-
-
Save matthewpalmer/047738f3b3804a5e91d08909ce7024a9 to your computer and use it in GitHub Desktop.
# Example YAML configuration for the sidecar pattern. | |
# It defines a main application container which writes | |
# the current date to a log file every five seconds. | |
# The sidecar container is nginx serving that log file. | |
# (In practice, your sidecar is likely to be a log collection | |
# container that uploads to external storage.) | |
# To run: | |
# kubectl apply -f pod.yaml | |
# Once the pod is running: | |
# | |
# (Connect to the sidecar pod) | |
# kubectl exec pod-with-sidecar -c sidecar-container -it bash | |
# | |
# (Install curl on the sidecar) | |
# apt-get update && apt-get install curl | |
# | |
# (Access the log file via the sidecar) | |
# curl 'http://localhost:80/app.txt' | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: pod-with-sidecar | |
spec: | |
# Create a volume called 'shared-logs' that the | |
# app and sidecar share. | |
volumes: | |
- name: shared-logs | |
emptyDir: {} | |
# In the sidecar pattern, there is a main application | |
# container and a sidecar container. | |
containers: | |
# Main application container | |
- name: app-container | |
# Simple application: write the current date | |
# to the log file every five seconds | |
image: alpine # alpine is a simple Linux OS image | |
command: ["/bin/sh"] | |
args: ["-c", "while true; do date >> /var/log/app.txt; sleep 5;done"] | |
# Mount the pod's shared log file into the app | |
# container. The app writes logs here. | |
volumeMounts: | |
- name: shared-logs | |
mountPath: /var/log | |
# Sidecar container | |
- name: sidecar-container | |
# Simple sidecar: display log files using nginx. | |
# In reality, this sidecar would be a custom image | |
# that uploads logs to a third-party or storage service. | |
image: nginx:1.7.9 | |
ports: | |
- containerPort: 80 | |
# Mount the pod's shared log file into the sidecar | |
# container. In this case, nginx will serve the files | |
# in this directory. | |
volumeMounts: | |
- name: shared-logs | |
mountPath: /usr/share/nginx/html # nginx-specific mount path |
I'm getting error
error: a container name must be specified for pod pod-with-sidecar, choose one of: [app-container sidecar-container]
I'm getting error
error: a container name must be specified for pod pod-with-sidecar, choose one of: [app-container sidecar-container]
Seems you check logs on pod, to do that you need to append containers name (as per message above or append switch such as --all-containers
to send any command to a container inside a pod that is not default (there's more than 1) use -c "containerName". Example:
kubectl exec -it pod-with-sidecar -c sidecar-container -- ls -la /usr/share/nginx/html
Hello,
Now i am trying to use Pod user Manage Identity instead of service principle, Now I am able to update pod identity on my cluster and but now while trying to create ResoureGroup I am getting following error
message: "DefaultAzureCredential: failed to acquire a token.\nAttempted credentials:\n\tEnvironmentCredential:
incomplete environment variable configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID
are set\n\tWorkloadIdentityCredential: no token file specified. Check pod
configuration or set TokenFilePath in the options\n\tManagedIdentityCredential:
managed identity timed out\n\tAzureCLICredential: fork/exec /bin/sh: no such
file or directory"
observedGeneration: 1
reason: UnknownError
Below are the steps I have performed it on our Private AKS cluster
Step1:
az aks update \
--resource-group dev \
--name dev-cluster \
--enable-managed-identity \
--assign-identity /subscriptions/aaaaaaaaaa/resourceGroups/dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-azureoperator
az aks update --enable-pod-identity --name dev-magenta-mlops-cluster --resource-group dev-magenta --enable-pod-identity-with-kubenet
export POD_IDENTITY_NAMESPACE=azureserviceoperator-system
export IDENTITY_RESOURCE_ID="/subscriptions/aaaaaaaaaa/resourceGroups/dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-azureoperator"
export POD_IDENTITY_NAME=az-pod-identity
az aks pod-identity add --resource-group dev --cluster-name dev-cluster --namespace ${POD_IDENTITY_NAMESPACE} --name ${POD_IDENTITY_NAME} --identity-resource-id ${IDENTITY_RESOURCE_ID}
Step2: I have deployed Azure Operator using v2 helm charts
helm upgrade --install azure-service-operator . \
--create-namespace \
--namespace=azureserviceoperator-system \
--set azureSubscriptionID=aaaaaaa \
--set azureTenantID=aaaaaa \
--set azureClientID=<Manager Identiy Clientid> \
--set crdPattern='resources.azure.com/*;storage.azure.com/*;authorization.azure.com/*;managedidentity.azure.com/*'
Step3: Here I was getting above error
Now I am trying to create Resources on Azure
apiVersion: resources.azure.com/v1beta20200601
kind: ResourceGroup
metadata:
name: dev-mlflow-rg
namespace: azureserviceoperator-system
spec:
location: Westeurope
kubectl create resource.yaml
Good example about multi-container use case.