Posted on Leave a comment

Deploying kubernetes applications with 2-clicks | Azure DevOps & Terraform

When you read the title you may think that this article can be a clickbait. That’s the reason you should continue reading until this end to figure out that deploying k8s application with Azure DevOps and terraform can be very easy when you create everything through infrastructure as code.

In this example we will utilize Azure DevOps pipelines and terraform to deploy a yaml definition on an AKS cluster that runs on Azure. For this output we will need three steps.

The first step is to create an AKS cluster on Azure. When we have the infrastructure ready we can then continue and bind Azure DevOps pipelines with the AKS resource so that we can deploy on the cluster. The last step is to have the yaml definition of the application that we need to deploy and run the application deployment process inside azure devops.

The project is structure as shown in the below picture.

  • The code folder contains the yaml k8s definition file.
  • The iac_aks creates the AKS cluster inside Azure
  • The iac_devops creates the Azure Devops resources needed (Service connection with AKS)
  • And finally the azure-pipeline and application-pipeline are the pipelines that will run the automation and do the job.

In order to try out the example the first think that you need to do is to create a variable group inside azure devops and store two values. The first value will be the secret Personal access token that will be used to create the Azure DevOps resources. The second one is the URL of your Azure DevOps organization.

When those are set you will need to change the tfvars files and add the names that you prefer for the resources creation. Finally you can have your deployment ready with just two clicks. One for the infra pipelines and one for the application pipeline.

Code is hosted on Github
https://github.com/geralexgr/globalazuregreece2024

Posted on Leave a comment

How to find custom defined values in helm charts

I was trying to validate if a custom value that I overrode on a helm deployment was correct. In order to override a value in values.yaml you will need to pass the set flag as shown below.

helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube --set persistence.enabled=true

In the above installation command I override the persistence.enabled value to true instead of false that is by default.

First of all you will need to get the release name of the helm chart that you deployed. You can find this information by

helm list --all -n namespace

After finding the name of the release you will need to use the get command in order to get values.

 helm -n sonarqube get values sonarqube -n sonarqube

This option will persist the Elasticsearch indexes in a Persistent Volume, but with regular killing operations by the Kubernetes Cluster, these indexes can be corrupted. By default, persistency is disabled in the Helm chart.

Deploy SonarQube on Kubernetes (sonarsource.com)

Posted on 2 Comments

error: the namespace from the provided object does not match the namespace. You must pass –namespace to perform this operation

When you need to copy a secret from one namespace to another in a Kubernetes cluster you may face the below error.

error: the namespace from the provided object "" does not match the namespace "". You must pass --namespace to perform this operation

The issue can be found because of the origin namespace that is referenced inside the secret. In order to bypass you can export the secret and change the referenced namespace.

kubectl get secret mysecret --namespace=ns1 -o yaml > export.yaml

In order to get it work you will need to change the namespace according to your new namespace in the export.yaml and apply it.

namespace: ns2
Posted on Leave a comment

Error from server (Forbidden): nodes is forbidden: User “” cannot list resource “nodes” in API group “” at the cluster scope

kubelogin is a client-go credential (exec) plugin implementing azure authentication. This plugin provides features that are not available in kubectl. It is supported on kubectl v1.11+ and you can bypass interactive authentication with it. This means that you do not have to enter a device code login when interacting with AKS.

I had to use the tool for managed identity authentication with Kubernetes service. In the documentation you can find instructions on how to use it for cases like user login, service principal, managed identity.

https://azure.github.io/kubelogin/concepts/login-modes/msi.html

Although I was following the correct instructions I was struggling with the error shown below when I was executing kubectl commands.

This error was due to the fact that I was not requesting the admin credentials on the kubectl command.

When I was asking for credentials with the below command I ended up with the error.

az aks get-credentials--resource-group rg --name clustername

As I had assigned the Kubernetes admin Cluster role on my managed identity I was able to execute kubectl commands when using.

az aks get-credentials --admin --resource-group rg --name clustername