I created an aks using az cli with minimal parameters and specified a node-count and auto scaling. This created a nodepool and VMSS etc. and an accompanying vnet and subnet automatically.
How do I find out the created vnet and subnet using az cli?
az aks nodepool list --cluster-name aks -g rg-aks
report vnetSubnetId and podSubnetId as null.
Using
az vmss list
does show the subnet but I haven't found any properties of the vmss linking it to the nodepool or aks cluster to enable finding it.
The autogenerated name is something like:
aks-nodepool1-15343534-vmss
Which I guess I could filter for along the lines of aks-nodepool1-*-vmss but that seems dodgy and flaky.
I have tested in my environment
The VNET is created along with the VMSS in a different resource group which starts with MC_
To get the subnet ID, you can use the below script:
$CLUSTER_RESOURCE_GROUP = az aks show --resource-group RGName --name AKSClusterName --query nodeResourceGroup -o tsv
$VMSS_NAME = az vmss list -g $CLUSTER_RESOURCE_GROUP --query "[0].name"
az vmss show -g $CLUSTER_RESOURCE_GROUP -n $VMSS_NAME --query virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].ipConfigurations[0].subnet.id
Related
I have two resource groups in Azure, each contains one VMSS (Virtual Machine Scale Sets) and the resources are visible in Azure Portal. The problem is, the following commands return empty output:
az resource list --subscription MySubscription -g vmss-rg
az vmss list --subscription MySubscription -g vmss-rg
az vmss list
However, running az resource list with different resource groups which doesn't have VMSS works fine. I also tested it with different Azure account and subscription, it also worked.
We have tested the same command in our local as suggested by #VenkateshDodda-MT and it works fine. Posting it as an answer to help other community members for the similar issue so that they can find and fix their problem.
To achieve the above requirement we need to install the az powershell module in our local .
Post that run the command in powershell to get the vmss list under our subscription or resource groups:-
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets"
OUTPUT:-
To get the VMSS list under particular resource group run the below cmd:
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets" -g '<rgName>'
OUTPUT:-
For more information please refer this SO THREAD:Azure PS command returns empty list as suggested by #Olga Osinskaya - MSFT
I have spot instance nodes in Azure Kubernetes Cluster. I want to simulate the eviction of a node so as to debug my code but not able to. All I could find in azure docs is we can simulate eviction for a single spot instance, using the following:
az vm simulate-eviction --resource-group test-eastus --name test-vm-26
However, I need to simulate the eviction of a spot node pool or a spot node in an AKS cluster.
For simulating evictions, there is no AKS REST API or Azure CLI command because evictions of the underlying infrastructure is not handled by AKS RP.
Only during creation of the AKS cluster the AKS RP can set eviction Policy on the underlying infrastructure by instructing the Azure Compute RP to do so.
Instead to simulate the eviction of node infrastructure, the customer can use az vmsss simulate-eviction command or the corresponding REST API.
az vmss simulate-eviction
az vmss simulate-eviction --instance-id
--name
--resource-group
[--subscription]
Reference Documents:
https://learn.microsoft.com/en-us/cli/azure/vmss?view=azure-cli-latest#az_vmss_simulate_eviction
https://learn.microsoft.com/en-us/rest/api/compute/virtual-machine-scale-set-vms/simulate-eviction
Use the following commands to get the name of the vmss with nodepool:
1.
az aks nodepool list -g $ClusterRG --cluster-name $ClusterName -o
table
Get the desired node pool name from the output
2.
CLUSTER_RESOURCE_GROUP=$(az aks show –resource-group YOUR_Resource_Group --name YOUR_AKS_Cluster --query
nodeResourceGroup -o tsv)
az vmss list -g $CLUSTER_RESOURCE_GROUP --query "[?tags.poolName == '<NODE_POOL_NAME>'].{VMSS_Name:name}" -o tsv
References:
https://louisshih.gitbooks.io/kubernetes/content/chapter1.html
https://ystatit.medium.com/azure-ssh-into-aks-nodes-471c07ad91ef
https://learn.microsoft.com/en-us/cli/azure/vmss?view=azure-cli-latest#az_vmss_list_instances
(you may create vmss if you dont have it configured. Refer :create a VMSS)
I have tried az aks show and az aks list commands but they don't show the names of the attached ACR's.
I ran the command to attach acr using az aks update --attach-acr and it shows thats it attached.
Can I see through the CLI or portal that the acr is in the cluster?
I am afraid you cannot see the attached ACR in the cluster UI portal.
When you attached the ACR to the AKS cluster using az aks update --attach-acr command.
It just assigned the ACR's AcrPull role to the service principal associated to the AKS Cluster. See here for more information.
You can get the service principal which associated to the AKS Cluster by command az aks list
See below screenshot. The AcrPull role was assigned to the service principal associated to the AKS Cluster.
