Building reliability into the K8s ACI Connector demo #103
Conversation
… into rgardler-rbitia-addingk8 adding Ross's changes to the connector demo to my branch
Merging branches with ross's edits
…nky but othwerwise the pod does start now
|
|
||
| ``` | ||
| SUBSCRIPTION_ID=$(az account show | jq -r '.id') | ||
| SP_JSON=$(az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$SIMDEM_RESOURCE_GROUP") | ||
| SP_JSON=$(az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID") |
There was a problem hiding this comment.
Is this really necessary? This is a very powerful SP.
There was a problem hiding this comment.
We are blocked on the dev side so gonna need this to go through for now :/ - it will stay in incubator but this is what sean is going to end up demoing @seanmck is this okay with you? - to have the sp be at the sub level for the demo...
There was a problem hiding this comment.
OK in incubator with a FIXME, not sure we want to be recommending it to folks though.
| SP_JSON=$(az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$SIMDEM_RESOURCE_GROUP") | ||
| SP_JSON=$(az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID") | ||
| ``` | ||
| ##Register the app |
There was a problem hiding this comment.
Can you please explain what is happening here. What is the "app" and why do we need to register it?
There was a problem hiding this comment.
"resource provider - A service that supplies the resources you can deploy and manage through Resource Manager. Each resource provider offers operations for working with the resources that are deployed. Some common resource providers are Microsoft.Compute, which supplies the virtual machine resource, Microsoft.Storage, which supplies the storage account resource, and Microsoft.Web, which supplies resources related to web apps." So ACI is provided through Container Instance resource manager - usually this linkage is automatic but for some people it might not be
There was a problem hiding this comment.
I meant can you explain it in the doc :-)
Also note you have a typo here (missing space between '#' and 'Register'
| @@ -61,7 +67,7 @@ spec: | |||
| spec: | |||
| containers: | |||
| - name: aci-connector | |||
| image: microsoft/aci-connector-k8s:latest | |||
| image: microsoft/aci-connector-k8s:canary | |||
There was a problem hiding this comment.
This is OK in incubator but we need to pin to a release version before we can graduate.
|
|
||
| ``` | ||
| xdg-open $NGINX | ||
| kubectl get pods -o wide |
There was a problem hiding this comment.
Nope this is not enough for a demo. This says it's running but it doesn't prove it is.
There was a problem hiding this comment.
I don't know if it worked or not - I'll try again though
|
|
||
| ``` | ||
| NGINX_IP="" | ||
| while [ -z $NGINX_IP ]; do sleep 10; NGINX_IP=$(kubectl get service vamp -o jsonpath="{.status.loadBalancer.ingress[*].ip}"); done |
There was a problem hiding this comment.
Why are we removing this? Your comment on the PR says it's necessary to remove it but not why. There is no replacement for this logic and thus we are left without demonstrating that the container is actually running.
There was a problem hiding this comment.
I tested the line in bash and it didn't work as expected
There was a problem hiding this comment.
So you don't want to wait for an IP? Isn't it better to fix it rather than remove it entirely? The problem is that you are looking up the wrong service name (it's not 'vamp')
| @@ -2,5 +2,5 @@ | |||
| "ACS_RESOURCE_GROUP": "acs-k8s-test", | |||
| "ACS_CLUSTER_NAME": "acs-k8s-test", | |||
| "ACS_DNS_PREFIX": "acs-k8s-test", | |||
| "ACS_REGION": "eastus" | |||
| "ACS_REGION": "westus" | |||
There was a problem hiding this comment.
Why the change to West US? What is wrong with East US?
SorraTheOrc
changed the title
|
If you want this merged you'll have to fix the conflicts above. |
Added fixes for ACI connector which includes a canary build of the connector. Also scoped the service principle differently. @rgardler I took out some of your nginx stuff because it wasn't giving me an ip even though it was running - we don't support kubectl get logs and some other ip getting things but I was able to get it in a json format output but I need some help with the correct json string because it's slightly different from what you have.
This is what I deleted : Since we need to ensure our Public IPs have been assigned before
proceeding, and because we need the IP number later we'll run a loop
to grab the IP once assinged. This is a little cumbersome but great if
you want to script things. If you are doing this manually you can use
kubectl get service --waitto display changes as they happen.NGINX_IP=""$NGINX_IP ]; do sleep 10; NGINX_IP=$ (kubectl get service vamp -o jsonpath="{.status.loadBalancer.ingress[*].ip}"); done
while [ -z
Now we have our IP:
echo $NGINX_IP
Take a look...
xdg-open $NGINX