cluster.
In this section, you create a new cluster and connect it to Azure Arc. If you want to reuse a cluster that you've deployed Azure IoT Operations to before, refer to the steps in Clean up resources to uninstall Azure IoT Operations before continuing.
Use GitHub Codespaces to try Azure IoT Operations on a Kubernetes cluster without installing anything on your local machine. The Azure-Samples/explore-iot-operations codespace is preconfigured with:
- K3s running in K3d for a lightweight Kubernetes cluster
- Azure CLI
- Kubectl for managing Kubernetes resources
- Other useful tools like Helm and k9s
To create your codespace and cluster, use the following steps:
Create a codespace in GitHub Codespaces.
Provide the following recommended secrets for your codespace:
Parameter Value SUBSCRIPTION_ID Your Azure subscription ID. RESOURCE_GROUP A name for a new Azure resource group where your cluster will be created. LOCATION An Azure region close to you. The following regions are supported in public preview: eastus, eastus2, westus, westus2, westus3, westeurope, or northeurope. Tip
The values you provide as secrets in this step get saved on your GitHub account to be used in this and future codespaces. They're also automatically added as environment variables in the codespace terminal, and you can use those environment variables in the CLI commands in the next section.
Additionally, this codespace automatically creates a
CLUSTER_NAME
environment variable which is set with the codespace name.Select Create new codespace.
Once the codespace is ready, select the menu button at the top left, then select Open in VS Code Desktop.
If prompted, install the GitHub Codespaces extension for Visual Studio Code and sign in to GitHub.
In Visual Studio Code, select View > Terminal.
Use this terminal to run all of the command line and CLI commands for managing your cluster.
To connect your cluster to Azure Arc:
In your codespace terminal, sign in to Azure CLI:
az login
Tip
If you're using the GitHub codespace environment in a browser rather than VS Code desktop, running
az login
returns a localhost error. To fix the error, either:- Open the codespace in VS Code desktop, and then return to the browser terminal and rerun
az login
. - Or, after you get the localhost error on the browser, copy the URL from the browser and run
curl "<URL>"
in a new terminal tab. You should see a JSON response with the message "You have logged into Microsoft Azure!."
- Open the codespace in VS Code desktop, and then return to the browser terminal and rerun
Set the Azure subscription context for all commands:
az account set -s $SUBSCRIPTION_ID
Register the required resource providers in your subscription:
Note
This step only needs to be run once per subscription.
az provider register -n "Microsoft.ExtendedLocation" az provider register -n "Microsoft.Kubernetes" az provider register -n "Microsoft.KubernetesConfiguration" az provider register -n "Microsoft.IoTOperationsOrchestrator" az provider register -n "Microsoft.IoTOperationsMQ" az provider register -n "Microsoft.IoTOperationsDataProcessor" az provider register -n "Microsoft.DeviceRegistry"
Use the az group create command to create a resource group in your Azure subscription to store all the resources:
az group create --location $LOCATION --resource-group $RESOURCE_GROUP --subscription $SUBSCRIPTION_ID
Use the az connectedk8s connect command to Arc-enable your Kubernetes cluster and manage it as part of your Azure resource group:
az connectedk8s connect -n $CLUSTER_NAME -l $LOCATION -g $RESOURCE_GROUP --subscription $SUBSCRIPTION_ID
Tip
The value of
$CLUSTER_NAME
is automatically set to the name of your codespace. Replace the environment variable if you want to use a different name.Get the
objectId
of the Microsoft Entra ID application that the Azure Arc service uses and save it as an environment variable.export OBJECT_ID=$(az ad sp show --id bc313c14-388c-4e7d-a58e-70017303ee3b --query id -o tsv)
Use the az connectedk8s enable-features command to enable custom location support on your cluster. This command uses the
objectId
of the Microsoft Entra ID application that the Azure Arc service uses.az connectedk8s enable-features -n $CLUSTER_NAME -g $RESOURCE_GROUP --custom-locations-oid $OBJECT_ID --features cluster-connect custom-locations
Verify cluster
Use the Azure IoT Operations extension for Azure CLI to verify that your cluster host is configured correctly for deployment by using the verify-host command on the cluster host:
az iot ops verify-host
This helper command checks connectivity to Azure Resource Manager and Microsoft Container Registry endpoints.
