# Create the AKS cluster

In this notebook we'll setup the AKS cluster. To do so, we'll do the following:
1. check that there is enough quota to provision our desired cluster
2. provision the cluster using the `az cli`
3. set up blob fuse on the nodes so the pods in our kubernetes cluster can access our blob storage container

---

### Import packages and load .env

In [1]:
from dotenv import set_key, get_key, find_dotenv, load_dotenv
from pathlib import Path
import subprocess
import json
import os

In [2]:
env_path = find_dotenv(raise_error_if_not_found=True)
load_dotenv(env_path)

True

### Provision AKS cluster and set up blobfuse

Set how many nodes you want to provision.

In [3]:
node_count = 5
set_key(env_path, "NODE_COUNT", str(node_count))

(True, 'NODE_COUNT', '5')

Check that there are enough core of the "Standard_NC6s_v3". If not, check that there are enough core of the "Standard_D2s_v3". If not, raise exception. 

In [4]:
vm_dict = {
    "NCSv3": {
        "size": "Standard_NC6s_v3",
        "cores": 6
    },
    "DSv3": {
        "size": "Standard_D2s_v3",
        "cores": 2
    }
}

print("Checking quota for family size NCSv3...")
vm_family = "NCSv3"
requested_cores = node_count * vm_dict[vm_family]["cores"]

def check_quota(vm_family):
    """
    returns quota object
    """
    results = subprocess.run([
        "az", "vm", "list-usage", 
        "--location", get_key(env_path, "REGION"), 
        "--query", "[?contains(localName, '%s')].{max:limit, current:currentValue}" % (vm_family)
    ], stdout=subprocess.PIPE)
    quota = json.loads(''.join(results.stdout.decode('utf-8')))
    return int(quota[0]['max']) - int(quota[0]['current'])

diff = check_quota(vm_family)
if diff <= requested_cores:
    print("Not enough cores of NCSv3 in region, asking for {} but have {}".format(requested_cores, diff))
    
    print("Retrying with family size DSv3...")
    vm_family = "DSv3"
    requested_cores = node_count * vm_dict[vm_family]["cores"]
    
    diff = check_quota(vm_family)
    if diff <= requested_cores:
        print("Not enough cores of DSv3 in region, asking for {} but have {}".format(requested_cores, diff))
        raise Exception("Core Limit", "Note enough cores to satisfy request")

print("There are enough cores, you may continue...") 

Checking quota for family size NCSv3...
There are enough cores, you may continue...


Create the aks cluster. This step may take a while... Please note that this step creates another resource group in your subscription containing the actual compute of the AKS cluster.

*The `az aks create` command will generate service principal credentials (unless you explicitly specify it). So, if you have run this notebook before or have created an AKS cluster using the Azure CLI, you may need to clear service principal credentials stored to your machine's disk by running `rm ~/.azure/aksServicePrincipal.json`.*

In [5]:
!az aks create \
    --resource-group {get_key(env_path, "RESOURCE_GROUP")} \
    --name {get_key(env_path, "AKS_CLUSTER")} \
    --node-count {node_count} \
    --node-vm-size {vm_dict[vm_family]["size"]} \
    --generate-ssh-keys

[K{- Finished ..
  "aadProfile": null,
  "addonProfiles": null,
  "agentPoolProfiles": [
    {
      "availabilityZones": null,
      "count": 5,
      "enableAutoScaling": null,
      "maxCount": null,
      "maxPods": 110,
      "minCount": null,
      "name": "nodepool1",
      "orchestratorVersion": "1.12.7",
      "osDiskSizeGb": 100,
      "osType": "Linux",
      "provisioningState": "Succeeded",
      "type": "AvailabilitySet",
      "vmSize": "Standard_NC6s_v3",
      "vnetSubnetId": null
    }
  ],
  "apiServerAuthorizedIpRanges": null,
  "dnsPrefix": "oxfordclus-oxford-43f949",
  "enablePodSecurityPolicy": null,
  "enableRbac": true,
  "fqdn": "oxfordclus-oxford-43f949-c6cc4a17.hcp.chinaeast2.cx.prod.service.azk8s.cn",
  "id": "/subscriptions/43f94930-ca31-4ddc-91c2-2f1be4f0e8f3/resourcegroups/oxford/providers/Microsoft.ContainerService/managedClusters/oxfordcluster",
  "identity": null,
  "kubernetesVersion": "1.12.7",
  "linuxProfile": {
    "adminUsername": "azureuser",


In [47]:
!az aks show \
    --resource-group {get_key(env_path, "RESOURCE_GROUP")} \
    --name {get_key(env_path, "AKS_CLUSTER")} \
    --query nodeResourceGroup -o tsv

