Velero installation in kubernetes server using azure provider - azure

While installation of Velero on kubernetes using helm charts as below
helm install --namespace velero \
--set configuration.provider="Microsoft Azure" \
--set-file credentials.secretContents.cloud=<FULL PATH TO FILE> \
--set configuration.backupStorageLocation.name=azure \
--set configuration.backupStorageLocation.bucket=<BUCKET NAME> \
--set configuration.volumeSnapshotLocation.name=<PROVIDER NAME> \
--set configuration.volumeSnapshotLocation.config.region=<REGION> \
--set image.repository=velero/velero \
--set image.tag=v1.2.0 \
--set image.pullPolicy=IfNotPresent \
--set initContainers[0].name=velero-plugin-for-microsoft-azure:v1.0.0 \
--set initContainers[0].image=velero/velero-plugin-for-microsoft-azure:v1.0.0 \
--set initContainers[0].volumeMounts[0].mountPath=/target \
--set initContainers[0].volumeMounts[0].name=plugins \
stable/velero
I have configured the below environment variables in credential-velero file and path has been provided in above command.
credentials-velero file -
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID=${AZURE_TENANT_ID}
AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
AZURE_CLOUD_NAME=AzurePublicCloud
I am getting below error -
an error occurred: some backup storage locations are invalid: error getting backup store for location "default": rpc error: code = Unknown desc = unable to get all required environment variables: the following keys do not have values: AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID
Could you please help with resolution of above error?

Your velero credential files should contain values for those, not placeholders.
cat << EOF > ./credentials-velero
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID=${AZURE_TENANT_ID}
AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure#setup

use this way
AZURE_SUBSCRIPTION_ID=XXXX-XXXXX-XXXXXXX-XXXXXXX
AZURE_TENANT_ID=XXXX-XXXXX-XXXXXXX-XXXXXXX
AZURE_CLIENT_ID=XXXX-XXXXX-XXXXXXX-XXXXXXX
AZURE_CLIENT_SECRET=XXXXXXXXXXXXXXXXXX
AZURE_RESOURCE_GROUP=MC_RESOURCE_GROUP_NAME_OF_AKS # this should be the MC resource group
AZURE_CLOUD_NAME=AzurePublicCloud
Also try using the master image
--set initContainers[0].image=velero/velero-plugin-for-microsoft-azure:master
Use this format
helm install velero vmware-tanzu/velero --namespace velero \
--set-file credentials.secretContents.cloud=./credentials-velero \
--set configuration.provider=azure \
--set configuration.backupStorageLocation.name=azure \
--set configuration.backupStorageLocation.bucket='velero' \
--set configuration.backupStorageLocation.config.resourceGroup=RESOURCE_GROUP_OF_STORAGEACCOUNT \
--set configuration.backupStorageLocation.config.storageAccount=STORAGE_ACCOUNT_NAME \
--set snapshotsEnabled=true \
--set deployRestic=true \
--set image.repository=velero/velero \
--set image.pullPolicy=Always \
--set initContainers[0].name=velero-plugin-for-microsoft-azure \
--set initContainers[0].image=velero/velero-plugin-for-microsoft-azure:master \
--set initContainers[0].volumeMounts[0].mountPath=/target \
--set initContainers[0].volumeMounts[0].name=plugins

Related

Private AKS is not able to find the path of my local files to do a deployment through Helm

I'm currently trying to deploy my helm charts through my private aks cluster. However, I'm unable to do anything since it can't find the path of my local directory.
This is the command that I'm running:
az aks command invoke \
--resource-group aharo-aks-appgateway01 \
--name aharo-aks02 \
--command "helm install haro ./haro_files_helm_chart"
This is the error message that I'm getting
command started at 2023-01-06 22:49:46+00:00, finished at 2023-01-06 22:49:46+00:00 with exitcode=1
Error: INSTALLATION FAILED: path "./haro_files_helm_chart" not found
To prove that this type of commands can work, I tried one from the Microsoft Documentation:
az aks command invoke \
--resource-group aharo-aks-appgateway01 \
--name aharo-aks02 \
--command "helm repo add bitnami https://charts.bitnami.com/bitnami && helm repo update && helm install my-release bitnami/nginx"
What else can I do to find the path of my directory? Do you know if I could be missing any configuration on my cluster?
When you are passing the helm install command to the AKS VMs, the VMs(nodes) will be looking for ./haro_files_helm_chart in their filesystem not the machine that is running the command, hence the path not found error.
In the example you shared, the node is installing a helm chart that it is downloading first.
To resolve the issue, you should attach the directory of the helm chart with the az aks command invoke as documented here. Below is the part you need:
You can also attach all files in the current directory. For example:
az aks command invoke \
--resource-group myResourceGroup \
--name myAKSCluster \
--command "kubectl apply -f deployment.yaml configmap.yaml -n default" \
--file .
For example, I created a chart called "test-chart" and installed it using helm create test-chart. The chart would be created in the current directory im in:
$ls
test-chart
Then run the same command shared above and just change the command (without changing the directory):
az aks command invoke \
--resource-group myResourceGroup \
--name myAKSCluster \
--command "helm install test-chart-override-name test-chart" \
--file .
The answer for this is the following:
az aks command invoke \
--resource-group aharo-aks-appgateway01 \
--name aharo-aks02 \
--command "helm install haro . "
Anoother workaround is uploading your helm charts to your container registry & then, you will have to download them and install them directly like the example from microsoft:
az aks command invoke \
--resource-group aharo-aks-appgateway01 \
--name aharo-aks02 \
--command "helm repo add bitnami https://charts.bitnami.com/bitnami && helm repo update && helm install my-release bitnami/nginx"