Deploy Azure IoT Operations Preview
In this section, you use the az iot ops init command to configure your cluster so that it can communicate securely with your Azure IoT Operations components and key vault, then deploy Azure IoT Operations.
Run the following CLI commands in your Codespaces terminal.
Create a key vault. For this scenario, we'll use the same name and resource group as your cluster. Keyvault names have a maximum length of 24 characters, so the following command truncates the
CLUSTER_NAME
environment variable if necessary.az keyvault create --enable-rbac-authorization false --name ${CLUSTER_NAME:0:24} --resource-group $RESOURCE_GROUP
Tip
You can use an existing key vault for your secrets, but verify that the Permission model is set to Vault access policy. You can check this setting in the Azure portal in the Access configuration section of an existing key vault. Or use the az keyvault show command to check that
enableRbacAuthorization
is false.Deploy Azure IoT Operations. This command takes several minutes to complete:
az iot ops init --simulate-plc --cluster $CLUSTER_NAME --resource-group $RESOURCE_GROUP --kv-id $(az keyvault show --name ${CLUSTER_NAME:0:24} -o tsv --query id)
If you get an error that says Your device is required to be managed to access your resource, run
az login
again and make sure that you sign in interactively with a browser.Tip
If you've run
az iot ops init
before, it automatically created an app registration in Microsoft Entra ID for you. You can reuse that registration rather than creating a new one each time. To use an existing app registration, add the optional parameter--sp-app-id <APPLICATION_CLIENT_ID>
.
View resources in your cluster
While the deployment is in progress, you can watch the resources being applied to your cluster. You can use kubectl commands to observe changes on the cluster or, since the cluster is Arc-enabled, you can use the Azure portal.
To view the pods on your cluster, run the following command:
kubectl get pods -n azure-iot-operations
It can take several minutes for the deployment to complete. Continue running the get pods
command to refresh your view.
To view your cluster on the Azure portal, use the following steps:
In the Azure portal, navigate to the resource group that contains your cluster.
From the Overview of the resource group, select the name of your cluster.
On your cluster, select Extensions from the Settings section of the menu.
You can see that your cluster is running extensions of the type microsoft.iotoperations.x, which is the group name for all of the Azure IoT Operations components and the orchestration service. These extensions have a unique suffix that identifies your deployment. In the previous screenshot, this suffix is -tg45l.
There's also an extension called akvsecretsprovider. This extension is the secrets provider that you configured and installed on your cluster with the
az iot ops init
command. You might delete and reinstall the Azure IoT Operations components during testing, but keep the secrets provider extension on your cluster.Make a note of the full name of the extension called mq-.... You use this name in the following quickstarts.
How did we solve the problem?
In this quickstart, you configured your Arc-enabled Kubernetes cluster so that it could communicate securely with your Azure IoT Operations components. Then, you deployed those components to your cluster. For this test scenario, you have a single Kubernetes cluster that's probably running locally on your machine. In a production scenario, however, you can use the same steps to deploy workloads to many clusters across many sites.
Clean up resources
If you're continuing on to the next quickstart, keep all of your resources.
If you want to delete the Azure IoT Operations deployment but want to keep your cluster, use the az iot ops delete command.
az iot ops delete --cluster $CLUSTER_NAME --resource-group $RESOURCE_GROUP
If you want to delete all of the resources you created for this quickstart, delete the Kubernetes cluster where you deployed Azure IoT Operations and remove the Azure resource group that contained the cluster.
Next step
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for