星期四, 1月 18, 2018

Kubernetes in Azure 建立小記

Kubernetes in Azure 建立小記

OS: openSUSE Leap 42.3

今天參加微軟的 Kubernetes in Azure workshop, 回來之後小記一下 kubernetes 建立
因為 workshop 環境是 Windows, 所以先在 openSUSE 內安裝 azure-cli

安裝 azure-cli 套件

匯入微軟的 key
# rpm  --import   https://packages.microsoft.com/keys/microsoft.asc

加入 azure-cli 的 repo ( 利用 echo 的方式建立檔案 )
# sh  -c  'echo -e  "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ntype=rpm-md\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc"  > /etc/zypp/repos.d/azure-cli.repo'

觀察檔案內容其實就比較好理解
# cat   /etc/zypp/repos.d/azure-cli.repo
[azure-cli]
name=Azure CLI
baseurl=https://packages.microsoft.com/yumrepos/azure-cli
enabled=1
type=rpm-md
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc

使用 zypper 指令安裝 azure-cli

# zypper   refresh

# zypper  install  azure-cli

檢查 az 版本 ( 現在好像要用 2.0.25 才不會有狀況 )
# az  -v
azure-cli (2.0.25)

使用 互動的方式登入
$ az  login

To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code GUXXXXV9 to authenticate.

在瀏覽器輸入 https://aka.ms/devicelogin
然後輸入他提供的機器碼以及驗證登入

建立資源群組
$ az   group  create  --name   sakanaResourceGroupACSK8S   --location  japanwest
{
 "id": "/subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACSK8S",
 "location": "japanwest",
 "managedBy": null,
 "name": "sakanaResourceGroupACSK8S",
 "properties": {
   "provisioningState": "Succeeded"
 },
 "tags": null
}

使用 az 指令 建立 kubernetes 叢集, 大概需要 10 ~ 12 分鐘
# az  acs  create  --orchestrator-type  kubernetes  --resource-group  sakanaResourceGroupACSK8S  --name  sakanaK8SCluster  --generate-ssh-keys

SSH key files '/root/.ssh/id_rsa' and '/root/.ssh/id_rsa.pub' have been generated under ~/.ssh to allow SSH access to the VM. If using machines without permanent storage like Azure Cloud Shell without an attached file share, back up your keys to a safe location

{
 "id": "/subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACSK8S/providers/Microsoft.Resources/deployments/azurecli1516283695.4135736",
 "name": "azurecli1516283695.4135736",
 "properties": {
   "additionalProperties": {
     "duration": "PT11M35.4092281S",
     "outputResources": [
       {
         "id": "/subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACSK8S/providers/Microsoft.ContainerService/containerServices/sakanaK8SCluster",
         "resourceGroup": "sakanaResourceGroupACSK8S"
       }
     ],
     "templateHash": "9902003256629544111"
   },
   "correlationId": "b49a4c9e-xxxx-xxxx-xxxx-629207669fbf",
   "debugSetting": null,
   "dependencies": [],
   "mode": "Incremental",
   "outputs": {
     "masterFQDN": {
       "type": "String",
       "value": "sakanak8sc-sakanaresourcegr-xxxxxxxxxx.japanwest.cloudapp.azure.com"
     },
     "sshMaster0": {
       "type": "String",
       "value": "ssh azureuser@sakanak8sc-sakanaresourcegr-xxxxxxxxxx.japanwest.cloudapp.azure.com -A -p 22"
     }
   },
   "parameters": {
     "clientSecret": {
       "type": "SecureString"
     }
   },
   "parametersLink": null,
   "providers": [
     {
       "id": null,
       "namespace": "Microsoft.ContainerService",
       "registrationState": null,
       "resourceTypes": [
         {
           "aliases": null,
           "apiVersions": null,
           "locations": [
             "japanwest"
           ],
           "properties": null,
           "resourceType": "containerServices"
         }
       ]
     }
   ],
   "provisioningState": "Succeeded",
   "template": null,
   "templateLink": null,
   "timestamp": "2018-01-18T14:03:52.171257+00:00"
 },
 "resourceGroup": "sakanaResourceGroupACSK8S"
}

  • 可以使用 --agent-count  1 來指定 agent 的數量
  • 上面輸出有提到可以使用 SSH 連線
    • ssh azureuser@sakanak8sc-sakanaresourcegr-xxxxxxxxxx.japanwest.cloudapp.azure.com -A -p 22

