GDCT

Governance

  • Introduction
    • GitHub Enterprise Team Structure
    • Attestation Process
    • Conclusion

Standards

  • Cloud
    • Azure Application (API) Gateway Management
    • Environments
    • Deployment to the APIM’s
    • Products
    • Subscriptions
    • Developer Portal
    • Signing up for an account
    • Accessing the API’s
    • Monitoring and Metrics
    • Contacting the Cloud Ops Team
    • How GDCT Manages and Provisions Subscriptions
      • Sandbox
      • Retention
      • Your Team Wants to Create Resources from Experimentation
      • TODO, complete this
    • Naming Conventions
      • Legacy Workloads and Naming
      • Repository Names
      • Subscription Example
      • Resource Group Standards
      • Resource Naming
      • What needs to change
    • Secrets Management
      • Usage Guidance
      • GitHub Secrets
      • Terraform Secrets
      • Key Vault Secrets
      • App Configuration
      • Glossary
  • Code
    • Introduction
      • What is a Self-Hosted Runner
      • Differences between GitHub-hosted and self-hosted runners
      • Seagen Self-Hosted Runner Standards
      • Other Standards
  • IaC
    • Standard Module Structure
    • Azure Storage Account Terraform Module
      • Resources
      • Example Usage
      • Storage Account
      • Containers
      • SMB File Shares
      • Inputs
      • Outputs
  • Pipelines
    • Promoting Code through the Seagen Change Control Process
  • Tooling
    • Introduction
      • Microsoft Certified Extensions
      • Hashicorp
      • Git
      • Behavior Driven Development
      • Optional Extensions
      • Added Tools

