-
Install Azure CLI 2.0:
pip install --user azure-cli
(as described here) or update viapip install --upgrade azure-cli && az cloud set --name AzureGermanCloud
-
Download kubctl.exe:
curl -LO https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/windows/amd64/kubectl.exe
(as described here) -
Download kubctl.exe:
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/windows/amd64/kubectl.exe
(as described here)
az cloud set --name AzureCloud
az login
az account set --subscription chgeuer-work
az ad app create --display-name "chgeuer-packer" --homepage "http://packer.geuer-pollmann.de/" --identifier-uris "http://packer.geuer-pollmann.de/" --key-type "Password" --password %AZURE_PACKER_PASSWORD%
az ad app list --display-name chgeuer-packer | jq .[0].appId
az ad sp create --id 8562e504-49dc-4d2f-a663-fabf7cf9368e
az role assignment list --assignee 8562e504-49dc-4d2f-a663-fabf7cf9368e
az role assignment create --assignee 8562e504-49dc-4d2f-a663-fabf7cf9368e --role Contributor
REM Windows
az login --service-principal --tenant %AZURE_PACKER_TENANTID% --username %AZURE_PACKER_APPID% --password %AZURE_PACKER_PASSWORD%
# Linux
az login --service-principal --tenant $AZURE_PACKER_TENANTID --username $AZURE_PACKER_APPID --password $AZURE_PACKER_PASSWORD
az account set --subscription chgeuer-work
az ad sp reset-credentials --name %AZURE_PACKER_TENANTID% --password %AZURE_PACKER_PASSWORD%
SET K8SLOCATION="westeurope"
SET RGNAME=k8s
SET K8SCLUSTERNAME=chgeuerk8s
SET DNSPREFIX="%K8SCLUSTERNAME%"
SET SSHPUBFILE="C:\Users\chgeuer\Java\keys\dcos.openssh.public"
SET SSHPRIVFILE="C:\Users\chgeuer\Java\keys\dcos.openssh.private"
SET /p sshkey=<"%SSHPUBFILE%"
az group create --name="%RGNAME%" --location=westeurope
az acs create --name="%K8SCLUSTERNAME%" --resource-group="%RGNAME%" --location="%K8SLOCATION%" --orchestrator-type=kubernetes --dns-prefix="%DNSPREFIX%" --ssh-key-value="%sshkey%" --service-principal="%AZURE_PACKER_APPID%" --client-secret="%AZURE_PACKER_PASSWORD%" --master-count=1 --agent-count=2 --agent-vm-size="Standard_DS1_v2" --admin-username="chgeuer"
--admin-password="%AZURE_LINUX_PASSWORD%"
az acs kubernetes get-credentials --resource-group="%RGNAME%" --name="%K8SCLUSTERNAME%" --ssh-key-file="%SSHPRIVFILE%"
K8SLOCATION="westeurope"
RGNAME="k8s"
K8SCLUSTERNAME="chgeuerk8s"
DNSPREFIX="${K8SCLUSTERNAME}"
SSHPUBFILE="/mnt/c/Users/chgeuer/Java/keys/dcos.openssh.public"
SSHPRIVFILE="/mnt/c/Users/chgeuer/Java/keys/dcos.openssh.private"
sshkey=`cat $SSHPUBFILE`
az group create --name="${RGNAME}" --location="${K8SLOCATION}"
PLAINTEXT_CREDS_FILE=/mnt/c/Users/chgeuer/azurecreds.json2
cat > $PLAINTEXT_CREDS_FILE <<-EOF
{
"AZURE_CLOUD": {
"appId": "...",
"password": "...",
"tenantId": "..."
},
"AZURE_GERMAN_CLOUD": {
"appId": "...",
"password": "...",
"tenantId": "..."
},
"AZURE_LINUX_PASSWORD": "..."