上面那個指令會在家目錄下的 .ssh 目錄建立 RSA 公鑰以及私鑰
# ls  ~/.ssh
id_rsa  id_rsa.pub  known_hosts

另外會建立 4 台虛擬機器, 可以在 Azure portal 內觀察



嘗試在本機 建立 kubectl 指令, 但是有錯誤, 查了一下, 應該是 proxy 的 bug
# az  acs  kubernetes  install-cli
Downloading client to /root/.kube/config from https://storage.googleapis.com/kubernetes-release/release/v1.9.1/bin/linux/amd64/kubectl
Connection error while attempting to download client ([Errno 2] No such file or directory: '/root/.kube/config')


所以接下來使用 Azure Cloud-shell 的方式來執行指令

==== 以下是在 Azure Cloud-shell ====

想要使用 az 指令連接 kubernetes 但是失敗
$ az  acs  kubernetes  get-credentials  --resource-group  sakanaResourceGroupACSK8S  --name  sakanaK8SCluster
Private key file /home/chunhung/.ssh/id_rsa does not exist

剛剛建立的時候 SSH 金鑰是放在本機的 ~/.ssh 內

觀察 cloud-shell 的內容, cloud-shel 會連接 clouddrive 空間

$ df
Filesystem                                                                                 1K-blocks     Used Available Use% Mounted on
overlay                                                                                     50758760 19691704  31050672  39% /
tmpfs                                                                                         981948        0    981948   0% /dev
tmpfs                                                                                         981948        0    981948   0% /sys/fs/cgroup
/dev/sda1                                                                                   50758760 19691704  31050672  39% /etc/hosts
shm                                                                                            65536        0     65536   0% /dev/shm
//csg6a2bdfx3bec25x48cdxaf4.file.core.windows.net/cs-sakana-hotmail-com-1003bffd8d03ba28   6291456  5242944   1048512  84% /usr/chunhung/clouddrive
/dev/loop0                                                                                   5160576    10292   4888140   1% /home/chunhung

這個時候可以到 cloud-shell 儲存體的檔案, 使用 上傳的功能將 ssh  金鑰上傳




$ ls  -l  /usr/chunhung/clouddrive/
total 3
-rwxrwxrwx 1 root root 1679 Jan 18 15:08 id_rsa
-rwxrwxrwx 1 root root  380 Jan 18 15:08 id_rsa.pub

建立 家目錄下的 .ssh 目錄
$ mkdir  ~/.ssh

將剛剛上傳的 SSH 金鑰移動到  ~/.ssh
$ mv  /usr/chunhung/clouddrive/id_rsa*  ~/.ssh/

使用 az 指令 連接 kubernetes 叢集
$ az  acs  kubernetes  get-credentials  --resource-group  sakanaResourceGroupACSK8S  --name  sakanaK8SCluster

測試 kubectl 指令列出 nodes
$ kubectl  get   nodes
NAME                    STATUS    ROLES     AGE       VERSION
k8s-agent-1f0aab6a-0    Ready     agent     1h        v1.7.7
k8s-agent-1f0aab6a-1    Ready     agent     1h        v1.7.7
k8s-agent-1f0aab6a-2    Ready     agent     1h        v1.7.7
k8s-master-1f0aab6a-0   Ready     master    1h        v1.7.7


==== 以上是在 Azure Cloud-shell ====

到 Azure Port 上觀察一下


總算是跨出 kubernetes 的一小步 :)


清除實驗資源

刪除 Resource Group

$ az  group  delete  --name  sakanaResourceGroupACSK8S
Are you sure you want to perform this operation? (y/n): y

因為把剛剛建立的 Resource Group 刪除, 所以底下的相關物件也一併刪除



Reference

~ enjoy it



Azure Container Registry ( ACR ) 小記

現在正在參加 Kubernetes in Azure workshop,
有實作 Azure Container Registry ( ACR ) , 快速小記一下


OS: Mac OS X EI Capitan 10.11.6


目前 Azure 上面的管理都是透過 azure-cli 來管理
所以這次就在 Mac 上面裝 Azure-clie, 參考官方文件上面的說明  https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest


先裝 Homebrew in Mac
參考 Homebrew 的官方網站 https://brew.sh/index_zh-tw.html


在終端機執行下列指令 就可以安裝 homebrew
$/usr/bin/ruby  -e   "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
先執行 brew update
$ brew   update
Already up-to-date.


