You'll install IoT Edge workloads on Kubernetes. For expediency, the cluster environment will be hosted in a single Azure VM with 3 docker containers emulating 3 Kubernetes nodes using the k3d tool.

You'll need Azure Cloud Shell for this lab with an active Azure subscription.

Perform the following steps in the Azure Cloud Shell environment.

  1. Select ‘Bash' from the top left as the environment for your cloud shell.
  2. Add the Azure IoT extension to the cloud shell instance.
    az extension add --name azure-cli-iot-ext 
  3. Create a resource group to hold the cloud infrastructure you'll use for the lab.

Perform these steps in the cloud shell environment.

  1. Create an IoT Hub
    az iot hub create \
    --resource-group iotlab-k8s-resources-$UNIQUESTRING \
    --name iotlab-k8s-hub-$UNIQUESTRING \
    --sku S1 \
    --partition-count 2   
  2. Register IoT Edge device
    az iot hub device-identity create \
    --hub-name iotlab-k8s-hub-$UNIQUESTRING \
    --device-id edge-k8s-device-$UNIQUESTRING \

Configure a sample set of inter-communicating modules as the workload to run on the device

# Download
wget \
-O workload.json -q   

# Set
az iot edge set-modules \
  --hub-name iotlab-k8s-hub-$UNIQUESTRING \
  --device-id edge-k8s-device-$UNIQUESTRING \
  --content workload.json   

Perform these steps in the cloud shell environment.

  1. Setup an SSH key to login to the VM
    ssh-keygen -m PEM -t rsa -b 4096 -q -f ~/.ssh/id_k8s_lab -N ""   
  2. Provision a VM and associate with edge device identity
    # Set environment variable
    export CONNSTR=$(az iot hub device-identity show-connection-string \
      --device-id edge-k8s-device-$UNIQUESTRING \
      --hub-name iotlab-k8s-hub-$UNIQUESTRING \
      -o tsv)   
    # Deploy Kubernetes in a VM
    az group deployment create \
      --name edgeVm \
      --resource-group iotlab-k8s-resources-$UNIQUESTRING \
      --template-uri "" \
      --parameters location=$RGLOC \
      --parameters dnsLabelPrefix=iotedge-k8s-vm-$UNIQUESTRING \
      --parameters adminUsername='azureuser' \
      --parameters deviceConnectionString=$CONNSTR \
      --parameters authenticationType='sshPublicKey' \
      --parameters adminPasswordOrKey="$(< ~/.ssh/" | \
        jq .properties.outputs   
  1. Note the ssh command from the value key in previous command's output and use it to login to the VM. For example ssh -i ~/.ssh/id_k8s_lab
  2. It can take about 5-7 minutes for the VM to complete provisioning, enter watch kubectl get nodes in the VM's bash shell and wait for it to report 3 nodes. It is expected you'll see "not found" initially.

Ctrl+c returns you to the VM's shell.

When deployed on Kubernetes, the IoT Edge runtime automagically translates the IoT Edge application deployment to Kubernetes primitives. As someone familiar with IoT Edge, there are minimal new concepts you'll need to learn.

Better yet, modules you developed for a single device will work without any changes on Kubernetes. For instance, the workload you set to run on Kubernetes is the very same you used in the Deploy an IoT Edge VM lab. Device workloads are installed in their own isolated namespace. Here, we installed the workload in a namespace called helloworld. Check if it's running

# Run this in the VM emulating the Kubernetes 
# environment. 'k9s' is a tool to visually interact
# with the cluster.

k9s -n helloworld 

In k9s explorer, hit SHIFT+: and enter po to view the pods that are hold workloads in Kubernetes. Each IoT Edge module runs in a Kubernetes pod. Notice them coming up just like in a single device, however on Kubernetes, they are coming up on different nodes. The Kubernetes scheduler actively moves workloads from unhealthy nodes to healthy ones thereby improving deployment resiliency.

Selecting a pod and hitting l will show its logs (along with its sidecar proxy). Hitting Ctrl+k with workload pod selected will kill it (don't pick the iotedged pod since it's not setup to persist state in this example 😁); notice the pod coming up again as Kubernetes drives the system to the desired state.

Hit SHIFT+: and enter svc to view the pods that are exposing services for other workloads (modules) in the namespace. If you want to go deeper down the rabbit hole, Ctrl-a lists all supported aliases.

Ctrl+c exits k9s.

You're done! In this lab you learned about running IoT Edge workloads on Kubernetes for improved resilience and worked with a couple of tools from the Kubernetes ecosystem.

Remember, has a bunch more information, advanced tutorials, and pretty architecture diagrams 😀