Strategies

  • Cloud Subscriptions
    • Introduction
      • Sandboxes
      • Dev/Test
      • Standardization
      • Resource Groups within Subscriptions
  • Cloud Technologies
    • Name of Resource
      • Use Cases
      • Process for Use
      • Standards and Practices
      • 2023 Plan
      • 2024 Plan
      • Release Notes
    • Azure
      • Application Insights
      • Azure Service Bus Namespace - Authorization Rule
      • Azure API Management in each of the 3 subscriptions for ETS.
      • Azure Active Directory B2C
      • Azure Active Directory Domain Services
      • Azure Active Directory (Free and Premium P1 + P2)
      • Azure SQL Server (IaaS)
      • Azure SQL Edge
      • Azure VM Image Builder
      • Azure VMware Solution
      • Azure VPN Gateway
      • Azure Advanced Threat Protection
      • Azure Advisor
      • API Management
      • Implementing Azure API Management for Cross-Functional Collaboration
      • Integrating Azure API Management into DevOps for Enhanced Support and Collaboration
      • Application Change Analysis
      • Azure App Configuration
      • Application Gateway
      • Azure Applied AI Services
      • Application Service: API Apps
      • Application Service: Mobile Apps
      • Application Service: Static Web Apps
      • Application Service: Web Apps
      • Appsource
      • Azure Arc-enabled Kubernetes
      • Azure Arc-enabled Servers
      • Azure Archive Storage
      • Azure Attestation
      • Automation
      • Azure Bastion
      • Azure Batch
      • Azure Blockchain
      • Azure Blueprints
      • Azure Bot Service
      • Azure Cache for Redis
      • Azure Cloud for Sustainability
      • Azure Cloud Shell
      • Azure Cloud Services
      • Azure Cognitive Search
      • Azure Cognitive Services REST APIs
      • Azure Cognitive Services: QnA Maker
      • Azure Cognitive Services: Anomaly Detector
      • Azure Cognitive Services: Computer Vision
      • Azure Cognitive Services: Content Moderator
      • Azure Cognitive Services: Custom Vision
      • Azure Cognitive Services: Face
      • Azure Cognitive Services: Form Recognizer
      • Azure Cognitive Services: Immersive Reader
      • Azure Cognitive Services: Language Understanding
      • Azure Cognitive Services: Personalizer
      • Azure Cognitive Services: Speech Services
      • Azure Cognitive Services: Text Analytics
      • Azure Cognitive Services: Translator
      • Azure Communication Services
      • Azure Container Instances
      • Azure Container Registry
      • Azure Container Service
      • Azure Content Delivery Network
      • Azure Cosmos DB
      • Azure Cost Management and Billing
      • Azure Data Catalog
      • Azure Data Explorer
      • Azure Data Factory
      • Azure Data Lake Analytics
      • Azure Data Share
      • Azure Database for PostgreSQL
      • Azure Database Migration Service
      • Azure DDoS Protection
      • Azure Defender for IoT
      • Azure DevOps (formerly VSTS)
      • Azure DevTest Labs
      • Azure Digital Twins
      • Azure DNS
      • Azure Event Grid
      • Azure Event Hub
      • Azure Express Route
      • Azure File Sync
      • Azure Firewall
      • Azure Firewall Manager
      • Azure Front Door
      • Azure Functions
      • Azure Healthcare API (previously API for FHIR)
      • Azure Information Protection
      • Azure Intelligent Recommendations
      • Azure IoT Hub
      • Azure Key Vault
      • Azure Kubernetes Configuration Management
      • Azure Kubernetes Service (AKS)
      • Azure Lab Services
      • Azure Load Balancer
      • Azure Logic Apps
      • Azure Machine Learning
      • Azure Managed Application
      • Azure Maps
      • Azure Media Services
      • Azure Migrate
      • Azure Monitor
      • Azure Multi-Factor Authorization
      • Azure Netapp Files 3
      • Azure Network Watcher
      • Azure Notification Hubs
      • Azure Peering Service
      • Azure Policy
      • Azure Portal
      • Azure Power BI Embedded
      • Azure Private Link
      • Azure Public IP
      • Azure Purview
      • Azure Red Hat OpenShift
      • Azure Resource Graph
      • Azure Resource Manager
      • Azure Resource Mover
      • Azure Route Server
      • Azure Scheduler
      • Azure Security Center
      • Azure SignalIR Service
      • Azure Signup Portal
      • Azure Site Recovery
      • Azure Snowflake
      • Azure Sphere
      • Azure Storage: Blob
      • Azure Storage: Disks
      • Azure Storage: Files
      • Azure Storage: Queues
      • Azure Storage: Tables
      • Leveraging Azure API Management for Organizational Growth
      • Azure Service Fabric
      • Azure Service Health
      • Azure Synapse Analytics
      • Azure Time Series Insights
      • Azure Traffic Manager
      • Azure Virtual WAN
      • Azure Virtual Desktop
      • Azure Virtual Machine (incl. Reserved Instances)
      • Azure Virtual Machine Scale Sets
      • Azure Virtual Network
      • Azure Virtual Network Address Translation (NAT)
      • Azure Web App Firewall
      • Azure Web PubSub
      • Azure SQL and MSSQL Server Secure Access Restrictions and Requirements
      • Azure SQL PaaS Database
      • Databricks Workspace Computing
      • Microsoft Genomics
      • Microsoft Power Automate
      • Name of Cloud Technology
    • Google (GCP)
      • Google IAM and Admin
      • Google Anthos
      • Google API and Services
