Problem with Azure in Microsoft learning path module (Kubernetes) - azure

I am just doing this module of Microsoft course:
https://learn.microsoft.com/en-us/learn/modules/microservices-aspnet-core/
I created an azure subscription and tried to run the script given in unit 2.
Something is going on in the console, but at some point it shows something like this:
Getting credentials for AKS...
(ResourceNotFound) The Resource 'Microsoft.ContainerService/managedClusters/eshop-learn-aks' under resource group 'eshop-learn-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Code: ResourceNotFound
Message: The Resource 'Microsoft.ContainerService/managedClusters/eshop-learn-aks' under resource group 'eshop-learn-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Installing NGINX ingress controller
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Getting load balancer public IP
> kubectl get svc -n ingress-nginx -o json | jq -r -e '.items[0].status.loadBalancer.ingress[0].ip // empty'
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Waiting for load balancer IP...
Am I doing something wrong? Strictly followed instructions.
Edit:
I think problem is with VM, not AKS.
> az aks create -n eshop-learn-aks -g eshop-learn-rg --node-count 1 --node-vm-size Standard_D2_v5 --vm-set-type VirtualMachineScaleSets -l centralus --enable-managed-identity --generate-ssh-keys -o json
ERROR: (BadRequest) The VM size of AgentPoolProfile:nodepool1 is not allowed in your subscription in location 'centralus'.

You need to log in :
az login
az account set --subscription <YOUR SUB ID>
az aks get-credentials --resource-group <AKS RG> --name <AKS NAME>

The 'CentralUS' location doesn't accept new VM with the type of subscription you have.
You need to use another location.
To do that, you need to declare a variable 'defaultRegion' in the bash shell (ex.: declare defaultRegion=eastus) before executing wget

Related

Azure CDN purge command issue

I have created a CDN named 'cdn-profile', in resource group 'rgDev' . In the CDN the endpoint created is 'webqa.azureedge.net'. Inside that I have created a custom domain 'qa.example.com'. I wanted to purge the CDN cache. Below is the command I run.
$ResourceGroupName='rgDev'
$EndpointName='qa.example.com'
$ProfileName='cdn-profile'
$CDNEndPointName='webqa.azureedge.net'
az cdn endpoint purge -g $ResourceGroupName -n $EndpointName --profile-name $ProfileName --content-paths '/*' --name $CDNEndPointName
This gives me below error:
Endpoint(s) not found. Please verify the resource(s), group or it's parent resources exist.
What am I missing here?
In the Azure CLI command az cdn endpoint purge, the name of the CDN endpoint is webqa(It is the name of the resource that type is Endpoint in your resource group.) instead of the hostname webqa.azureedge.net or qa.example.com.
You should use it like this:
$ResourceGroupName='rgDev'
$ProfileName='cdn-profile'
$CDNEndPointName='webqa'
az cdn endpoint purge -g $ResourceGroupName --profile-name $ProfileName --content-paths '/*' --name $CDNEndPointName

Not able to purge Azure CDN Endpoint using Azure CLI

I'm using Azure CLI to purge all the contents from Azure CDN endpoint. I got a reference from Microsoft Docs: https://learn.microsoft.com/en-us/cli/azure/cdn/endpoint?view=azure-cli-latest
I'm trying exactly same commands with proper params but it says - "Endpoint(s) not found. Please verify the resource(s), group or it's parent resources exist."
az cdn endpoint purge -g <my-resource-group> --profile-name \
<name-of-cdn-profile> --content-paths '/*' --name <cdn-endpoint-name>
-renders the above error
however, I can see the CDN endpoint when I issue the list command:
az cdn endpoint list -g <my-resource-group> --profile-name <cd>n-profile-name>
the above command works fine and returns the endpoint which I'm trying to purge
Anyone having a similar experience?
TIA!
I can produce this error, please check the parameter --name <cdn-endpoint-name>, It should not have a suffix like .azureedge.net. The endpoint name is the name of the resource which type is Endpoint in your resource group.
With above options I was unable to fix it and then I realized a small issue! Below is the option with double quotes rather single quotes fixed it for me!
az cdn profile list
az cdn endpoint purge --resource-group {rg_name} --name {cdn_name} --profile-name {cdn_profile_name} --content-paths "/*"

WSL - Can't login or pull image from an azure container registry

I have set up WSL. And then installed docked following this tutorial and then installed azure cli.
I can login from windows command line; but I cannot login to azure container registry by using the command below from bash
$ az acr login --name $ACRNAME
I get the following error
Error response from daemon: Get https://ACRNAME.azurecr.io/v2/:
unauthorized: authentication required
And also if i tried to pull the image by
$ docker pull ${ACRNAME}.azurecr.io/image_name
get the same error
Error response from daemon: Get https://ACRNAME.azurecr.io/v2/:
unauthorized: authentication required
But i am able to see the list. The following command returns list
$ az acr repository list -n $ACRNAME
I have found this closed issue and change my machine DNS server to 8.8.8.8 but no progress. What am i missing?
For you issue, you maybe use the wrong username and password. So, first you can check your username and password which you choose to login. You can get the information in portal: container->Access keys.
You can get more information from this document az acr with az acr check-name and az acr create.

