nodes in nodepool have default agents installed.
Questions :
1. can I add agent/extensions on node ?
2. if yes, is it recommended/compatible ?
coulnt find anything on Google about aks node extensions
Manually extension is not supported for AKS nodes. Take a look at the troubleshooting here:
AKS is a managed service, and manipulation of the IaaS resources is
not supported. To install custom components, etc. please leverage the
kubernetes APIs and mechanisms. For example, leverage DaemonSets to
install required components.
If you want to manage the nodes as you want, you'd better use the aks-engine. Maybe it's a better choice for you.
Related
I am trying to implement multi interface pods in azure kubernetes service. It seems like multus is not supported in aks(1). Is there any other way to achieve this. If possible what network policy and network configurations should be used?
This feature is not available today with Azure CNI. Also, there is no work around to implement multus or any other CNI like calico with AKS. Having said that, you can do provide your feedback here in this feature request form for its future availability.
What are the points to be reviewed while auditing a GKE cluster?
We have a production cluster and I would like to what all points need to be reviewed while auditing my GKE cluster. What needs to be configured/removed for better security and HA.
This is a very broad topic.
Short answer(Main points):
Apply Least privilege principle for IAM entities and RBAC entities
Enable binary authorizarion
Limit privileges on Containers
Enable image scanner
Use the Secret Manager
Create private clusters when possible
Spread your work nodes between AZs
But I strongly recommend you verify Google official docs:
https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview#node_upgrades
See ya
I would like to tweak some settings in AKS node group with something like userdata in AWS. Is it possible to do in AKS?
how abt using
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension
The underlying Virtual Machine Scale Set (VMSS) is an implementation detail, and one that you do not get to adjust outside of SKU and disk choice. Just like you cannot pick the image that goes on the VMSS; you also cannot use VM Extensions on that scale set, without being out of support. Any direct manipulation of those VMSSs (from an Azure resource provider perspective) behind your nodepools puts you out of support. The only supported affordance to perform host (node)-level actions is via deploying your custom script work in a DaemonSet to the cluster. This is fully supported, and will give you the ability to run (almost) anything you need at the host level. Examples being installing/executing custom security agents, FIM solutions, anti-virus.
From the support FAQ:
Any modification done directly to the agent nodes using any of the IaaS APIs renders the cluster unsupportable. Any modification done to the agent nodes must be done using kubernetes-native mechanisms such as Daemon Sets.
Does Azure Container Service integrate with Azure Monitor?
Wondering what the best way is to do logging/monitoring of kubernetes cluster?
If you are looking for monitoring tools on Azure, you may want to use Azure OMS (Opertation Management Suite). This gives you the ability to monitor the container inventory, performance, and logs in a single location. To my understanding, the stats of the container is only available for Linux nodes now, if you are deploying your k8s cluster on the Azure Portal.
To do this, you need to first create an OMS account. By this time, you should have the Workspace ID and the key available. The next step would
be to create the oms pod on each node using a DaemonSet.
For the detailed setup, take a look at https://learn.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-oms.
For third party tools, Grafana+influxdb is one of the ways I have tried before. Basically it provides you with the metrics on two levels: POD and NODE respectively. The displayed metrics included CPU Usage, Memory Usage, Network Usage and Filesystem Usage, etc. Of course, you can always alter your query to add extra metrics.
For the implementation of this approach, you can refer to https://github.com/Azure/acs-engine/blob/master/docs/kubernetes/monitoring.md.
Hope this helps :)
you can use this CLI command to browse through kubernetes cluster deployed using azure container service.
az acs kubernetes browse -g -n
This way you can see kubernetes webui
also you can use kubectl proxy command.
I'm new with Azure Service Fabric. I have created the smallest possible (3xA0) cluster for testing my stateless application. Ideally I wanted to use F1 instances but they were not available for some reason in Cluster Creation dialog wizard.
Now I'm trying to understand how can I manage instance count and size for my existing cluster but I can't see any menu options in Resource Manager related to this.
Please advise.
I've decided to convert my comment to an answer. So there are a lot of help documents covering this.
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-resource-manager-introduction
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-scale-up-down
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-fabric-settings