Differences between revisions 19 and 23 (spanning 4 versions)
Revision 19 as of 2019-10-14 21:40:00
Size: 3445
Editor: PieterSmit
Comment: make it more consistent with rest of the pages
Revision 23 as of 2020-01-23 21:03:11
Size: 4025
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
 * [[Kubernetes/helm]]  * [[k8s/helm]]
Line 93: Line 93:
=== AZ check clusters and PSP/NetPolicy ===
 * export azure subscription and run {{{
export azsub="Non-Prod"
az aks list --subscription "$azsub" | jq "[ .[] |
        {name: .name, k8sV: .kubernetesVersion,
         sp: .servicePrincipalProfile.clientId,
         NetPolicy: .networkProfile.networkPolicy,
         Nodes: ((.agentPoolProfiles[0].count|tostring) + \"/\" + ( .agentPoolProfiles[0].maxCount|tostring ) + \" \" + .agentPoolProfiles[0].provisioningState),
         psp: .enablePodSecurityPolicy,
         rbac: .enableRbac,
         }]"
}}}
Line 96: Line 107:
CategoryK8sKubernetes CategoryK8sKubernetes CategoryK8sKubernetes

Kubernets cluster in Azure cloud

Kubernets config

  • Use Declarative, we declare the state and kubectl implements using

    kubectl apply -R -f configs/

Setup Cluster, using the Azure az commands and azure aks install-cli kubectl

  • Use az tool, with docker run -it microsoft/azure-cli
  • in the container add the kubectl

    az aks install-cli
    az aks get-credentials --resource-group <RG> --name <name> --subscription <Hex-ID>
  • list subscriptions

    az account list --output table 
  • set subscription to the one that contains k8s

    az account set --subscription xx-xx-xx
  • run az proxy to connect the browser to kubernets admin in cloud

    Proxy running on http://127.0.0.1:8001/
    Press CTRL+C to close the tunnel...
    Forwarding from 127.0.0.1:8001 -> 9090
    
    ## Problem only binds to loopback, in a container, if not using container for microsoft/azure-cli skip next command.
    nc -v -lk -p 8001 -s $(hostname -i) -e /usr/bin/nc 127.0.0.1 8001
    
    ## Web dashboard no right - nodes is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list nodes at the cluster scope
    ## RBAC ClusterRoleBinding must be created for Kubernetes dashboard
    kubectl create clusterrolebinding kubernetes-dashboard \
        --clusterrole=cluster-admin \
        --serviceaccount=kube-system:kubernetes-dashboard
    • List nodes

      kubectl get nodes
      • If this fails with "Unable to connect to the server: dial tcp: lookup ...." reset with

        rm .kube/config
        az aks get-credentials --resource-group <nameRG> --name >nameClusterInRG>
        kubectl get nodes
    • List namespaces

      kubectl get namespaces

Test

  • az - setup proxy tunnel to web admin
    • az aks get-credentials --resource-group K8S-xxx --name K8S-xxx

      Merged "K8S-INF" as current context in /root/.kube/config 
    • kubectl get nodes
    • Create azure-vote.yml from https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

    • kubectl apply -f azure-vote.yaml

      deployment.apps/azure-vote-back created
      service/azure-vote-back created
      deployment.apps/azure-vote-front created
      service/azure-vote-front created
      bash-4.4# 
    • kubectl get service azure-vote-front --watch

      NAME               TYPE           CLUSTER-IP   EXTERNAL-IP     PORT(S)        AGE
      azure-vote-front   LoadBalancer   10.0.61.46   1.5.1.39        80:31745/TCP   101s

Own namespace

  • Created with json file that gets deployed
  • Set default namespace to mynamespace e.g.

    # kubectl config set-context $(kubectl config current-context) --namespace=MyNameSpace
    # kubectl config view | grep namespace

Perf monitoring

AZ check clusters and PSP/NetPolicy

  • export azure subscription and run

    export azsub="Non-Prod"
    az aks list  --subscription "$azsub" | jq "[ .[] | 
            {name: .name, k8sV: .kubernetesVersion,
             sp: .servicePrincipalProfile.clientId,
             NetPolicy: .networkProfile.networkPolicy,
             Nodes: ((.agentPoolProfiles[0].count|tostring) + \"/\" + ( .agentPoolProfiles[0].maxCount|tostring ) + \" \" + .agentPoolProfiles[0].provisioningState),
             psp: .enablePodSecurityPolicy,
             rbac: .enableRbac,
             }]"

...


CategoryK8sKubernetes CategoryK8sKubernetes

k8s/Azure (last edited 2023-03-09 02:01:02 by PieterSmit)