      • Google App Engine
      • Google Application Integration
      • Google Artifact Registry
      • Google Batch
      • Google BigQuery
      • Google BigTable
      • Google Billing
      • Google Bucket
      • Google Cloud Build
      • Google Cloud Run
      • Google Cloud Scheduler
      • Google Cloud Storage
      • Google Cloud Tasks
      • Google Compliance
      • Google Compute Engine
      • Google Container Registry
      • Google Data Transfer
      • Google Databricks
      • Google Dataflow
      • Google Dataprep
      • Google Dataproc
      • Google Debugger
      • Google Deployment Manager
      • Google Document DB
      • Google Elastic Cloud
      • Google Error Reporting
      • Google Filestore
      • Google Functions
      • Google Healthcare
      • Google Hybrid Connectivity
      • Google Identity Platform
      • Google Kubernetes Engine
      • Google Life Sciences
      • Google Logging
      • Google Maps Platform
      • Google Memorystore
      • Google Monitoring
      • Google Network Intelligence
      • Google Network Security
      • Google Network Services
      • Google Network Service Tiers
      • Google Profiler
      • Google Pub/Sub
      • Google Security
      • Google Service Catalog
      • Google Spanner
      • Google SQL Server (IaaS)
      • Google Support
      • Google Trace
      • Google Vertex AI
      • Google Vertex AI Vision
      • Google VPC Network
      • Google Workflows
      • Introduction
    • Oracle
      • Introduction
    • Salesforce
      • Introduction
  • Mono Repos
    • Introduction
      • When can it be used
      • What are some challenges with monorepos
      • Who are using monorepos today
      • What to consider when creating and using a monorepo
      • Next steps
      • References
  • Infrastructure
    • Introduction
      • Assumptions
      • Site Provisioning
      • Onboarding a Repo
    • Using the 3-digit Server VM Code
      • Domain
      • Who owns the process
      • What happens when there is not a 3 letter code
      • Decision from GDCT
      • Issues
  • Monitoring
    • Monitoring Strategy for Global Digital Cloud Transformation
      • Technical Implementation of Services
  • Network
    • Strategy: Azure Region Peering
      • Planning for the Global Azure Infrastructure
      • Differences Between Peering and VPN
      • Peered Azure Region
      • VPN Connection
      • Advantages to Peering
      • Azure Peering Security Considerations
      • Security Benefits
      • Security Concerns
      • Zero Trust Architecture Implications
      • Conclusion
    • Managing IP Addresses with Azure Region Peering
      • Plan your IP address space
      • Subnet allocation
      • Reserve IP ranges for future use
      • Consistent naming and tagging
      • Use IP address management (IPAM) tools like Efficient IP
      • Automate IP allocation
      • Monitor and audit IP address usage
      • Update and maintain IP address documentation
      • Conclusion
  • Testing
    • Test Automation Framework
      • Tooling
    • Introduction
      • Scope of Change
      • Engineering
      • Applications and Solutions
      • Authentication and Authorization
      • Data and Information Quality Management
      • Baseline Testing
      • Infrastructure and Hardware Testing
  • Training
    • Cloud Training
      • Outline
    • Training Paths
      • Introduction to Global Digital Cloud Transformation
      • Continuous Integration/Continuous Delivery (CI/CD)
      • Developer Training
      • Analyst/Tester Training
      • References
      • CI/CD
      • Cloud
      • Analyst/Tester
    • GitHub
      • GDCT Request Automation
      • GitHub Introduction
      • Shift Quality to the Left
      • What is GitHub and GitHub Actions
  • Vision
    • Configuration as Code
      • CaC Solves Real Problems
      • Manage any Configuration
      • Manage On-Premises - OS - Lab Distributions and Configuration
      • Vision
      • References
    • Infrastructure as Code
      • IaC solves real problems
      • Manage any Infrastructure
      • Module Support
      • Terraform Resources
      • Resources That are Not Allowed
      • Standardize your deployment workflow
      • IaC delivers real benefits
      • Prefer declarative definitions
      • Using IaC on Azure
      • Vision
      • Out of Scope
      • References
    • M1 Scope for GDCT
      • Criteria for Success
      • Onboarding Changes
      • Azure Resource Deployment
      • Google Resource Deployment
      • Oracle Resource Deployment
      • Salesforce Veeva Deployment
      • Terraform Cloud
      • Octoperf Test Automation
      • Overall Process
  • VSM Imaging
    • Introduction
      • Roadmap
      • Timeline
      • Ingestion Process
      • Scale
      • Number of Concurrent Users
  • Zero Trust Architecture
    • Zero Trust Architecture
      • How is ZTA Measured?
      • What is the Value of ZTA
      • What IT Teams are Involved in ZTA?
      • What are the Risks of not Implementing Zero Trust Architecture?
      • References
    • Introduction
      • How can ZTA be Applied to an Application Running in Azure?
      • How can ZTA be Applied to a Data Architecture and our Data Ecosystem?
      • How can ZTA be Applied to the Implementation of a Manufacturing Process Automation System?
    • Introduction
      • Problems
      • Scenarios
      • Deliverables by EOY

