Azure Kubernetes setup

DougWalker
DougWalker
Community Member

I'm putting this here to help others and also have something to reference later in case I have to re do the work!

So I've been through the process of setting up the SCIM bridge recently and found that by default Azure will not let you select the B2s at cluster creation and the lowest you can select is B4ms.

The cost of the B4ms is £87.60 for a single VM without storage costs which is above what we wanted to pay for a user sync solution.

We found that once the cluster was created we could edit the VM size down to a B2s, change the cluster size to 2, let the VM initialize and then turn off the B4 VM and reduce the nodes back to 1. This reduced the VM cost down to £21.83.

What we then found was the OS disk was using a premium SSD (as donated by the s in B2s) and was 128GB. This was then going to cost us £17.69 a month. As I hadn't deleted the previous VM it was actually going to cost us £35 as we had two disks. Removing the first B4 VM removed the extra cost. The £17.69 was, again, more than we wanted to pay for a user sync service. I could find a way of changing the OS disk type from premium disks to standard which would drop the cost to £7.84 nor could I find a way of shrinking the OS disk once it had been created. Shrinking the disk to the minimum 30GB size would result in a monthly cost of £4.74 even on the premium SSDs!

Then the load balancer that sits in front of the cluster was going to cost another £13~ a month. This defaults to 'standard' and I couldn't find a way of changing this but, to be fair, I didn't waste a lot of time looking. The 'Basic' SKU is free to use and as far as I can see works fine.

This brought the total cost of the SCIM bridge to around £50 a month.

I went searching around to see if the price of this could be reduced and from what I did find the cluster HAS to be created with the correct settings from the start. I found this site VERY useful in creating the best priced cluster and once the cluster was created the rest of the instructions from 1Password worked as expected.

I highly suggest reading though the link above but I will summarize here:

  • The B2s VM can be selected when creating the cluster using the CLI but not in the GUI
  • The load balancer can be set to 'Basic' which is free!
  • The disk defaults to 128GB, the minimum is 30GB so selecting 32GB seems to work just fine.
  • The B2s defaults to premium SSD, I still don't know how to change this.

So with the above, when you get to step 3 on this page don't follow the instructions and use the GUI, use the CLI with the following commands:

az login

az aks create -n CLUSTERNAMEHERE \
    --node-count 1 \
    --node-vm-size Standard_B2s \
    --load-balancer-sku basic \
    --node-osdisk-size 32

I actually had to specify my subscription and resource group I wanted to use as we have multiple subscriptions and resource groups. I also had to specify the command --generate-ssh-keys as I didn't have a private key already set.

So my command looked like this:

az login

az aks create -n CLUSERNAMEHERE --subscription SUBNAMEHERE --resource-group RESOURCEGROUPHERE --node-count 1 --node-vm-size Standard_B2s --load-balancer-sku basic --node-osdisk-size 32 --generate-ssh-keys

This has resulted in a SCIM bridge costing around 90p a day, much more manageable! This could probably be reduced if the VM was only turned on when the Azure provisioning is due to run OR if the bridge was only turned on for an hour or 2 in the morning and evening but I haven't gone that far into it yet. I'm not sure that the Azure Enterprise App provisioning will recover on it's own if the bridge isn't available for hours on end.



TL;DR - the default Azure pricing will set you back around £100/m if you create the cluster via the GUI. You can edit the GUI created cluster but you will still be stuck with a load balancer costing £13 and 128GB Premium SSD for the OS disk costing £17. Creating the cluster via the GUI with the above commands will result in the cheap VM being used from the start, no Load Balancer cost and a 32GB Premium SSD costing £4 instead.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_alice_t
    edited January 2022

    Thank you for writing in. This is really useful information. It seems things have changed since we initially wrote our documentation last year, which was designed with keeping costs as low as possible in mind. The total cost you've found is more around what we'd expect it to cost for our customers. I'll be sure to note this in our internal ongoing documentation improvement ticket to get this updated, as we're also working on other AKS improvements as well.

  • DougWalker
    DougWalker
    Community Member

    No worries! Although we heavily use AAD, Office 365 and enterprise apps for SSO most of our kit is still on premise so running services and VMs in Azure isn't something we have really done before.

    MS are pretty sneaky with the defaults they leave on and making you battle through bits to keep the costs down. Kind of annoying you can't change to the B2 or 32GB drive in the GUI though at cluster creation.

    No issues with using any of the above, we are happy with the result so far!

    I don't suppose if you know if the Azure App Provisioning will start working again if we did power the VM off for 10 hours and then leave on for 2 hours? That would reduce the VM price down to nothing pretty much. If I get round to testing this I will feedback anyway.

  • You can definitely enable the SCIM bridge on an "as-needed" basis. AzureAD will likely put your Provisioning integration into "Quarantine" after an extended period of time of being unable to contact the SCIM bridge, but you can simply press the "Restart Provisioning" button and it will resume provisioning after a few minutes. You can observe both the AAD and AKS logs to see when the provisioning requests have completed, and shut it down again.

This discussion has been closed.