Kubernetes Setup¶

Generic CLI setup¶

Make sure you have the az cli installed before you start, and that you are connected to Cloudflare WARP (the VPN).

# Login. If asked, pick the dev sub
> az login
# To install kubectl and kubelogin
> az aks install-cli
# Restart your terminal
# Get credentials
> az account set -s 'minority-prod'
> az aks get-credentials --resource-group prod-bankAksv2-use2-rg --name prod-bankv2-use2-aks
> az account set -s 'minority-dev'
> az aks get-credentials --resource-group dev-bankAksv2-use2-rg --name dev-bankv2-use2-aks
> az aks get-credentials --resource-group stage-bankAksV2-use2-rg --name stage-bankV2-use2-aks
# Try kubectl, for example. This will ask you to authenticate with a devicelogin url, and after that it should work.
kubectl get pods -n minority

Useful commands:¶

> kubectl describe pod <pod_name>

> kubectl logs <pod_name>

> kubectl get events

> kubectl get pod

Visual Studio Code¶

Commands to downloads the kubeconfigs:¶

> az login

> az account set -s 'minority-prod'

> az aks get-credentials --resource-group prod-bankAksv2-use2-rg --name prod-bankv2-use2-aks

> az account set -s 'minority-dev'

> az aks get-credentials --resource-group dev-bankAksv2-use2-rg --name dev-bankv2-use2-aks

> az aks get-credentials --resource-group stage-bankAksv2-use2-rg --name stage-bankv2-use2-aks

Additional setup (please refresh or remove these if not relevant anymore):¶

Hub¶

This aks cluster hosts the deploy agents used by azure pipelines. The same cluster is used to deploy on dev and stage.

> az account set --subscription minority-dev

> az aks get-credentials --resource-group dev-hub-use2-rg --name dev-bank_cicd-use2-aks --overwrite-existing

Change your local host file¶

Since these new clusters are azure private clusters, we cannot access them publicly. We have set up a vpn from the office to reach out to new clusters. In order to connect we need to do two following things:

Make sure you are connected to cloudVpn with the "TECH" role.
Enter these value in host files of your local machine
192.168.112.4   dev-minority-a6f81020.10c46108-69c0-4a5f-9446-84caf5a68fb3.privatelink.eastus2.azmk8s.io.
10.200.80.4   stage-minority-0ac91320.2916afd4-25b7-4f3c-9495-43c81be80dba.privatelink.eastus2.azmk8s.io.
192.168.128.5   cicd-minority-6bbd939b.929bfa8c-003f-4f82-8afd-d7cbaf4f4670.privatelink.eastus2.azmk8s.io.

Kubelogin¶

Make sure you have installed the Kubectl and Kubelogin so you can run kubectl commands using your AAD credentials normally.

> winget install --id=Kubernetes.kubectl  -e
> winget install --id=Microsoft.Azure.Kubelogin  -e

Authenticate against AAD¶

Run kubectl get nodes. You will be prompted to enter a token on the browser. Once you verify yourself on the browser, you should be good to go.