Nginx-ingress-controller failed to start after AKS upgrade to v1.22.6

Kubernetes version : 1.22.6
previously deployed ingress controller through Terraform using chart https://kubernetes.github.io/ingress-nginx.
While starting the ingress controller we keep getting the below error message in job ingress-Nginx-admission-create and not starting the ingress controller
{
"err": "Get \"https://192.168.64.1:443/api/v1/namespaces/ingress-nginx/secrets/ingress-nginx-admission\": EOF",
"level": "fatal",
"msg": "error getting secret",
"source": "k8s/k8s.go:232",
"time": "2022-06-30T22:03:16Z"
}
I tried a couple of options to delete and re-create ingress-controller using the below command directly but no luck.
helm upgrade --install \
ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--debug \
--version="4.1.1" # tried with latest version too
Any help, please.
In order to resolve it, you should try the following:
Quote your values when you install it (TF vars. i assume)
Allow port 443 to the API server IP address/FQDN.
Reprovisioned your Service CIDR within the same network (as a subnet) as the nodes
Suggestion based upon your update
--set controller.hostNetwork=true
Add the above line to your command
helm upgrade \
ingress-nginx ingress-nginx \
--install \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--debug \
--version="4.1.1" \
--set controller.hostNetwork=true

AKS Helm Install - Not Authorized after connecting with ACR

I have a AKS and ACR, and attached the ACR successfully with my AKS using
az aks update -n <AKSNAME> -g <RESOURCE> --attach-acr <ACRNAME>
Yet, when I run the command below from this how-to-guide, I get a Error: failed pre-install: timed out waiting for the condition. Upon further investigating with kubectl get events, I find that the images I pull from ACR are failing due to authorization: failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized.
helm install nginx-ingress ingress-nginx/ingress-nginx \
--namespace ingress-basic \
--set controller.replicaCount=2 \
--set controller.nodeSelector."kubernetes\.io/os"=linux \
--set controller.image.registry=$ACR_URL \
--set controller.image.image=$CONTROLLER_IMAGE \
--set controller.image.tag=$CONTROLLER_TAG \
--set controller.image.digest="" \
--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \
--set controller.admissionWebhooks.patch.image.registry=$ACR_URL \
--set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \
--set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
--set defaultBackend.image.registry=$ACR_URL \
--set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \
--set defaultBackend.image.tag=$DEFAULTBACKEND_TAG \
--set controller.service.loadBalancerIP=$STATIC_IP \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNS_LABEL
I find this very strange, cause I have the images in my ACR, and I have successfully authenticated ACR with AKS.
I run everything from the Azure CLI, Helm version 3.4.0. I found some related issues, which all use the attach-acr.

