docs: Add Azure docs

Add getting started guide for Azure.

Signed-off-by: Brad Beam <[email protected]>

docs/content/guides/azure.md

@@ -0,0 +1,158 @@
+---
+title: "Azure"
+date: 2019-8-16
+draft: false
+menu:
+  docs:
+    parent: 'guides'
+---
+
+## Image Creation
+
+For each [Talos release](https://github.com/talos-systems/talos/releases),
+we provide an Azure compatible vhd (`azure.tar.gz`).  If you want to build
+the image locally, you can do so by running:
+
+```bash
+make installer
+make image-azure
+```
+
+This will produce `build/azure.tar.gz`.
+
+## Environment Setup
+
+Before proceeding, you'll want to make sure you have `osctl` available and the
+azure cli `az` installed and configured. `osctl` is published on each release
+and is available on our releases page [Talos release](https://github.com/talos-systems/talos/releases).
+If you want to build it locally, you can do so by running:
+
+```bash
+make osctl-[linux|darwin]
+cp build/osctl-[linux|darwin]-amd64 /usr/local/bin
+```
+
+We'll also make use of the following environment variables throughout the setup:
+
+```bash
+# Storage account to use, default to 'mytalosvhd'
+STORAGE_ACCOUNT=${STORAGE_ACCOUNT:-mytalosvhd}
+
+# Resource group name, default to 'talos'
+GROUP=${GROUP:-talos}
+
+# Location, default to 'westus2'
+LOCATION=${LOCATION:-westus2}
+```
+
+## Upload Image
+
+After downloading or creating the image locally, we'll want to upload it to
+Azure and create an image.
+
+```bash
+# Create resource group
+az group create -l $LOCATION -n $GROUP
+
+# Create storage account
+az storage account create -g $GROUP -n $STORAGE_ACCOUNT
+
+# Get storage account connection string
+CONNECTION=$(az storage account show-connection-string -n $STORAGE_ACCOUNT -g $GROUP -o tsv)
+
+# Create a container in the storage account
+az storage container create -n talos --connection-string $CONNECTION
+
+# Upload the vhd
+az storage blob upload --connection-string $CONNECTION --container-name talos -f build/talos-azure.vhd -n disk.vhd
+
+# Create an image based on the vhd
+az image create --name talos --source https://$STORAGE_ACCOUNT.blob.core.windows.net/talos/disk.vhd --os-type linux -g $GROUP
+```
+
+## Network Infrastructure
+
+Once the resource group is created and image uploaded, we'll want to work
+through the network security rules.
+
+```bash
+# Create network security group
+az network nsg create -g $GROUP -n talos
+
+# Client -> Proxyd
+az network nsg rule create -g $GROUP --nsg-name talos -n proxyd --priority 1000 --destination-port-ranges 443  --direction inbound
+
+# Client -> OSD
+az network nsg rule create -g $GROUP --nsg-name talos -n osd --priority 1001 --destination-port-ranges 50000 --direction inbound
+
+# Trustd
+az network nsg rule create -g $GROUP --nsg-name talos -n trustd --priority 1002 --destination-port-ranges 50001 --direction inbound
+
+# etcd
+az network nsg rule create -g $GROUP --nsg-name talos -n etcd --priority 1003 --destination-port-ranges 2379-2380 --direction inbound
+
+# Proxyd -> Kubernetes API Server
+az network nsg rule create -g $GROUP --nsg-name talos -n kube --priority 1004 --destination-port-ranges 6443 --direction inbound
+```
+
+## Cluster Configuration
+
+After getting the network security group set up, we'll need to allocate public
+IPs for our master nodes. The example below assumes a HA control plane of 3 nodes.
+You can adjust this for your needs.
+
+```bash
+# Reserve public IPs
+az network public-ip create -g $GROUP --name talos-master-1 --allocation-method static
+az network public-ip create -g $GROUP --name talos-master-2 --allocation-method static
+az network public-ip create -g $GROUP --name talos-master-3 --allocation-method static
+
+# Gather public IPs into a comma separated string
+MASTERIPS=$(az network public-ip list -g $GROUP -o tsv --query [].ipAddress | paste -sd,)
+
+# Generate a default Talos config for this cluster
+# # This should generate master-{1,2,3}.yaml, worker.yaml, and talosconfig in your PWD
+./osctl config generate cluster.local $MASTERIPS
+```
+
+## Compute Creation
+
+```bash
+# Create master nodes
+# # `--admin-username` and `--generate-ssh-keys` are required by the az cli,
+# # but are not actually used by talos
+# # `--os-disk-size-gb` is the backing disk for Kubernetes and any workload containers
+# # `--boot-diagnostics-storage` is to enable console output which may be necessary
+# # for troubleshooting
+az vm create \
+  --name talos1 \
+  --image talos \
+  --custom-data ./master-1.yaml \
+  --public-ip-address talos-master-1 \
+  -g $GROUP \
+  --admin-username talos \
+  --generate-ssh-keys \
+  --verbose \
+  --boot-diagnostics-storage $STORAGE_ACCOUNT \
+  --nsg talos \
+  --os-disk-size-gb 64 \
+  --no-wait
+az vm create --name talos2 --image talos --custom-data ./master-2.yaml  --public-ip-address talos-master-2 -g $GROUP --admin-username talos --generate-ssh-keys --verbose --boot-diagnostics-storage $STORAGE_ACCOUNT --nsg talos --os-disk-size-gb 64 --no-wait
+az vm create --name talos3 --image talos --custom-data ./master-3.yaml  --public-ip-address talos-master-3 -g $GROUP --admin-username talos --generate-ssh-keys --verbose --boot-diagnostics-storage $STORAGE_ACCOUNT --nsg talos --os-disk-size-gb 64 --no-wait
+
+## Create worker nodes, reuse as needed
+az vm create --name talos4 --image talos --custom-data ./worker.yaml -g $GROUP --admin-username talos --generate-ssh-keys --verbose --boot-diagnostics-storage $STORAGE_ACCOUNT --nsg talos --os-disk-size-gb 64 --no-wait
+```
+
+## Enjoy your cluster
+
+You should now be able to interact with your cluster with `osctl`:
+
+```bash
+osctl --talosconfig ./talosconfig kubeconfig > kubeconfig
+kubectl --kubeconfig ./kubeconfig get nodes
+```
+
+You will need to apply a PSP and CNI configuration. More details can be found
+in the [getting started](/docs/guides/getting_started) guide.
+