If you want to use Azure CLI to check which ACR is attached to the AKS cluster. You can list all the ACRs. And then loop through the ACRs to check which one has assigned the AcrPull role to the AKS service principal. See below example:
# list all the ACR and get the ACR id
az acr list
az role assignment list --assignee <Aks service principal ID> --scope <ACR ID>
Actually, the parameter --attach-acr in the command just grant the role ACRPull to the service principal of the AKS. There is no difference from before. You only can see the service principal of the AKS. Currently, the CLI command az role assignment list cannot get the ACR directly if you do not know the ACR scope already. But you can get the principal ID first like this:
az aks show --resource-group groupName --name aksName --query identityProfile.kubeletidentity.objectId
And then use the CLI command to get the resource Id of the ACR:
az rest --method get --uri "https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01" --uri-parameters "\$filter=principalId eq 'objectId'" --query "value[0].properties.scope"
If you know the ACR resource Id, I think you know which ACR attached to the AKS clearly.
The az aks check-acr command checks if a certain ACR is available from a specific AKS.
You have to provide both the ACR and AKS as argument, so this is not good for discovery.
You can build a small script around this that queries multiple subscriptions for their registered ACRs (you cannot pass multiple subscription argument to az acr list --subscription, you have to query the Subscriptions one-by-one), build an aggregated table of the ACRs then pass those values in a loop to az aks check-acr.
I need to deploy Azure container instance in differents Resource Groups.
In one Resource Group I allocate only the ACI and on another Resource Group I allocate the Vnet
Is this possible? I think that is not possible by design
It's possible.
You can create an azure container instance in a virtual network that is in a different resource group from the container instance resource group.
Suppose you have created a vNet myvnet and subnet aci-subnet in the RG myvnetRG for your ACI. Then you could use the following deployment examples.
VnetId=$(az network Vnet show -g myvnetRG -n myvnet --query 'id' -o tsv)
az container create -n appcontainer -g containerRG --image mcr.microsoft.com/azuredocs/aci-helloworld --vnet $VnetId --subnet aci-subnet
You can also deploy a container group to an existing virtual network by using a YAML file, then specify several additional properties like network profile and ID in the YAML.
It is possible by design, but why would you want to do that? It is not a recommended design thought.
If your resource groups in the different regions, you could configure a Vnet-to-Vnet connection. For your reference:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
I created a new Azure container instance (ACI) with a new vnet and subnet by Azure CLI
I deleted ACI from Azure portal and now Im trying to delete subnet but gives me the following errors:
Failed to delete subnet 'SubnetNAme'. Error: Subnet SubnetNAme is in use by aci-network-profile-VNETNAME-SubnetNAme/eth0/ipconfigprofile and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.
If I tried to access aci-network-profile-VNETNAME-SubnetNAme/eth0/ipconfigprofile, it tells me that doesnt exist this resource:
Details
The resource was not found, it may have been deleted. If this was launched from a pinned tile on the dashboard, it should be removed.
For your issue, instead of finding the aci-network-profile-VNETNAME-SubnetNAme/eth0/ipconfigprofile in the portal, you need to delete the Network Profile through Azure CLI command like this:
NETWORK_PROFILE_ID=$(az network profile list --resource-group yourResourceGroup --query [0].id --output tsv)
az network profile delete --id $NETWORK_PROFILE_ID -y
After you delete the Network Profile, then you can delete the subnet as you want. For mor details, see Delete network resources.
well, i'd assume your best bet is to try and find the lingering resource and delete it (rest api would work best here, probably). another option is to recreate the ACI with the same name and remove the binding to the network before deleting it.
And your last option would be to contact support ;)
I had the same issue and me help below steps to remove aci subnet and vnet with trash container nic:
1st - find name of problem network profile by command - > az network profile list --query [].name -o tsv
2nd - create resource by terraform -> resource "azurerm_network_profile" "example" with the same network profile name and problem subnet id.
3rd - after terraform successfully create network profile, remove it by -> az network profile delete --id ...(you can find id by az network profile list --query [].id -o tsv)
4th - go to portal and change subnet delegate from container to none, after save I could delete subnet and vnet.
Below is the solution. Sometime trying just delete doesn't work. Follow the below steps and which is tested and worked for me.
NETWORK_PROFILE_ID=$(az network profile list --resource-group yourResourceGroup --query [0].id --output tsv)
az network profile delete --id $NETWORK_PROFILE_ID -y
This is a known issue and Microsoft is working on it. The workaround that worked for me is to update the containerNetworkInterfaceConfigurations property in Network profile properties to an empty list
# Get network profile ID
NETWORK_PROFILE_ID=$(az network profile list --resource-group <reource-group-name> --query [0].id --output tsv)
az resource update --ids $NETWORK_PROFILE_ID --set properties.containerNetworkInterfaceConfigurations=[]
And then deleting it works
az network profile delete --id $NETWORK_PROFILE_ID -y