| title | CNCF Cluster Script Output Blueprint | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| description | Infrastructure as Code configurations for generating K3s Kubernetes cluster installation scripts with Azure Arc connectivity without actual deployment | |||||||||
| author | Edge AI Team | |||||||||
| ms.date | 2025-06-07 | |||||||||
| ms.topic | reference | |||||||||
| keywords |
|
|||||||||
| estimated_reading_time | 2 |
This blueprint provides Infrastructure as Code (IaC) configurations for generating installation scripts that set up and configure K3s Kubernetes clusters with Azure Arc connectivity. Unlike the full deployment blueprints, this option focuses on script generation without actually deploying the cluster resources. The generated scripts can then be manually executed in your target environment.
There are two implementation options:
- Terraform: Generates scripts that can be output to a local directory
- Bicep: Generates scripts and stores them as secrets in an Azure Key Vault
Both implementations create two types of scripts:
- Server Script: For setting up the primary K3s server node and Arc enablement
- Node Script: For joining additional worker nodes to the cluster (for multi-node deployments)
- Uses the reusable component from
/src/100-edge/100-cncf-cluster/terraform - Outputs the generated scripts to the specified output path
- Can optionally create an Azure managed identity for cluster Arc enablement
| Variable | Description | Default | Required |
|---|---|---|---|
resource_prefix |
Prefix for all resources | n/a | yes |
environment |
Environment (dev, test, prod) | n/a | yes |
instance |
Instance identifier | "001" |
no |
custom_locations_oid |
Custom Locations Service Principal Object ID | null (will attempt to retrieve) |
no |
arc_onboarding_sp |
Service Principal for Arc onboarding | null |
no |
cluster_admin_id |
ID for cluster-admin permissions | null (current user if enabled) |
no |
should_output_cluster_server_script |
Whether to output the server script | true |
no |
should_output_cluster_node_script |
Whether to output the node script | false |
no |
script_output_filepath |
Path to output script files | "./out" |
no |
should_upload_to_key_vault |
Upload scripts to Key Vault as secrets | false |
no |
key_vault_name |
Name of the Key Vault | "kv-{prefix}-{env}-{instance}" |
no |
- Deploys a user-assigned managed identity for Arc onboarding (if enabled)
- Creates role assignments (if enabled)
- Generates scripts and stores them as secrets in an Azure Key Vault
- Provides outputs for accessing the generated scripts
| Parameter | Description | Default | Required |
|---|---|---|---|
common |
Common settings (resourcePrefix, location, etc.) | n/a | yes |
customLocationsOid |
Custom Locations Service Principal Object ID | n/a | yes |
keyVaultName |
Name of the Key Vault for script storage | Generated from resource prefix | no |
arcOnboardingSpClientId |
Service Principal Client ID for Arc onboarding | n/a | no |
shouldAddCurrentUserClusterAdmin |
Add current user as cluster admin | true |
no |
clusterServerVirtualMachineName |
VM name for the server | n/a | no |
clusterNodeVirtualMachineNames |
VM names for worker nodes | n/a | no |
shouldDeployScriptToVm |
Deploy scripts directly to VMs | false |
no |
Ensure you have the following prerequisites:
- If using
should_upload_to_key_vault=true:- An existing Key Vault in your resource group (will be automatically found using naming convention if not specified)
- Or specify a custom Key Vault name with
key_vault_name
- Appropriate permissions to create resources
Follow detailed deployment instructions from the blueprints README.md, Detailed Deployment Workflow
This blueprint produces two types of scripts:
-
Server Script: Sets up the Kubernetes cluster primary node with K3s, installs necessary components, and enables Azure Arc connectivity.
-
Node Script: Configures additional nodes to join an existing K3s cluster (for multi-node deployments).
The scripts handle:
- K3s installation and configuration
- Azure CLI installation (optional)
- Azure login and subscription setup
- Azure Arc enablement
- Custom locations registration
- Workload identity setup
- Cluster role assignments
- See the full-single-cluster blueprint for complete deployment including the cluster
- See the full-multi-node-cluster blueprint for multi-node deployments
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.