Differences between revisions 4 and 19 (spanning 15 versions)
Revision 4 as of 2018-09-29 22:37:22
Size: 1027
Editor: PieterSmit
Comment:
Revision 19 as of 2019-10-14 21:40:00
Size: 3445
Editor: PieterSmit
Comment: make it more consistent with rest of the pages
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from Azure/Kubernetes
Line 4: Line 5:
== Links ==
 * [[Kubernetes/helm]]
 * [[https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough|Quickstart: AKS cluster]]
 * [[https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm|2018-Helm in Azure Kubernetes AKS]]
 * [[https://kubernetes.io/docs/reference/kubectl/cheatsheet/|cheatsheet]]
 * [[https://dzone.com/articles/access-azure-key-vault-from-your-kubernetes-pods| Azure KeyVault exposed to k8s pods as flexVol]]

Line 15: Line 24:
az aks install-cli }}} az aks install-cli
az aks get-credentials --resource-group <RG> --name <name> --subscription <Hex-ID>
 }}}
Line 30: Line 41:

## Web dashboard no right - nodes is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list nodes at the cluster scope
## RBAC ClusterRoleBinding must be created for Kubernetes dashboard
kubectl create clusterrolebinding kubernetes-dashboard \
    --clusterrole=cluster-admin \
    --serviceaccount=kube-system:kubernetes-dashboard
Line 31: Line 49:

  * List nodes {{{
kubectl get nodes
}}}
    * If this fails with "Unable to connect to the server: dial tcp: lookup ...." reset with {{{
rm .kube/config
az aks get-credentials --resource-group <nameRG> --name >nameClusterInRG>
kubectl get nodes
      }}}
Line 35: Line 62:
== Test ==
 * az - setup proxy tunnel to web admin
   * az aks get-credentials --resource-group K8S-xxx --name K8S-xxx {{{
Merged "K8S-INF" as current context in /root/.kube/config }}}
   * kubectl get nodes
   * Create azure-vote.yml from https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
   * kubectl apply -f azure-vote.yaml {{{
deployment.apps/azure-vote-back created
service/azure-vote-back created
deployment.apps/azure-vote-front created
service/azure-vote-front created
bash-4.4# }}}
   * kubectl get service azure-vote-front --watch {{{
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
azure-vote-front LoadBalancer 10.0.61.46 1.5.1.39 80:31745/TCP 101s
}}}

==== Own namespace ====
 * Created with json file that gets deployed
 * Set default namespace to mynamespace e.g. {{{
# kubectl config set-context $(kubectl config current-context) --namespace=MyNameSpace
# kubectl config view | grep namespace
  }}}

=== Perf monitoring ===

 * kubectl top nodes
 * kubectl describe nodes
 * kubectl top pod
 * Prometheus - https://github.com/google-cloud-tools/kube-eagle

Line 36: Line 95:
----
CategoryK8sKubernetes

Kubernets cluster in Azure cloud

Kubernets config

  • Use Declarative, we declare the state and kubectl implements using

    kubectl apply -R -f configs/

Setup Cluster, using the Azure az commands and azure aks install-cli kubectl

  • Use az tool, with docker run -it microsoft/azure-cli
  • in the container add the kubectl

    az aks install-cli
    az aks get-credentials --resource-group <RG> --name <name> --subscription <Hex-ID>
  • list subscriptions

    az account list --output table 
  • set subscription to the one that contains k8s

    az account set --subscription xx-xx-xx
  • run az proxy to connect the browser to kubernets admin in cloud

    Proxy running on http://127.0.0.1:8001/
    Press CTRL+C to close the tunnel...
    Forwarding from 127.0.0.1:8001 -> 9090
    
    ## Problem only binds to loopback, in a container, if not using container for microsoft/azure-cli skip next command.
    nc -v -lk -p 8001 -s $(hostname -i) -e /usr/bin/nc 127.0.0.1 8001
    
    ## Web dashboard no right - nodes is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list nodes at the cluster scope
    ## RBAC ClusterRoleBinding must be created for Kubernetes dashboard
    kubectl create clusterrolebinding kubernetes-dashboard \
        --clusterrole=cluster-admin \
        --serviceaccount=kube-system:kubernetes-dashboard
    • List nodes

      kubectl get nodes
      • If this fails with "Unable to connect to the server: dial tcp: lookup ...." reset with

        rm .kube/config
        az aks get-credentials --resource-group <nameRG> --name >nameClusterInRG>
        kubectl get nodes
    • List namespaces

      kubectl get namespaces

Test

  • az - setup proxy tunnel to web admin
    • az aks get-credentials --resource-group K8S-xxx --name K8S-xxx

      Merged "K8S-INF" as current context in /root/.kube/config 
    • kubectl get nodes
    • Create azure-vote.yml from https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

    • kubectl apply -f azure-vote.yaml

      deployment.apps/azure-vote-back created
      service/azure-vote-back created
      deployment.apps/azure-vote-front created
      service/azure-vote-front created
      bash-4.4# 
    • kubectl get service azure-vote-front --watch

      NAME               TYPE           CLUSTER-IP   EXTERNAL-IP     PORT(S)        AGE
      azure-vote-front   LoadBalancer   10.0.61.46   1.5.1.39        80:31745/TCP   101s

Own namespace

  • Created with json file that gets deployed
  • Set default namespace to mynamespace e.g.

    # kubectl config set-context $(kubectl config current-context) --namespace=MyNameSpace
    # kubectl config view | grep namespace

Perf monitoring

...


CategoryK8sKubernetes

k8s/Azure (last edited 2023-03-09 02:01:02 by PieterSmit)