"Incorrect padding" when trying to create managed Kubernetes cluster on Azure with AKS

I am working through the instructions outlined here to try and set up a Couchbase cluster on Azure Container Service (AKS). That tutorial is using terminal/Mac, and I'm using Powershell/Windows.
I'm getting an error before I even get to the Couchbase part. I successfully created a resource group (which I called "cb_ask_spike", and yes it does appear on the Portal) from the command line, but then I try to create an AKS cluster:
az aks create --resource-group cb_aks_spike --name cbakscluster
I also tried:
az aks create --resource-group cb_aks_spike --name cbakscluster --generate-ssh-keys
In both cases, I get an error:
az aks create: error: Incorrect padding
I don't know what this error message means, and I can't seem to find any reference to it in the documentation or anywhere. What am I doing wrong?
I'm using azure-cli v2.0.31.
I am fairly confident that I solved why I'm getting this error, and I've updated issue 6142 on azure-cli. At this time, I believe this is a bug, and it's not fixed, but there is a workaround.
First it's important to note that --generate-ssh generates a new ssh key in ~/.ssh
I had a hunch that since ~ for me is "C:\Users\Matthew Groves" that the space in the path was causing the problem. Sure enough, I created a new account called "mgroves". ~ is now "C:\Users\mgroves" and voila, I don't get the "incorrect padding" error message anymore.
So, the workaround is either to use a new account (huge pain) or rename the folder (this is what I have done, and it's also a huge pain and I'm still finding little problems here and there all throughout my system because of it.
In addition to the now approved answer there is a solution that doesn't require you to change any directory or account name and is also easy to implement as well.
As correctly stated in the other answers the Azure CLI cannot handle the actual location where the generated SSH keys will be stored if there is a space in the path. I.e. C:\Users\Admin Account\.ssh\.
When using the az aks create command you can either use --generate-ssh-keys to let the Azure CLI handle it, OR you can specify an already existing SSH key with --ssh-key-value.
I used Git Bash to generate a new SSH key pair in the C:\Users\Admin Account\.ssh\ directory:
ssh-keygen -f ~/.ssh/aks-ssh
Now create the Azure AKS cluster while pointing to this new SSH key with:
az aks create \
--resource-group YourResourceGroup \
--name YourClusterName \
--node-count 3 \
--kubernetes-version 1.16.8 \
--ssh-key-value ~\.ssh\aks-ssh.pub
And you are good to go!
Just verified today using az cli in Powershell for version 2.0.31. You might need to first run the az group and then create az aks command. Screenshot for your reference.

Add SSL Cert to an existing VM linux vm from Azure key vault

How you add SSL Cert to an existing azure Linux VM from Azure Key vault. for windows we use the following command
$vaultId=(Get-AzureRmKeyVault -ResourceGroupName $resourceGroup -VaultName $keyVaultName).ResourceId
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore "My" -CertificateUrl $certURL
Is there a similar one like this for linux vm? Is there a link similar to this for linux Secure IIS web server with SSL certificates on a Windows virtual machine in Azure
You could use Azure Cli to do this. Using following command.
secret=$(az keyvault secret list-versions \
--vault-name $keyvault_name \
--name mycert \
--query "[?attributes.enabled].id" --output tsv)
vm_secret=$(az vm format-secret --secret "$secret")
az vm update -n shui -g shuikeyvault --set osProfile.secrets="$vm_secret"
Then the certificate stores on /var/lib/waagent, you could use Azure Custom Script to use it.
Note: You should use "$vm_secret", I test in my lab, only $vm_secret does not work for me.
ssh-copy-id -i ~/.ssh/id_rsa.pub aht#myserver. But if you have rights to the VM but not the original key, you want to use azure vm reset-access to do so. It is in fact documented as a standalone ability:
help: -M, --ssh-key-file path to public key PEM file or SSH Public key file for SSH authentication (valid only when os-type is "Linux")
of course, it doesn't say what ELSE should happen here in order to ADD the key I provide to the currently running VM I'm targeting. But the result needs to be that if I specify a user that already exists, and there's a key already there, this one needs to be added to the directory.
You'll note that in Azure/azure-linux-extensions#295, https://github.com/Azure/azure-linux-extensions/issues/295 believes that using azure vm set-extensions ,then reset-access is broken.
Update a Key Vault for use with VMs
Set the deployment policy on an existing key vault with az keyvault update. The following updates the key vault named myKeyVault in the myResourceGroup resource group:
Azure CLI
Copy
az keyvault update -n myKeyVault -g myResourceGroup --set properties.enabledForDeployment=true

Resources