Differences between revisions 4 and 19 (spanning 15 versions)

Kubernets cluster in Azure cloud

Kubernets config

Use Declarative, we declare the state and kubectl implements using
```
kubectl apply -R -f configs/
```

Setup Cluster, using the Azure az commands and azure aks install-cli kubectl

Use az tool, with docker run -it microsoft/azure-cli

in the container add the kubectl

az aks install-cli
az aks get-credentials --resource-group <RG> --name <name> --subscription <Hex-ID>

list subscriptions
```
az account list --output table 
```
set subscription to the one that contains k8s
```
az account set --subscription xx-xx-xx
```

run az proxy to connect the browser to kubernets admin in cloud

Proxy running on http://127.0.0.1:8001/
Press CTRL+C to close the tunnel...
Forwarding from 127.0.0.1:8001 -> 9090

## Problem only binds to loopback, in a container, if not using container for microsoft/azure-cli skip next command.
nc -v -lk -p 8001 -s $(hostname -i) -e /usr/bin/nc 127.0.0.1 8001

## Web dashboard no right - nodes is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list nodes at the cluster scope
## RBAC ClusterRoleBinding must be created for Kubernetes dashboard
kubectl create clusterrolebinding kubernetes-dashboard \
    --clusterrole=cluster-admin \
    --serviceaccount=kube-system:kubernetes-dashboard

List nodes

kubectl get nodes

If this fails with "Unable to connect to the server: dial tcp: lookup ...." reset with

rm .kube/config
az aks get-credentials --resource-group <nameRG> --name >nameClusterInRG>
kubectl get nodes

List namespaces
```
kubectl get namespaces
```

Test

az - setup proxy tunnel to web admin

az aks get-credentials --resource-group K8S-xxx --name K8S-xxx
```
Merged "K8S-INF" as current context in /root/.kube/config 
```
kubectl get nodes
Create azure-vote.yml from https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

kubectl apply -f azure-vote.yaml

deployment.apps/azure-vote-back created
service/azure-vote-back created
deployment.apps/azure-vote-front created
service/azure-vote-front created
bash-4.4#

kubectl get service azure-vote-front --watch

NAME               TYPE           CLUSTER-IP   EXTERNAL-IP     PORT(S)        AGE
azure-vote-front   LoadBalancer   10.0.61.46   1.5.1.39        80:31745/TCP   101s

Own namespace

Created with json file that gets deployed

Set default namespace to mynamespace e.g.

# kubectl config set-context $(kubectl config current-context) --namespace=MyNameSpace
# kubectl config view | grep namespace

Perf monitoring

kubectl top nodes
kubectl describe nodes
kubectl top pod
Prometheus - https://github.com/google-cloud-tools/kube-eagle

...

CategoryK8sKubernetes

-  ⇤ ← Revision 4 as of 2018-09-29 22:37:22 → 
  Size: 1027
  Editor: PieterSmit
  Comment:
+   ← Revision 19 as of 2019-10-14 21:40:00 → ⇥
  Size: 3445
  Editor: PieterSmit
  Comment: make it more consistent with rest of the pages
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
+## page was renamed from Azure/Kubernetes
-Line 4:
+Line 5:
+== Links ==
 * [[Kubernetes/helm]]
 * [[https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough|Quickstart: AKS cluster]]
 * [[https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm|2018-Helm in Azure Kubernetes AKS]]
 * [[https://kubernetes.io/docs/reference/kubectl/cheatsheet/|cheatsheet]]
 * [[https://dzone.com/articles/access-azure-key-vault-from-your-kubernetes-pods| Azure KeyVault exposed to k8s pods as flexVol]]
-Line 15:
+Line 24:
-az aks install-cli }}}
+az aks install-cli
az aks get-credentials --resource-group <RG> --name <name> --subscription <Hex-ID>
 }}}
-Line 30:
+Line 41:
+## Web dashboard no right - nodes is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list nodes at the cluster scope
## RBAC ClusterRoleBinding must be created for Kubernetes dashboard
kubectl create clusterrolebinding kubernetes-dashboard \
    --clusterrole=cluster-admin \
    --serviceaccount=kube-system:kubernetes-dashboard
-Line 31:
+Line 49:
+  * List nodes {{{
kubectl get nodes
}}}
    * If this fails with "Unable to connect to the server: dial tcp: lookup ...." reset with {{{
rm .kube/config
az aks get-credentials --resource-group <nameRG> --name >nameClusterInRG>
kubectl get nodes
      }}}
-Line 35:
+Line 62:
+== Test ==
 * az - setup proxy tunnel to web admin
   * az aks get-credentials --resource-group K8S-xxx --name K8S-xxx {{{
Merged "K8S-INF" as current context in /root/.kube/config }}}  
   *  kubectl get nodes
   * Create azure-vote.yml from https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
   * kubectl apply -f azure-vote.yaml {{{
deployment.apps/azure-vote-back created
service/azure-vote-back created
deployment.apps/azure-vote-front created
service/azure-vote-front created
bash-4.4# }}}
   * kubectl get service azure-vote-front --watch {{{
NAME               TYPE           CLUSTER-IP   EXTERNAL-IP     PORT(S)        AGE
azure-vote-front   LoadBalancer   10.0.61.46   1.5.1.39        80:31745/TCP   101s
}}}

==== Own namespace ====
 * Created with json file that gets deployed
 * Set default namespace to mynamespace e.g. {{{
# kubectl config set-context $(kubectl config current-context) --namespace=MyNameSpace
# kubectl config view | grep namespace
  }}}

=== Perf monitoring ===

 * kubectl top nodes
 * kubectl describe nodes
 * kubectl top pod
 * Prometheus - https://github.com/google-cloud-tools/kube-eagle
-Line 36:
+Line 95:
+----
CategoryK8sKubernetes