}
EOF
AZURE_PACKER_APPID=$(cat $PLAINTEXT_CREDS_FILE | jq -r .AZURE_CLOUD.appId)
AZURE_PACKER_PASSWORD=$(cat $PLAINTEXT_CREDS_FILE | jq -r .AZURE_CLOUD.password)
AZURE_PACKER_TENANTID=$(cat $PLAINTEXT_CREDS_FILE | jq -r .AZURE_CLOUD.tenantId)
AZURE_LINUX_PASSWORD=$(cat $PLAINTEXT_CREDS_FILE | jq -r .AZURE_LINUX_PASSWORD)
az login \
--service-principal \
--tenant $AZURE_PACKER_TENANTID \
--username $AZURE_PACKER_APPID \
--password $AZURE_PACKER_PASSWORD
az account set --subscription chgeuer-work
az acs create --name="${K8SCLUSTERNAME}" \
--resource-group="${RGNAME}" \
--location="${K8SLOCATION}" \
--orchestrator-type=kubernetes \
--dns-prefix="${DNSPREFIX}" \
--ssh-key-value="${sshkey}" \
--service-principal="${AZURE_PACKER_APPID}" \
--client-secret="${AZURE_PACKER_PASSWORD}" \
--master-count=1 \
--agent-count=2 \
--agent-vm-size="Standard_DS1_v2" \
--admin-username="chgeuer" \
--admin-password="${AZURE_LINUX_PASSWORD}"
az acs kubernetes get-credentials --resource-group="${RGNAME}" --name="${K8SCLUSTERNAME}" --ssh-key-file="${SSHPRIVFILE}"
kubectl get ingress -o json | jq .items[0].status.loadBalancer.ingress[0].ip
ssh [email protected] -i ~/chgeuer/Java/keys/dcos.openssh.private
ssh "chgeuer@${K8SCLUSTERNAME}.${K8SLOCATION}.cloudapp.azure.com" -i "${SSHPRIVFILE}"
REPLACE_OS_VARS=true PORT=4000 HOST=localhost SECRET_KEY_BASE=highlysecretkey ./_build/prod/rel/k8s_elix/bin/k8s_elix foreground
Inject Azure Container Registry credential as imagePullSecret
into K8s
K8SLOCATION="westeurope"
RGNAME="k8s"
K8SCLUSTERNAME="chgeuerk8s"
acr_name=chgeuerregistry2
# create a container registry
az acr create \
--name="${acr_name}" \
--resource-group="${RGNAME}" \
--location="${K8SLOCATION}" \
--sku="Basic" \
--admin-enabled=true
# fetch ACS password from Azure
acr_pass=$(az acr credential show --name $acr_name | jq -r .passwords[0].value)
# inject imagePullSecret to k8s
kubectl create secret docker-registry "${acr_name}.azurecr.io" \
--docker-server="https://${acr_name}.azurecr.io" \
--docker-username="${acr_name}" \
--docker-password="${acr_pass}" \
--docker-email="root@${acr_name}"
# re-fetch password from k8s
acr_pass2=$( \
kubectl get secret "${acr_name}.azurecr.io" --output=json | \
jq -r '.data[".dockercfg"]' | \
base64 -d | \
jq -r ".[\"https://${acr_name}.azurecr.io\"].password" \
)
# login docker to ACR
docker login "${acr_name}.azurecr.io" \
--username $acr_name \
--password $acr_pass
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins-master
spec:
replicas: 1
template:
metadata:
name: jenkins-master
labels:
name: jenkins-master
spec:
containers:
- name: elixir
image: chgeuerregistry2.azurecr.io/chgeuer/elixir:1.4.4
imagePullPolicy: Always
readinessProbe:
tcpSocket:
port: 4000
initialDelaySeconds: 20
timeoutSeconds: 5
ports:
- name: web
containerPort: 4000
imagePullSecrets:
- name: chgeuerregistry2.azurecr.io
FROM alpine:3.6
ENV ELIXIR_VERSION 1.4.4
RUN echo 'http://dl-4.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories && \
apk --update add ncurses-libs \
erlang erlang-crypto erlang-syntax-tools erlang-parsetools \
erlang-inets erlang-ssl erlang-public-key erlang-eunit \
erlang-asn1 erlang-sasl erlang-erl-interface erlang-dev \
wget \
git && \
apk --update add --virtual build-dependencies ca-certificates && \
wget --no-check-certificate https://github.com/elixir-lang/elixir/releases/download/v${ELIXIR_VERSION}/Precompiled.zip && \
mkdir -p /opt/elixir-${ELIXIR_VERSION}/ && \
unzip Precompiled.zip -d /opt/elixir-${ELIXIR_VERSION}/ && \
rm Precompiled.zip && \
apk del build-dependencies && \
rm -rf /etc/ssl && \
rm -rf /var/cache/apk/*
ENV PATH $PATH:/opt/elixir-${ELIXIR_VERSION}/bin
RUN mix local.hex --force && \
mix local.rebar --force
CMD ["/bin/sh"]
cd elixir
docker build . -t "${acr_name}.azurecr.io/chgeuer/elixir:1.4.4"
docker push "${acr_name}.azurecr.io/chgeuer/elixir:1.4.4"
docker run -it --rm "${acr_name}.azurecr.io/chgeuer/elixir:1.4.4" /opt/elixir-1.4.4/bin/iex
docker run -it --rm chgeuerregistry2.azurecr.io/chgeuer/elixir:1.4.4 /opt/elixir-1.4.4/bin/iex
cd ../src3
cp Dockerfile.build Dockerfile
docker build . -t "${acr_name}.azurecr.io/chgeuer/app:1.0.0"
docker push "${acr_name}.azurecr.io/chgeuer/app:1.0.0"
docker run -it --rm "${acr_name}.azurecr.io/chgeuer/app:1.0.0"
kubectl create -f rc.yml
docker run --entrypoint /bin/sh --interactive --tty --rm "${acr_name}.azurecr.io/chgeuer/app:1.0.0"
docker run --entrypoint "/bin/sleep 1000" "${acr_name}.azurecr.io/chgeuer/app:1.0.0"
docker run --interactive --tty --rm --privileged --name some-overlay-docker docker:stable-dind /bin/sh
/usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=vfs &
kill -9 $(cat /var/run/docker.pid)
mix phoenix.new k8s_elixir --no-brunch --no-ecto
cd src3
mix release.init
MIX_ENV=prod mix phoenix.digest
MIX_ENV=prod mix release --env=prod
REPLACE_OS_VARS=true PORT=4000 HOST=example.com SECRET_KEY_BASE=highlysecretkey ./_build/prod/rel/k8s_elixir/bin/k8s_elixir foreground
- Deploying Istio on Azure Container Service
- Elixir
- Elixir/Erlang Clustering in Kubernetes
- Clustering Elixir nodes on Kubernetes
- A Complete Guide to Deploying Elixir & Phoenix Applications on Kubernetes
- Scheduling Your Kubernetes Pods With Elixir
- Deploy your Elixir app with a minimal docker container using Alpine Linux and Exrm
- MISC
- http://blog.lwolf.org/post/how-to-deploy-ha-postgressql-cluster-on-kubernetes/
- https://blog.docker.com/2013/07/how-to-use-your-own-registry/
- https://docs.docker.com/engine/reference/builder/#notes-about-specifying-volumes
- https://docs.docker.com/engine/reference/commandline/build/#git-repositories
- https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
- https://kubernetes.io/docs/concepts/workloads/pods/pod/
- https://medium.com/devoops-and-universe/your-very-own-private-docker-registry-for-kubernetes-cluster-on-azure-acr-ed6c9efdeb51
- https://sgotti.me/post/stolon-introduction/
- Kubernetes Draft
- http://programminghistorian.org/lessons/json-and-jq
#install helm
curl -O curl -O https://dl.k8s.io/kubernetes-helm/helm-v2.4.2-linux-amd64.tar.gz
tar xvfz helm-v2.4.2-linux-amd64.tar.gz linux-amd64/helm -C /usr/local/bin
#install draft
curl -O https://azuredraft.blob.core.windows.net/draft/draft-canary-linux-amd64.tar.gz
tar -xzf draft-canary-linux-amd64.tar.gz
sudo mv linux-amd64/draft /usr/local/bin
# DNS A RECORD: *.draft.geuer-pollmann.de --> 52.174.247.210
acr_name=chgeuerregistry2
draft_wildcard_domain=draft.geuer-pollmann.de
helm_cred=$(az acr credential show --name $acr_name | jq -M -c ". | { username: .username, password: .passwords[0].value, email: ([ \"root\", ([.username, \"azurecr.io\"] | join(\".\")) ] | join(\"@\"))}" | base64 -w 0)
draft init --set registry.url=$acr_name.azurecr.io,registry.org=draft,registry.authtoken=$helm_cred,basedomain=$draft_wildcard_domain
platformUpdateDomain=$(curl -G -s -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-03-01" | jq -r ".compute.platformUpdateDomain")
platformFaultDomain=$(curl -G -s -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-03-01" | jq -r ".compute.platformFaultDomain")
minikube start --kubernetes-version="v1.6.4" --vm-driver="hyperv" --memory=1024 --hyperv-virtual-switch="minikube" --v=7 --alsologtostderr
kubectl --context="${K8SCLUSTERNAME}" get pods
kubectl --context=azure get pods
- https://www.shadowsplace.net/1242/windows/internet-connection-sharing-has-been-disabled-by-the-network-administrator-windows-8/
gpedit.msc
--> Computer Configuration/Administrative Templates/Network/Network Connections- Disable Prohibit installation and configuration of Network Bridge on your DNS domain network
- Disable Prohibit use of Internet Connection Firewall on your DNS domain network
- Disable Prohibit use of Internet Connection Sharing on your DNS domain network
- Disable Require domain users to elevate when setting a network’s location
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_ShowSharedAccessUI"=dword:00000000
"NC_PersonalFirewallConfig"=dword:00000001
Enable "Expose daemon on tcp://localhost:2375 without TLS" in Docker for Windows and run this:
echo 'export DOCKER_HOST=tcp://127.0.0.1:2375' >> ~/.bashrc
Now docker info
works...
kubectl exec --container='dind-daemon' -it $(kubectl get pods --selector=job-name=dind --output=jsonpath={.items..metadata.name}) -- /bin/sh
kubectl exec --container='docker-cmds' -it $(kubectl get pods --selector=job-name=dind --output=jsonpath={.items..metadata.name}) -- /bin/sh
kubectl logs --container='dind' $(kubectl get pods --show-all --selector=name=dind --output=jsonpath={.items..metadata.name})
kubectl get pods --show-all --selector=type=build-job-type
kubectl logs --follow=true --container='build-job' build-job-pzg2f-bpmvv
# http://blog.terranillius.com/post/docker_builder_pattern/
docker build --tag "${acr_name}.azurecr.io/chgeuer/app:1.0.0" --file Dockerfile.build
export acr_name=chgeuerregistry2
container_id=$(docker run --detach --entrypoint "/bin/sleep" "${acr_name}.azurecr.io/chgeuer/app:1.0.0" 1d)
docker exec "${container_id}" tar cvfz /k8s_elixir.tgz /opt/app/_build/prod/rel/k8s_elixir
docker cp "${container_id}:/k8s_elixir.tgz" ./k8s_elixir.tgz
docker stop "${container_id}"
docker rm "${container_id}"