How-Tos

  • Getting Started with GitHub and Terraform
    • Project Request Process
  • Azure Arc
    • How to deploy and link arc related resources
      • Files - they should be used in this order for optimal results
      • General Information Before You Start
      • Azure Arc Location
    • How to setup AKS cluster and hook it up to Azure Arc
      • Create a new cluster and connect to it
      • Once you have a cluster running
      • Once the cluster is conected, you can move on to install the data controller and app services extensions with a new location
    • This holds instructions on how to setup a GKE cluster and link it to to Azure Arc
      • Create a new cluster and connect to it
      • Install gcloud locally or use a cloud shell in the UI to run the following commands
      • Hook it up to ARC, this will be run locally or on the Azure side:
      • Once the cluster is conected, you can move on to install the data controller and app services extensions with a new location
    • This describes the process to install the following extensions on the Arc resource for the Kubenetes clusters created
      • All the above services can be added through the UI by navigating to the Extensions page for the Arc resource for the clusters
      • It is recommended to use a Log Analytics Workspace
      • Once these are installed you can now deploy apps, functions, and managed SQL to the new custom location
    • This holds instructions on how to setup a VM or SQL VM in Arc
      • Detailed instructions on how to setup a VM or SQL VM
      • If you are unable to login to AZ then you will have to do the following while setting up a VM
    • This page outlines ways to troubleshoot your Arc deployments
      • How to verify the pods are running the workload
      • Please add more troubleshooting instructions here as they arrise
  • Automated Testing
    • Introduction to Octoperf
      • Logging In
      • Navigation
      • Design the Tests
      • Run the Tests
      • Analysis
      • Limits
      • Recommendations
      • Conclusion
  • LeanIX VSM Integration with GitHub Actions
  • Introduction
    • Local Setup
    • Configuration
    • Building/Testing Locally
    • Publishing Documentation
    • References
  • Start Developing: Introduction
    • How to Get Started
  • How-to: Enter Something Here
    • Background
    • Details
    • Expectations
    • Assumptions
    • Outcomes
    • References

Architectures

  • Lambda Architecture
    • Batch Layer
    • Serving Layer
    • Speed Layer (Stream Layer)
    • Benefits of lambda architectures
    • Challenges with lambda architectures
    • Seagen Demand
    • References
  • Rx Logix Documentation

Registry

  • Blueprint: CosmosDB and Global Replication
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Testing - Monitoring - Support
    • Training - Delivery
  • Blueprint: CKan Knowledge Platform
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Testing - Monitoring - Support
    • Training - Delivery
  • Blueprint: CosmosDB and Global Replication
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Development and Staging Subscriptions
    • Development and Staging Defaults
    • Performance and Production Defaults
    • Testing - Monitoring - Support
    • Training - Delivery
    • References
  • Blueprint: Azure SQL with Networked Global Delivery
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Development and Staging Subscriptions
    • User Defined Settings
    • Defaulted Module Settings Network
    • Testing - Monitoring - Support
    • Training - Delivery

