-
-
Save matthewpalmer/047738f3b3804a5e91d08909ce7024a9 to your computer and use it in GitHub Desktop.
| # Example YAML configuration for the sidecar pattern. | |
| # It defines a main application container which writes | |
| # the current date to a log file every five seconds. | |
| # The sidecar container is nginx serving that log file. | |
| # (In practice, your sidecar is likely to be a log collection | |
| # container that uploads to external storage.) | |
| # To run: | |
| # kubectl apply -f pod.yaml | |
| # Once the pod is running: | |
| # | |
| # (Connect to the sidecar pod) | |
| # kubectl exec pod-with-sidecar -c sidecar-container -it bash | |
| # | |
| # (Install curl on the sidecar) | |
| # apt-get update && apt-get install curl | |
| # | |
| # (Access the log file via the sidecar) | |
| # curl 'http://localhost:80/app.txt' | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: pod-with-sidecar | |
| spec: | |
| # Create a volume called 'shared-logs' that the | |
| # app and sidecar share. | |
| volumes: | |
| - name: shared-logs | |
| emptyDir: {} | |
| # In the sidecar pattern, there is a main application | |
| # container and a sidecar container. | |
| containers: | |
| # Main application container | |
| - name: app-container | |
| # Simple application: write the current date | |
| # to the log file every five seconds | |
| image: alpine # alpine is a simple Linux OS image | |
| command: ["/bin/sh"] | |
| args: ["-c", "while true; do date >> /var/log/app.txt; sleep 5;done"] | |
| # Mount the pod's shared log file into the app | |
| # container. The app writes logs here. | |
| volumeMounts: | |
| - name: shared-logs | |
| mountPath: /var/log | |
| # Sidecar container | |
| - name: sidecar-container | |
| # Simple sidecar: display log files using nginx. | |
| # In reality, this sidecar would be a custom image | |
| # that uploads logs to a third-party or storage service. | |
| image: nginx:1.7.9 | |
| ports: | |
| - containerPort: 80 | |
| # Mount the pod's shared log file into the sidecar | |
| # container. In this case, nginx will serve the files | |
| # in this directory. | |
| volumeMounts: | |
| - name: shared-logs | |
| mountPath: /usr/share/nginx/html # nginx-specific mount path |
I'm getting error
error: a container name must be specified for pod pod-with-sidecar, choose one of: [app-container sidecar-container]
I'm getting error
error: a container name must be specified for pod pod-with-sidecar, choose one of: [app-container sidecar-container]
Seems you check logs on pod, to do that you need to append containers name (as per message above or append switch such as --all-containers
to send any command to a container inside a pod that is not default (there's more than 1) use -c "containerName". Example:
kubectl exec -it pod-with-sidecar -c sidecar-container -- ls -la /usr/share/nginx/html
Hello,
Now i am trying to use Pod user Manage Identity instead of service principle, Now I am able to update pod identity on my cluster and but now while trying to create ResoureGroup I am getting following error
message: "DefaultAzureCredential: failed to acquire a token.\nAttempted credentials:\n\tEnvironmentCredential:
incomplete environment variable configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID
are set\n\tWorkloadIdentityCredential: no token file specified. Check pod
configuration or set TokenFilePath in the options\n\tManagedIdentityCredential:
managed identity timed out\n\tAzureCLICredential: fork/exec /bin/sh: no such
file or directory"
observedGeneration: 1
reason: UnknownError
Below are the steps I have performed it on our Private AKS cluster
Step1:
az aks update \
--resource-group dev \
--name dev-cluster \
--enable-managed-identity \
--assign-identity /subscriptions/aaaaaaaaaa/resourceGroups/dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-azureoperator
az aks update --enable-pod-identity --name dev-magenta-mlops-cluster --resource-group dev-magenta --enable-pod-identity-with-kubenet
export POD_IDENTITY_NAMESPACE=azureserviceoperator-system
export IDENTITY_RESOURCE_ID="/subscriptions/aaaaaaaaaa/resourceGroups/dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-azureoperator"
export POD_IDENTITY_NAME=az-pod-identity
az aks pod-identity add --resource-group dev --cluster-name dev-cluster --namespace ${POD_IDENTITY_NAMESPACE} --name ${POD_IDENTITY_NAME} --identity-resource-id ${IDENTITY_RESOURCE_ID}
Step2: I have deployed Azure Operator using v2 helm charts
helm upgrade --install azure-service-operator . \
--create-namespace \
--namespace=azureserviceoperator-system \
--set azureSubscriptionID=aaaaaaa \
--set azureTenantID=aaaaaa \
--set azureClientID=<Manager Identiy Clientid> \
--set crdPattern='resources.azure.com/*;storage.azure.com/*;authorization.azure.com/*;managedidentity.azure.com/*'
Step3: Here I was getting above error
Now I am trying to create Resources on Azure
apiVersion: resources.azure.com/v1beta20200601
kind: ResourceGroup
metadata:
name: dev-mlflow-rg
namespace: azureserviceoperator-system
spec:
location: Westeurope
kubectl create resource.yaml
Good example about multi-container use case.