Table of Contents

Search

  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

Creating an advanced cluster

Creating an
advanced cluster

To create an
advanced cluster
, the Secure Agent authenticates with the managed identity to store cluster details in the staging location and to create the cluster. The master and worker nodes use the service principal to access cloud resources.
The following image shows the process that the Secure Agent uses to create a cluster:
The following steps describe the process that the Secure Agent uses to create a cluster:
  1. You run a job.
  2. The Secure Agent authenticates with the managed identity to store cluster details in the staging location.
  3. The Secure Agent authenticates with the managed identity to create prerequisite resources that the cluster needs, such as a network security group and load balancer.
  4. The Secure Agent authenticates with the managed identity to get the access keys to the storage accounts.
  5. The Secure Agent authenticates with the managed identity to get the service principal credentials.
  6. The Secure Agent makes the access keys to the storage accounts and the service principal credentials available to the cluster.
  7. The Secure Agent authenticates with the managed identity to create cluster resources for the master node and a Virtual Machine Scale Set for the master node.
  8. The master node uses the service principal to access cloud resources.
  9. The master node accesses the initialization script using the storage account key that the Secure Agent fetched through the managed identity.
  10. The Secure Agent authenticates with the managed identity to create cluster resources for the worker nodes and creates a Virtual Machine Scale Set with the minimum number of worker nodes.
  11. The worker nodes use the service principal to access cloud resources.
  12. The worker nodes access the initialization script using the storage account key that the Secure Agent fetched through the managed identity.

0 COMMENTS

We’d like to hear from you!