MC_oxford_oxfordcluster_chinaeast2
[0m

In [48]:
!az vm list \
    --resource-group 'MC_oxford_oxfordcluster_chinaeast2' -o table

Name                      ResourceGroup                       Location    Zones
------------------------  ----------------------------------  ----------  -------
aks-nodepool1-80042525-0  MC_oxford_oxfordcluster_chinaeast2  chinaeast2
aks-nodepool1-80042525-1  MC_oxford_oxfordcluster_chinaeast2  chinaeast2
aks-nodepool1-80042525-2  MC_oxford_oxfordcluster_chinaeast2  chinaeast2
aks-nodepool1-80042525-3  MC_oxford_oxfordcluster_chinaeast2  chinaeast2
aks-nodepool1-80042525-4  MC_oxford_oxfordcluster_chinaeast2  chinaeast2
[0m

In [49]:
!az vm user update \
  --resource-group 'MC_oxford_oxfordcluster_chinaeast2' \
  --name aks-nodepool1-80042525-0 \
  --username 'azureuser' \
  --ssh-key-value ~/.ssh/id_rsa.pub

[K{- Finished ..
  "autoUpgradeMinorVersion": false,
  "forceUpdateTag": null,
  "id": "/subscriptions/43f94930-ca31-4ddc-91c2-2f1be4f0e8f3/resourceGroups/MC_oxford_oxfordcluster_chinaeast2/providers/Microsoft.Compute/virtualMachines/aks-nodepool1-80042525-0/extensions/enablevmaccess",
  "instanceView": null,
  "location": "chinaeast2",
  "name": "enablevmaccess",
  "protectedSettings": null,
  "provisioningState": "Succeeded",
  "publisher": "Microsoft.OSTCExtensions",
  "resourceGroup": "MC_oxford_oxfordcluster_chinaeast2",
  "settings": {},
  "tags": null,
  "type": "Microsoft.Compute/virtualMachines/extensions",
  "typeHandlerVersion": "1.4",
  "virtualMachineExtensionType": "VMAccessForLinux"
}
[0m

In [50]:
!az vm list-ip-addresses \
    --resource-group 'MC_oxford_oxfordcluster_chinaeast2' -o table

VirtualMachine            PrivateIPAddresses
------------------------  --------------------
aks-nodepool1-80042525-0  10.240.0.7
aks-nodepool1-80042525-1  10.240.0.8
aks-nodepool1-80042525-2  10.240.0.6
aks-nodepool1-80042525-3  10.240.0.5
aks-nodepool1-80042525-4  10.240.0.4
[0m

In [51]:
!kubectl get nodes -o wide

NAME                       STATUS   ROLES   AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
aks-nodepool1-80042525-0   Ready    agent   24h   v1.12.7   10.240.0.7    <none>        Ubuntu 16.04.6 LTS   4.15.0-1040-azure   docker://1.13.1
aks-nodepool1-80042525-1   Ready    agent   24h   v1.12.7   10.240.0.8    <none>        Ubuntu 16.04.6 LTS   4.15.0-1040-azure   docker://1.13.1
aks-nodepool1-80042525-2   Ready    agent   24h   v1.12.7   10.240.0.6    <none>        Ubuntu 16.04.6 LTS   4.15.0-1040-azure   docker://1.13.1
aks-nodepool1-80042525-3   Ready    agent   24h   v1.12.7   10.240.0.5    <none>        Ubuntu 16.04.6 LTS   4.15.0-1040-azure   docker://1.13.1
aks-nodepool1-80042525-4   Ready    agent   24h   v1.12.7   10.240.0.4    <none>        Ubuntu 16.04.6 LTS   4.15.0-1040-azure   docker://1.13.1


In [54]:
!kubectl get pods

NAME                           READY   STATUS    RESTARTS   AGE
aks-ssh-589f4659c5-xlgp6       1/1     Running   0          24m
flask-app-c9dbdcb5f-bshgq      1/1     Running   0          4h37m
scoring-app-79fd8d578c-dwpsr   1/1     Running   0          4h38m
scoring-app-79fd8d578c-glbsc   1/1     Running   0          4h38m
scoring-app-79fd8d578c-jlwb9   1/1     Running   0          4h38m
scoring-app-79fd8d578c-sk5ds   1/1     Running   0          4h38m


In [55]:
!kubectl delete pod aks-ssh-589f4659c5-xlgp6

pod "aks-ssh-589f4659c5-xlgp6" deleted


In [57]:
!kubectl get pods

NAME                           READY   STATUS    RESTARTS   AGE
aks-ssh-589f4659c5-ttj87       1/1     Running   0          38s
flask-app-c9dbdcb5f-bshgq      1/1     Running   0          4h39m
scoring-app-79fd8d578c-dwpsr   1/1     Running   0          4h39m
scoring-app-79fd8d578c-glbsc   1/1     Running   0          4h39m
scoring-app-79fd8d578c-jlwb9   1/1     Running   0          4h39m
scoring-app-79fd8d578c-sk5ds   1/1     Running   0          4h39m