SLAs

  • September 3, 2021
    • Project Goals
    • SLO and SLAs
    • Metrics

Support

  • Introduction
    • Approach for Cloud Product Management
    • Ongoing Cloud Governance
    • Resources Needed
    • 2023 Roadmap
    • Cloud Engineering and Networking
    • Resources Needed
    • 2023 Roadmap
    • DevOps Automation and Operations
    • Resources Needed
    • 2023 Roadmap
    • Platform Needs
      • GitHub Enterprise
      • Snyk
      • Octoperf
      • Terraform
      • Sentinel
      • Artifactory
      • Ansible Cloud
      • Cloud Account Management
      • Cloud Server Management
      • Cloud Network Management
      • Ephemeral Environments
      • Monitoring
      • Cloud Monitoring
      • Application Support
  • DevOps Community of Practice
    • Scenarios
    • Governance
    • Community Support
    • DRAFT FOLLOW-UPS
  • Git SCM Support
    • Installation
      • Windows
      • MAC
    • Documentation
    • GitHub Support
    • Setting User Name and Email
  • Terraform Module Support
    • Versioning
    • What does support mean
    • What Terraform providers are supported by Global DevSecOps
    • What Terraform Modules are currently supported by Global DevSecOps
      • Azure Kubernetes Services
      • Azure API Management
      • Azure Application Insights
      • Azure Authorization Rules
      • Azure Cognitive Account Services - v.007
      • Azure Cosmos DB - v.0.0.11
      • Azure SQL Database - v 0.0.22
      • Azure Databricks Cluster - v0.0.8
      • Azure Databricks Workspaces - v0.0.1
      • Azure Data Factory - v0.0.12
      • Azure Data Lake Gen 2 - v0.0.6
      • Azure Firewall - v0.0.1
      • Azure Function Apps - v0.0.8
      • Azure Identify Providers - v0.0.9
      • Azure Key Vault - v0.0.4
      • Azure Kubernetes Cluster - v0.0.1
      • Azure Network Watcher - v0.0.9
      • Azure Redis Cache - v0.0.6
      • Azure Service Bus - v0.0.7
      • Azure Signal R - v0.0.18
      • Azure Storage - v0.0.7
      • Azure VNET - v0.0.7
      • Azure Windows Web App - v0.0.5
      • Google App Engine - v0.0.3
      • Google Big Query - v5.2.0
      • Google Cloud Build - v0.1.0
      • Google Cloud Run - v0.0.3
      • Google Cloud Storage - v3.2.0
      • Google Databricks - v0.1.0
      • Google Data Flow - v2.1.0
      • Google Data Processor - v0.0.2
      • Google Event Function - v2.2.0
      • Google Cloud Commands - v3.1.1
      • Google Groups - v0.0.1
      • Google Healthcare - v2.2.0
      • Google Kubernetes - v19.0.0
      • Google Memory Store - v4.1.0
      • Google Network - v5.0.0
      • Google Project Services - v0.0.0
      • Google PubSub - v3.2.0
      • Google Scheduled Function - v2.2.0
      • Google Secret Manager - v0.3.1
      • Google Spanner - v0.2.0
      • Google SQL DB - v8.0.0
GDCT
  • Azure Arc
  • How to deploy and link arc related resources
  • View page source

How to deploy and link arc related resources

Today, companies struggle to control and govern increasingly complex environments that extend across data centers, multiple clouds, and edge. Each environment and cloud possesses its own set of management tools, and new DevOps and ITOps operational models can be hard to implement across resources.

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Azure Arc provides a centralized, unified way to:

  • Manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager.

  • Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure.

  • Use familiar Azure services and management capabilities, regardless of where they live.

  • Continue using traditional ITOps while introducing DevOps practices to support new cloud native patterns in your environment.

  • Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

Currently, Azure Arc allows you to manage the following resource types hosted outside of Azure:

  • Servers: Manage Windows and Linux physical servers and virtual machines hosted outside of Azure.

  • Kubernetes clusters: Attach and configure Kubernetes clusters running anywhere, with multiple supported distributions.

  • Azure data services: Run Azure data services on-premises, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice. SQL Managed Instance and PostgreSQL (preview) services are currently available.

  • SQL Server: Extend Azure services to SQL Server instances hosted outside of Azure.

  • Virtual machines (preview): Provision, resize, delete and manage virtual machines based on VMware vSphere or Azure Stack HCI and enable VM self-service through role-based access.

For more information on Azure Arc see this overview

Files - they should be used in this order for optimal results

  • create-aks-cluster.md

    • Create a K8s cluster in Azure

  • create-gke-cluster.md

    • Create a K8s cluster in GCP

  • install-extensions.md

    • Describes how to install the data controller and app services extentions with custom locations. These are needed to deploy Azure services to other Kubernetes clusters

  • troubleshooting.md

    • Holds information on how to debug an Arc setup that is not functioning as intended

General Information Before You Start

  • You will need a node pool in your Kubernetes cluster with at least 3 nodes and 4Vcores + 16GB memory per node or it will not deploy correctly (this is for GKE and AKS)

  • In Azure you need to be in EastUS to deploy AKS with Arc

  • You need the correct IAM permissions in both Azure and GCP to install the necessary namespaces in Kubernetes

  • You will need a data conroller resource and a custom location for both platforms K8s to deploy to them through Arc

  • To install VMs (or SQL VMs) you will need access to the VM and be able to execute a script

  • To deploy apps / functions you have to add the App Service Extension to the Arc resources

  • The Storage selection for App Service Extension must match what you are running in GKE. You cannot use default if you are using standard storage, need to use standard as a parameter

  • All these setup steps you can do from the command line or the Azure UI

Azure Arc Location

Azure Arc is located here in the Azure Portal

Previous Next

© Copyright 2023, ETS.

Built with Sphinx using a theme provided by Read the Docs.