...
- Privileged pods:
- works as expected
- Ingress:
- works as expected
- Wildcard DNS/TLS
- Wildcard DNS worked fine via Google domains
- *.azure.ndslabs.org > public IP if ingress ilb
- TLS should work (disabled during testing)
- Access to Kubernetes API
- apiserver assumes token path. Added TOKEN_PATH configuration to entrypoint.sh
- Access to etcd:
- Requires dedicated etcd (etcd.yaml)
- SMTP server
- Problem: Azure requires SMTP mail relay. This will require code changes
- Workaround – create accounts via ndslabsctl
- Node labeling:
- works as expected
- Loadbalancer/Public IP
- works as expected (via kubectl expose)
- Storage:
- Broken by default
- Need to use AzureFile or GlusterFS
- AzureFile
- Need to test how/if this works
- GlusterFS requires deploying Gluster cluster
Addons
Access to Kubedash via kubectl proxy
- Monitoring
- Heapster installed, but no Grafana by default
- Logging
- No Kibana/Fluentd or cluster-wide logging services
- DNS
- yes
- Container registry as separate service
Creating an azureFile volume:
- Create secret with azurestorageaccountkey, azurestorageaccountname
- Create PersistentVolume of type azureFile referencing secret
- Attach volume to pod
Activity log:
| Code Block |
|---|
kubectl create -f loadbalancer.yaml kubectl expose rc nginx-ilb-rc --port=80 --type=LoadBalancer # Wait for endpoint IP to be assigned kubectl get sv kubectl create -f default-ingress.yaml kubectl create -f default-backend.yaml kubectl create -f etcd.yaml kubectl create -f apiserver.yaml kubectl create -f webui.yaml kubectl logs ndslabs-apiserver-bmc8h kubectl delete -f apiserver.yaml kubectl label nodes k8s-agent-5133fb85-0 ndslabs-node-role=compute kubectl logs ndslabs-apiserver-qkcgj kubectl proxy kubectl get pods --all-namespaces |
...