I am trying to bring up K8s Cluster in Azure. This is the error I am getting:
az aks create --resource-group upf-infra-ResourceGroup --name upf-infra-K8sCluster-1 --node-count 1 --generate-ssh-keys
Deployment failed. Correlation ID: d90bed78-075f-4a07-81c0-271dac75e0ca. PutControlPlane error
Include kubernetes version when creating your cluster.
Ex: az aks create --resource-group --name --node-count 1 --generate-ssh-keys --kubernetes-version 1.8.7
https://github.com/Azure/AKS/issues/284
Related
I have deployed a container image onto AKS successfully.
Now I want to run a command and a json file on the AKS using the pipeline once the container image is deployed onto AKS.
First of all you need to install azure cli & kubectl on your system.
Install Azure Cli
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli
Install Kubectl
https://kubernetes.io/docs/tasks/tools/
As far kubectl is installed, verify its version
kubectl version --client --short
Client Version: v1.23.1
The version in your case might be different.
Now is the time to get AKS credentials (kubeconfig) file to interact with AKS cluster.
az login
provide the credentials for azure AD.
az account set --subscription {subscription_id}
az aks get-credentials --resource-group MyAKSResoucceGroup --name MyAksCluster
Verify if cluster is connected
kubectl config current-context
MyAksCluster
You can play around with AKS and run all commands you want to run. Here is the cheatsheet or kubectl.
Kubectl Cheat-Sheet
https://www.bluematador.com/learn/kubectl-cheatsheet
In order to run commands using Azure DevOps on you need to create service connection in Azure DevOps to authenticate Azure DevOps with AKS.
Project Settings --> Service Connections --> New Kubernetes Service Connection --> Azure Subscription
Now you can run the kubernetes commands on this AKS using built in kubernetes task or using bash|powershell commands inside your pipeline.
Hope that helps you.
e:g
- task: Kubernetes#1
inputs:
connectionType: 'Kubernetes Service Connection'
kubernetesServiceEndpoint: '12345'
namespace: 'default'
command: 'apply'
useConfigurationFile: true
configurationType: 'inline'
inline: 'abcd'
secretType: 'dockerRegistry'
containerRegistryType: 'Azure Container Registry'
I have created Azure Container Registry
I am able to push an image from local to Azure container Registry.
I can pull or run any docker commands it always gives me the error saying
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
I am new to Azure, please is something i need to install or enable for docker
when I ran docker--version it is showing the version perfectly
I got this error because used 'Azure Cloud Shell' that doesn't support running the docker daemon.
To fix it need to run CMD or Power Shell and execute commands:
# az login
az acr login -n your_registry_name.azurecr.io
docker pull your_registry_name.azurecr.io/company_name/service_image:version
For building and pushing image to Azure, you should user 'acr' command instead of 'docker'.
Follow these steps to build and push docker image to Azure Container Registry -
Open Azure Cloud Shell
Get necessary files
git clone https://github.com/tsrana/spring-boot-db2.git ,
cd spring-boot-db2
Create a Resource Group
az group create --name Docker_RG --location eastus
Create Container Registry
az acr create --resource-group Docker_RG --name tsrContainerRegistry --sku Basic
Build image and push to registry
az acr build --image tsr/hello-worldspring-boot-db2:v1 --registry tsrContainerRegistry --file Dockerfile
I am using Rancher 2.X. I have installed it on my local machine. I have also installed a local Kubernetes cluster using Minikube. When I try to create a cluster in Rancher UI and import the existing K8s cluster, I am asked to run the following command on my K8s cluster using kubectl:
kubectl apply -f https://10.41.124.40/v3/import/g2gk5ntvnlh8xtvlngjmxdt22cm6zgtfjhswgcqmhltpg9nt9pvgsc.yaml
But, when I run this command, I get this error:
error: SchemaError(io.k8s.api.core.v1.ComponentCondition): invalid object doesn’t have additional properties
What am I doing wrong?
Thanks!!!