安裝 azure-cli 套件
$ brew   install   azure-cli


我是使用 互動的方式登入
$ az  login


To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code GUXXXXV9 to authenticate.


在瀏覽器輸入 https://aka.ms/devicelogin
然後輸入他提供的機器碼以及驗證登入


建立資源群組
$ az   group  create  --name   sakanaResourceGroupACSK8S   --location  japanwest
{
 "id": "/subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACSK8S",
 "location": "japanwest",
 "managedBy": null,
 "name": "sakanaResourceGroupACSK8S",
 "properties": {
   "provisioningState": "Succeeded"
 },
 "tags": null
}

$ az   group  create  --name   sakanaResourceGroupACR   --location  japanwest
{
 "id": "/subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACSK8S",
 "location": "japanwest",
 "managedBy": null,
 "name": "sakanaResourceGroupACR",
 "properties": {
   "provisioningState": "Succeeded"
 },
 "tags": null
}

還沒建立容器登錄前, 先觀察容器登錄



使用 az 指令建立容器登錄
$ az  acr  create  --resource-group  sakanaResourceGroupACR  --name  sakanaACR  --sku  Basic  --admin-enable  true


Create a new service principal and assign access:
 az ad sp create-for-rbac --scopes /subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACR/providers/Microsoft.ContainerRegistry/registries/sakanaACR --role Owner --password <password>


Use an existing service principal and assign access:
 az role assignment create --scope /subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACR/providers/Microsoft.ContainerRegistry/registries/sakanaACR --role Owner --assignee <app-id>
{
 "adminUserEnabled": true,
 "creationDate": "2018-01-18T02:35:16.660690+00:00",
 "id": "/subscriptions/6a2bdf3b-xxxx-xxxx-xxxx-3371d3401feb/resourceGroups/sakanaResourceGroupACR/providers/Microsoft.ContainerRegistry/registries/sakanaACR",
 "location": "japanwest",
 "loginServer": "sakanaacr.azurecr.io",
 "name": "sakanaACR",
 "provisioningState": "Succeeded",
 "resourceGroup": "sakanaResourceGroupACR",
 "sku": {
   "name": "Basic",
   "tier": "Basic"
 },
 "status": null,
 "storageAccount": null,
 "tags": {},
 "type": "Microsoft.ContainerRegistry/registries"
}



再次觀察


登入 Azure Contaier Registry
$ az   acr   login  --name  sakanaACR
Login Succeeded


列出 目前的 ACR login server
$ az  acr  list  --resource-group  sakanaResourceGroupACR  --query  "[].{acrLoginServer:loginServer}"  --output  table


AcrLoginServer
--------------------
sakanaacr.azurecr.io


上面這個sakanaacr.azurecr.io就是等等要 push 的目的地, 也是 ACR-FULL-NAME


上課練習是把 azure-vote-front:redis-v1 放到 ACR 上面, 但是這邊想要試試看別的 image
先觀察 目前的  docker  image
$ docker   images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
opensuse            latest              c98336369400        2 months ago        108MB

$ docker   tag   opensuse   sakanaacr.azurecr.io/opensuse


再次觀察
$ docker   images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
opensuse                        latest              c98336369400        2 months ago        108MB
sakanaacr.azurecr.io/opensuse   latest              c98336369400        2 months ago        108MB


還沒有  push 之前去觀察剛剛 sakanaACR 的 Repositories



Push image 到 Azure Container Register
$ docker   push   sakanaacr.azurecr.io/opensuse
The push refers to repository [sakanaacr.azurecr.io/opensuse]
3900d76accd7: Pushed
latest: digest: sha256:4571cf6d40391a432e1d653d3a4f384d482c5559abb1f21046a3b803f1fd00bf size: 529


再次在 Azure 上面觀察




:) 以後就多一個放 images 的地點了


使用指令方式列出 ACR 內的 Docker image
$ az  acr  repository  list  --name  sakanaACR  --output  table
Result
--------
opensuse


清除實驗資源


刪除 Resource Group


$ az  group  delete  --name  sakanaResourceGroupACSK8S
Are you sure you want to perform this operation? (y/n): y


$ az  group  delete  --name  sakanaResourceGroupACR
Are you sure you want to perform this operation? (y/n): y


因為把剛剛建立的 Resource Group 刪除, 所以底下的 ACR 還有相關物件也一併刪除


Reference:

之後 Docker image registry 又多一個選擇了

~ enjoy it