In [52]:
!echo '\n' | kubectl run -it --rm aks-ssh --image=debian

kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
Error from server (AlreadyExists): deployments.apps "aks-ssh" already exists


In [58]:
!sudo apt-get update && sudo apt-get install openssh-client -y

Hit:2 https://packages.microsoft.com/repos/azure-cli bionic InRelease          
Get:3 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]    
Hit:4 https://packages.microsoft.com/ubuntu/18.04/prod bionic InRelease        
Hit:5 http://azure.archive.ubuntu.com/ubuntu bionic InRelease                  
Hit:6 http://azure.archive.ubuntu.com/ubuntu bionic-updates InRelease          
Hit:7 http://azure.archive.ubuntu.com/ubuntu bionic-backports InRelease        
Ign:1 https://developer.download.nvidia.cn/compute/cuda/repos/ubuntu1604/x86_64  InRelease
Hit:8 https://developer.download.nvidia.cn/compute/cuda/repos/ubuntu1604/x86_64  Release
Fetched 88.7 kB in 2s (41.4 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
openssh-client is already the newest version (1:7.6p1-4ubuntu0.3).
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.


In [59]:
!cat ~/.ssh/id_rsa

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAsThnBNjfpk4tGvKDPYUtnZVCkwQ3nR+jCU8o4Q3oAVGHPqLE0lnd
CmjjqlmtgtnrsDMd35AJS0FsZEaYb+OEcLEgtcX1fPBkDN6MHlx90nz8u1p8NxN9hblO13
W43qXRuv1CI3KYrXf1ix4Ozl60m9APN3To+QENlNCY6W3cnQTJLOyYT+8h61OpNs+fqFmF
PO0UxCWJumuD9lyA7Cp2J0WxHGcmIbvRn9Oe3OyN4/fzvRxmChqhc6fwtkOnIb0bjKKYCt
MpDgu3M8GogkQQN3+bu1K0xuUMxYS03K3+vOCHxQvvxDlHRYjkZlRK9p1QG65OE3nfRuF6
IQpwsM48OCWnmnZWAONbwzkg4d/PBhVqvFtMF71uyLiKU7ZexsufQIETiGN+yFNuXbMb4t
FLkcDIYykgtXxWHEv7whiS5UjYkwo+XeHc5hDb3YpOJ3eUUsWRBCazWi4WWTDJPcWGM/iP
5laS/Aubs/f+EOaHGlrXeoMighx5DXwjmVwEG+NIt8v5JRgBwD9XYhO3voVnirwJXBrdxQ
VMzwNjCpgM/0M54LLj3T9qSmUZai66tWZ5lO1XcKlPW5XHFl92maJv4XUYPxy9ygkemn6F
EHhfC/HP4oAqbxCAimqIKWd1apxi9W1or9pmPtJvCMMcKeh11DPeZBVufa5LzsycgLTGE7
sAAAdQ59Hw6OfR8OgAAAAHc3NoLXJzYQAAAgEAsThnBNjfpk4tGvKDPYUtnZVCkwQ3nR+j
CU8o4Q3oAVGHPqLE0lndCmjjqlmtgtnrsDMd35AJS0FsZEaYb+OEcLEgtcX1fPBkDN6MHl
x90nz8u1p8NxN9hblO13W43qXRu

