Microsoft’s Azure based implemenation of [[Kubernetes]]

## Links

  • The Slack #discuss-aks channel
  • [[Kubernetes]]
  • Grafana AKS

From the Command Line

The az aks command.

az login
az aks show                --name as-pd-eun-bo2-aks --resource-group as-pd-eun-bo2-aks-rg --subscription  AsosCommerce # Returns a JSON object
az aks get-credentials --name as-pd-eun-bo2-aks --resource-group as-pd-eun-bo2-aks-rg --subscription  AsosCommerce

Authentication (Can be) via AD, from the Slack #discuss-aks channel

 az vm user update   --resource-group ecomm-backoffice-eun-jenkins-Prod   --name jenkinsEunProd   --username esin   --ssh-key-value ~/.ssh/id_rsa.pub

Q: Does anyone know who I should speak to to get admin access in the “as-np-eun-brw-aks” cluster? I need to perform some debugging actions for the production Navigation API
A: You will need to be added to AD group named AsosBrowseNonProd_brw_AKS_TroubleShooters_Admin

View AD Groups here.

AsosCommerce_bo2_aks_troubleshooters_admin

Service Fabric -> AKS

Plat Eng

Saved Items: AKS - 3 months

3-400 -> 1,000 RBs for flash sales

So many moving parts Traffik pods

GA for multiple node pools in 2 months Scale set GA 3-4 weeks

6 - 6.5 min to provision, we are about 10 min

Moving from Service Principle to Managed Identity. e.g Cluster Identity -> pod Identity etc Nov. timeframe

Severless K8S using AKS Virtual Notes / [[ACI]] - recent price reduction Uses Virtual Kubelet K8S to provide the Orchestration for ACI

Pod auto scaling with ACI require the ACI’s to be on separate subnet.

  • Daemonsets don’t run the same as the host isn’t there
  • Can’t mount a managed disk into a ACI pod.

aquasec.com c.f. ASE

Dev Spaces moving into Azure Pipeline CI/CD

Use ACR to build Docker images?

Azure Policy for AKS - November, currently limited policies JSON links to .repo files

Digicore - cert manager issues

Promethium scrapers -> log analytics via Traffik

SPN Pipline was broken -> log analytics

Roles -> central repo

Saved items issues -> Pods were busy -> Helm time-out PROD

Q: Security no IP White / Aquasec (Brows / Data science) DevOps hosted agents via Snyk

Should we AquaSec Reboot ??

Ian -> VPN Situation loading EUN/EUW IP addresses. This is Version 13. The add Azure DevOps agents -> Hosted agents are on dynamic public IP addresses. NSG’s etc

Moving to a non-piered world

22-Oct major cluster changes to use DMSS

Francis: Senior SW Engineer -