Let try with this:
curl -sKL https://10.41.124.40:8443/v3/import/g2gk5ntvnlh8xtvlngjmxdt22cm6zgtfjhswgcqmhltpg9nt9pvgsc.yaml > /tmp/cluster.yaml && kubectl apply -f /tmp/cluster.yaml
I have created a two instance docker swarm on Google Compute Engine.
Docker version 18.06.1-ce, build e68fc7a on Ubuntu 18.04.1 LTS
I created a service account:
gcloud iam service-accounts create ${KEY_NAME} --display-name "${KEY_DISPLAY_NAME}"
gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:${KEY_NAME}#${PROJECT}.iam.gserviceaccount.com --role roles/storage.admin
gcloud iam service-accounts keys create --iam-account ${KEY_NAME}#${PROJECT}.iam.gserviceaccount.com key.json
Transferred the key.json to my docker swarm master:
Then I ran the following commands:
gcloud auth configure-docker
cat key.json | tr '\n' ' ' | docker login -u _json_key --password-stdin \
https://eu.gcr.io
I can successfully pull an image from my private eu.gcr.io repository:
docker pull eu.gcr.io/$PROJECT/$IMAGE
So, logging in seems to work and the gcloud helper seems to be properly installed.
But creating a service in my swarm fails:
docker service create --replicas 2 --network overlay --name $NAME eu.gcr.io/$PROJECT/$IMAGE --with-registry-auth
image eu.gcr.io/$PROJECT/$IMAGE:latest could not be accessed on a registry to record
its digest. Each node will access eu.gcr.io/$PROJECT/$IMAGE:latest independently,
possibly leading to different nodes running different versions of the image.
qwdm524vggn50j4lzoe5paknj
overall progress: 0 out of 2 tasks
1/2: No such image: eu.gcr.io/$PROJECT/$IMAGE:latest
2/2: No such image: eu.gcr.io/$PROJECT/$IMAGE:latest
Looking in syslog shows the following:
Aug 25 13:37:15 mgr-1 dockerd[1368]: time="2018-08-25T13:37:15.299064551Z" level=info msg="Attempting next endpoint for pull after error: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication"
Aug 25 13:37:15 mgr-1 dockerd[1368]: time="2018-08-25T13:37:15.299168218Z" level=error msg="pulling image failed" error="unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication" module=node/agent/taskmanager node.id=xgozmc8iyjls7ulh4k3tvions service.id=qwdm524vggn50j4lzoe5paknj task.id=qrktpo34iuhiyl1rmbi71y4wg
AFAICS, I use the correct service account JSON to login into the Google Container Repository (as docker pull works), I added the flag --with-registry-auth to docker create service which has been the answer to similar questions, but still it doesn't work. Is docker create service working similar to docker pull?
Any ideas how I might solve this?
UPDATE
Instead of Google Container Registry I tried Gitlab Registry as well. Created a registry deploy token on the Gitlab site and entered the following commands:
docker login registry.gitlab.com -u $USERNAME -p $PASSWORD
Then this just works:
docker pull registry.gitlab.com/$ORGANISATION/$PROJECT/$IMAGE
But this command fails with a similar error:
docker service create --replicas 2 --network overlay --name $NAME registry.gitlab.com/$ORGANISATION/$PROJECT/$IMAGE --with-registry-auth
image registry.gitlab.com/$ORGANISATION/$PROJECT/$IMAGE:latest could not be accessed on a registry to record
its digest. Each node will access registry.gitlab.com/$ORGANISATION/$PROJECT/$IMAGE:latest independently,
possibly leading to different nodes running different
versions of the image.
r5fqg94jrvt587le0fu779zaw
overall progress: 0 out of 2 tasks
1/2: No such image: $ORGANISATION/$PROJECT/$IMAGE:latest
2/2: No such image: $ORGANISATION/$PROJECT/$IMAGE:latest
And /var/log/syslog contains
Aug 25 21:56:14 mgr-1 dockerd[1368]: time="2018-08-25T21:56:14.615895063Z" level=error msg="pulling image failed" error="Get https://registry.gitlab.com/v2/$ORGANISATION/$PROJECT/$IMAGE/manifests/latest: denied: access forbidden" module=node/agent/taskmanager node.id=xgozmc8iyjls7ulh4k3tvions service.id=r5fqg94jrvt587le0fu779zaw task.id=huwpjtu1wujk527t84y7yvbvd
So it seems docker create service doesn't use the credentials provided and the issue is not related to either Google Container Registry or Gitlab Registry?