In [60]:
!kubectl cp ~/.ssh/id_rsa aks-ssh-589f4659c5-ttj87:/id_rsa

In [63]:
!kubectl exec aks-ssh-589f4659c5-ttj87 -- cat /id_rsa

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAsThnBNjfpk4tGvKDPYUtnZVCkwQ3nR+jCU8o4Q3oAVGHPqLE0lnd
CmjjqlmtgtnrsDMd35AJS0FsZEaYb+OEcLEgtcX1fPBkDN6MHlx90nz8u1p8NxN9hblO13
W43qXRuv1CI3KYrXf1ix4Ozl60m9APN3To+QENlNCY6W3cnQTJLOyYT+8h61OpNs+fqFmF
PO0UxCWJumuD9lyA7Cp2J0WxHGcmIbvRn9Oe3OyN4/fzvRxmChqhc6fwtkOnIb0bjKKYCt
MpDgu3M8GogkQQN3+bu1K0xuUMxYS03K3+vOCHxQvvxDlHRYjkZlRK9p1QG65OE3nfRuF6
IQpwsM48OCWnmnZWAONbwzkg4d/PBhVqvFtMF71uyLiKU7ZexsufQIETiGN+yFNuXbMb4t
FLkcDIYykgtXxWHEv7whiS5UjYkwo+XeHc5hDb3YpOJ3eUUsWRBCazWi4WWTDJPcWGM/iP
5laS/Aubs/f+EOaHGlrXeoMighx5DXwjmVwEG+NIt8v5JRgBwD9XYhO3voVnirwJXBrdxQ
VMzwNjCpgM/0M54LLj3T9qSmUZai66tWZ5lO1XcKlPW5XHFl92maJv4XUYPxy9ygkemn6F
EHhfC/HP4oAqbxCAimqIKWd1apxi9W1or9pmPtJvCMMcKeh11DPeZBVufa5LzsycgLTGE7
sAAAdQ59Hw6OfR8OgAAAAHc3NoLXJzYQAAAgEAsThnBNjfpk4tGvKDPYUtnZVCkwQ3nR+j
CU8o4Q3oAVGHPqLE0lndCmjjqlmtgtnrsDMd35AJS0FsZEaYb+OEcLEgtcX1fPBkDN6MHl
x90nz8u1p8NxN9hblO13W43qXRu

In [45]:
!chmod 0600 ~/.ssh/id_rsa

Install Kubectl - this tool is used to manage the kubernetes cluster.

In [6]:
!sudo az aks install-cli

[33mDownloading client to "/usr/local/bin/kubectl" from "https://mirror.azure.cn/kubernetes/kubectl/v1.15.0/bin/linux/amd64/kubectl"[0m
[33mPlease ensure that /usr/local/bin is in your search PATH, so the `kubectl` command can be found.[0m
[0m

In [7]:
!az aks get-credentials \
    --resource-group {get_key(env_path, 'RESOURCE_GROUP')}\
    --name {get_key(env_path, 'AKS_CLUSTER')}

Merged "oxfordcluster" as current context in /home/aperture/.kube/config
[0m

Check also that the nodes are up and ready using this command. You may choose to run this command in a new cell.
```bash
!kubectl get nodes
```

### Blobfuse on AKS

Now we setup our AKS cluster so that we have blob storage mounted onto the nodes using blob fuse. More info [here](https://github.com/Azure/kubernetes-volume-drivers/tree/master/flexvolume/blobfuse).

Install blobfuse driver on every agent VM.

In [8]:
!kubectl create -f https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/blobfuse/deployment/blobfuse-flexvol-installer-1.9.yaml

Error from server (AlreadyExists): error when creating "https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/blobfuse/deployment/blobfuse-flexvol-installer-1.9.yaml": daemonsets.apps "blobfuse-flexvol-installer" already exists


Check daemonset status.

In [9]:
!kubectl describe daemonset blobfuse-flexvol-installer --namespace=kube-system
!kubectl get po --namespace=kube-system -o wide

Name:           blobfuse-flexvol-installer
Selector:       name=blobfuse
Node-Selector:  beta.kubernetes.io/os=linux
Labels:         k8s-app=blobfuse
Annotations:    deprecated.daemonset.template.generation: 1
Desired Number of Nodes Scheduled: 5
Current Number of Nodes Scheduled: 5
Number of Nodes Scheduled with Up-to-date Pods: 5
Number of Nodes Scheduled with Available Pods: 5
Number of Nodes Misscheduled: 0
Pods Status:  5 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:  name=blobfuse
  Containers:
   blobfuse-flexvol-installer:
    Image:        mcr.microsoft.com/k8s/flexvolume/blobfuse-flexvolume:1.0.9
    Port:         <none>
    Host Port:    <none>
    Environment:  <none>
    Mounts:
      /etc/kubernetes/volumeplugins/ from volplugins (rw)
      /var/log/ from varlog (rw)
  Volumes:
   varlog:
    Type:          HostPath (bare host directory volume)
    Path:          /var/log/
    HostPathType:  
   volplugins:
    Type:          HostPath (bare host dir

Set up credentials for blobfuse.

In [10]:
!kubectl create secret generic blobfusecreds \
    --from-literal accountname={get_key(env_path, 'STORAGE_ACCOUNT_NAME')} \
    --from-literal accountkey={get_key(env_path, 'STORAGE_ACCOUNT_KEY')} \
    --type="azure/blobfuse"

Error from server (AlreadyExists): secrets "blobfusecreds" already exists


Set the mount directory on our AKS cluster as en dotenv variable.

In [11]:
set_key(env_path, "MOUNT_DIR", "/data")

(True, 'MOUNT_DIR', '/data')

---

Continue to the next [notebook](/notebooks/04_style_transfer_on_aks.ipynb).