Page tree

Michael O'Brien

Skip to end of metadata
Go to start of metadata

Quickstart

Azure Developer Guide

Azure Arc GA

https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.Resources%2Fresources

https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.HybridCompute%2Fmachines

Install Azure CLI on OSX

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos?view=azure-cli-latest

$ brew install azure-cli
==> Installing dependencies for azure-cli: openssl@1.1, gdbm, readline, sqlite, xz and python@3.8
==> Installing azure-cli dependency: openssl@1.1
  /usr/local/Cellar/python@3.8/3.8.1: 4,094 files, 62.8MB
==> Installing azure-cli
==> Downloading https://homebrew.bintray.com/bottles/azure-cli-2.1.0.catalina.bottle.tar.gz

# upgrade
brew upgrade azure-cli


Create Azure Jumpbox on Ubuntu

Follow https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest

Single 

Login to Azure CLI

https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.Resources%2Fresources

$ az login
You have logged in. Now let us find all the subscriptions to which you have access...
[{
    "cloudName": "AzureCloud",
    "homeTenantId": "bcb.4f",
    "id": "f4b7..70e8b",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Pay-As-You-Go",
    "state": "Enabled",
    "tenantId": "bcb..f4f",
    "user": {
      "name": "mic...sg",
      "type": "user"
    }}]

Kubernetes on Azure

see Kubernetes Developer Guide#SwitchingcontextfromAzureAKSbacktolocalDockerDesktopKubernetes

Kubernetes on Azure AKS - Managed

https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

https://docs.microsoft.com/en-us/azure/aks/kubernetes-dashboard

biometric:azure michaelobrien$ az aks install-cli
Downloading client to "/usr/local/bin/kubectl" from "https://storage.googleapis.com/kubernetes-release/release/v1.17.3/bin/darwin/amd64/kubectl"

# will not conflict with a local docker desktop kubernetes install
biometric:azure michaelobrien$ az aks get-credentials --resource-group obl_dev_aks --name obl-dev
Merged "obl-dev" as current context in /Users/michaelobrien/.kube/config

# add clusterrolebinding to avoid RBAC errors on the dashboard
biometric:azure michaelobrien$ kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created

# check the cluster for the pod
kube-system   kube-proxy-h89tp                        1/1     Running   0          172m

# view the kubernetes dashboard
biometric:azure michaelobrien$ az aks browse --resource-group obl_dev_aks --name obl-dev
Merged "obl-dev" as current context in /var/folders/vv/d6dvwfmx0cgd19qs2yw51p1m0000gn/T/tmphexar_yl
Proxy running on http://127.0.0.1:8001/
Press CTRL+C to close the tunnel...


AKS Costing Model

It looks like Microsoft Azure is not charging for the control plane - just the underlying VMs - I ran both an unmanaged RKE K8S cluster on a Standard_D2s_v3 and an AKS Standard_DS2_v2 for a day and the costs were about the same for both VMs at .81 and .53 for 8h.

Kubernetes on Azure VM - Direct Unmanaged via RKE

Provision one or more VMs via ARM


Create Resource Group

git clone git@github.com:obrienlabs/infrastructure.git
cd azure
biometric:azure michaelobrien$ az group create --name obl_dev_kubernetes_eastus --location eastus


Run ARM template

biometric:azure michaelobrien$ az group deployment create --resource-group obl_dev_kubernetes_eastus --template-file arm_deploy_obl_dev_kubernetes.json --parameters @arm_deploy_obl_dev_kubernetes_parameters.json 

Wait for Rancher/Kubernetes install

The entrypoint.sh script will be run as a cloud-init script on the VM

# on your laptop
biometric:opt michaelobrien$ scp ~/.ssh/onap_rsa ubuntu@1.82.174.1:~/
# on the host
biometric:opt michaelobrien$ ssh ubuntu@1.82.174.1
chmod 400 onap_rsa 
sudo mkdir ~/.ssh
cp onap_rsa ~/.ssh
sudo chown ubuntu:ubuntu ~/.ssh/onap_rsa 
git clone --recurse-submodules https://github.com/obrienlabs/magellan.git
cd magellan/kubernetes/
sudo ./rke_setup.sh -b master -s 1.82.174.1 -e obl -k onap_rsa -l ubuntu

ubuntu@obl-dev-kubernetes:~$ kubectl get pods --all-namespaces
NAMESPACE       NAME                                      READY   STATUS      RESTARTS   AGE
ingress-nginx   default-http-backend-5954bd5d8c-28lhq     1/1     Running     0          13m
ingress-nginx   nginx-ingress-controller-t9h5g            1/1     Running     0          13m
kube-system     canal-6zgp7                               2/2     Running     0          14m
kube-system     coredns-autoscaler-5d5d49b8ff-9lgkd       1/1     Running     0          13m
kube-system     coredns-bdffbc666-dvqff                   1/1     Running     0          14m
kube-system     metrics-server-7f6bd4c888-gtgl6           1/1     Running     0          13m
kube-system     rke-coredns-addon-deploy-job-9jwsq        0/1     Completed   0          14m
kube-system     rke-ingress-controller-deploy-job-pzs6h   0/1     Completed   0          13m
kube-system     rke-metrics-addon-deploy-job-hng52        0/1     Completed   0          13m
kube-system     rke-network-plugin-deploy-job-nnh4j       0/1     Completed   0          14m
kube-system     tiller-deploy-7f4d76c4b6-j6rgm            1/1     Running     0          11m
ubuntu@obl-dev-kubernetes:~$ helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}


Training

https://www.microsoft.com/en-us/learning/azure-training.aspx

https://learning.oreilly.com/library/view/exam-ref-az-300/9780135881477/ch02.xhtml

https://www.exitcertified.com/training/microsoft/azure/azure-fundamentals/introduction-to-microsoft-azure-for-it-professionals-51272-detail.html

Certification

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2PjDI

Azure SA Expert : https://docs.microsoft.com/en-us/learn/certifications/azure-solutions-architect?wt.mc_id=learningredirect_certs-web-wwl

Outages

Troubleshooting

AKS CLI behind a VPN

to fix the timeout

PS F:\> az aks install-cli
The command failed with an unexpected error. Here is the traceback:

<urlopen error [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond>
Traceback (most recent call last):
  File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\urllib\request.py", line 1318, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))


Links

https://www.microsoft.com/en-us/learning/browse-all-certifications.aspx?jobrole=solutions%20architect


  • No labels

1 Comment

  1. AKS accounts secured with Azure AD Managed Identity MI
    AKS authentication via AAD as the IDM provider (app level) - OAuth 2.0
    token: access + refresh

    mobile clean OAuth 2.0 auth code flow

    app: single tenant AAD v2A