OK, I found the problem. I had to use:
docker service create --with-registry-auth --replicas 2 --network overlay --name $NAME registry.gitlab.com/$ORGANISATION/$PROJECT/$IMAGE
rather than
docker service create --replicas 2 --network overlay --name $NAME registry.gitlab.com/$ORGANISATION/$PROJECT/$IMAGE --with-registry-auth
In the latter case the --with-registry-auth was considered an argument to my image rather than to the docker service create call and hence no authentication was used to pull the images from either private repository.
It is easy to work with Openshift as a Container As A Service, see the detailed steps. So, via the docker client I can work with Openshift.
I would like to work on my laptop with Minishift. That's the local version of Openshift on your laptop.
Which docker registry should I use in combination with Minishift? Minishift doesn't have it's own registry - I guess.
So, I would like to do:
$ maven clean install -- building the application
$ oc login to your minishift environment
$ docker build -t myproject/mynewapplication:latest
$ docker tag -- ?? normally to a openshift docker registry entry
$ docker push -- ?? to a local docker registry?
$ on 1st time: $ oc new-app mynewapplication
$ on updates: $ oc rollout latest dc/mynewapplication-n myproject
I use just docker and oc cluster up which is very similar. The internal registry that is deployed has an address in the 172.30.0.0/16 space (ie. the default service network).
$ oc login -u system:admin
$ oc get svc -n default | grep registry
docker-registry ClusterIP 172.30.1.1 <none> 5000/TCP 14m
Now, this service IP is internal to the cluster, but it can be exposed on the router:
$oc expose svc docker-registry -n default
$oc get route -n default | grep registry
docker-registry docker-registry-default.127.0.0.1.nip.io docker-registry 5000-tcp None
In my example, the route was docker-registry-default.127.0.0.1.nip.io
With this route, you can log in with your developer account and your token
$oc login -u developer
$docker login docker-registry-default.127.0.0.1.nip.io -p $(oc whoami -t) -u developer
Login Succeeded
Note: oc cluster up is ephemeral by default; the docs can provide instructions on how to make this setup persistent.
One additional note is that if you want OpenShift to try to use some of it's native builders, you can simply run oc new-app . --name <appname> from within the your source code directory.
$ cat Dockerfile
FROM centos:latest
$ oc new-app . --name=app1
--> Found Docker image 49f7960 (5 days old) from Docker Hub for "centos:latest"
* An image stream will be created as "centos:latest" that will track the source image
* A Docker build using binary input will be created
* The resulting image will be pushed to image stream "app1:latest"
* A binary build was created, use 'start-build --from-dir' to trigger a new build
* This image will be deployed in deployment config "app1"
* The image does not expose any ports - if you want to load balance or send traffic to this component
you will need to create a service with 'expose dc/app1 --port=[port]' later
* WARNING: Image "centos:latest" runs as the 'root' user which may not be permitted by your cluster administrator
--> Creating resources ...
imagestream "centos" created
imagestream "app1" created
buildconfig "app1" created
deploymentconfig "app1" created
--> Success
Build scheduled, use 'oc logs -f bc/app1' to track its progress.
Run 'oc status' to view your app.
There is an internal image registry. You login to it and push images just like you suggest. You just need to know the address and what credentials you need. For details see:
http://cookbook.openshift.org/image-registry-and-image-streams/how-do-i-push-an-image-to-the-internal-image-registry.html