Dataproc is not installing custom Conda package from custom Conda channel

I am attempting to spin up a single node Dataproc "cluster" in GCP that installs additional packages from both conda-forge and a custom Conda channel. The gcloud command I run is:
gcloud beta dataproc clusters create MY_CLUSTER_NAME \
--enable-component-gateway \
--bucket MY_GCS_BUCKET \
--region us-central1 \
--subnet default \
--zone us-central1-a \
--single-node \
--master-machine-type n1-standard-4 \
--master-boot-disk-size 500 \
--image-version 1.5-ubuntu18 \
--properties spark:spark.jars.packages=org.apache.spark:spark-avro_2.12:2.4.4,spark-env:spark.jars.packages=org.apache.spark:spark-avro_2.12:2.4.4 \
--optional-components ANACONDA,JUPYTER \
--max-idle 7200s \
--scopes 'https://www.googleapis.com/auth/cloud-platform' \
--project MY_PROJECT_ID \
--metadata='CONDA_PACKAGES=pandas matplotlib seaborn scikit-learn MY_CUSTOM_PACKAGE' \
--metadata='CONDA_CHANNELS=conda-forge https://MY_CUSTOM_CONDA_CHANNEL'
I have verified I can conda install -c https://MY_CUSOMT_CONDA_CHANNEL MY_CUSTOM_PACKAGE locally, and that other packages are being installed. When searching through the logs for the cluster, I find no entries about the installation of the additional conda packages.
Questions:
Where can I find logs that will help me debug this problem?
Is there something wrong with the above command?
It seems that you didn't add the conda-install.sh init action when creating the cluster, see more details in this doc, e.g.:
gcloud dataproc clusters create my-cluster \
--image-version=1.4 \
--region=${REGION} \
--metadata='CONDA_PACKAGES=pandas matplotlib seaborn scikit-learn MY_CUSTOM_PACKAGE' \
--metadata='CONDA_CHANNELS=conda-forge https://MY_CUSTOM_CONDA_CHANNEL' \
--initialization-actions=gs://goog-dataproc-initialization-actions-${REGION}/python/conda-install.sh
You should be able to find the init action log at /var/log/dataproc-initialization-script-0.log, see more details in this doc.

The container image doesn`t support specified OS 'Linux' for container group

I would like to prepare Microsoft container (required framework 4.6) with fileShare but I get error. Do you know what is wrong? and how do it this correct? The container image 'microsoft/aspnet' doesn't support specified OS 'Linux' for container group 'mmsappcalculation-1'.
rafal#Azure:~$ # Change these four parameters as needed
rafal#Azure:~$ ACI_PERS_RESOURCE_GROUP=mmsAppCalculationGroup
rafal#Azure:~$ ACI_PERS_STORAGE_ACCOUNT_NAME=fileshare8956
rafal#Azure:~$ STORAGE_KEY=2Ee56ua3I4gU7TgcI3IhAICXhgt+UG0xSL/kb9+PKEGl40T/5rHflEy8DMHwbaFqZL0oMfwzcjyAXDsQDg1Q==
rafal#Azure:~$ ACI_PERS_SHARE_NAME=acishare
rafal#Azure:~$
rafal#Azure:~$
rafal#Azure:~$ az container create \
> --resource-group $ACI_PERS_RESOURCE_GROUP \
> --image microsoft/aspnet \
> --name mmsappcalculation-1 \
> --dns-name-label mmsappcalculation \
> --ports 80 \
> --azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
> --azure-file-volume-account-key $STORAGE_KEY \
> --azure-file-volume-share-name $ACI_PERS_SHARE_NAME \
> --azure-file-volume-mount-path /app/sharedFile/
The container image 'microsoft/aspnet' doesn't support specified OS 'Linux' for container group 'mmsappcalculation-1'.
before I run this
# Change these four parameters as needed
ACI_PERS_RESOURCE_GROUP=mmsAppCalculationGroup
ACI_PERS_STORAGE_ACCOUNT_NAME=fileshare$RANDOM
ACI_PERS_LOCATION=eastus
ACI_PERS_SHARE_NAME=acishare
# Create the storage account with the parameters
az storage account create \
--resource-group $ACI_PERS_RESOURCE_GROUP \
--name $ACI_PERS_STORAGE_ACCOUNT_NAME \
--location $ACI_PERS_LOCATION \
--sku Standard_LRS
# Create the file share
az storage share create \
--name $ACI_PERS_SHARE_NAME \
--account-name $ACI_PERS_STORAGE_ACCOUNT_NAME
update
I try also like this but still not work
https://learn.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest
> --os-type Windows \
az: error: unrecognized arguments:
usage: az [-h] [--verbose] [--debug] [--only-show-errors]
[--output {json,jsonc,yaml,yamlc,table,tsv,none}] [--query JMESPATH]
{container} ...
rafal#Azure:~$ --cpu 2 \
> --memory 3.5 \
> --azure-file-volume-mount-path /app/sharedFile/
bash: --cpu: command not found
rafal#Azure:~$
If you want to run .Net core you can use a Linux or Windows Container.
If you want to run .Net Framework you need to use a Windows Container.
microsoft/aspnet uses .Net Framework so you must use a Windows Container to run it.
If you want to try this in Azure App Service, here is our quickstart on how to run a custom Windows container in Azure App Service:
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-get-started-windows-container

Resources