iT邦幫忙

2019 iT 邦幫忙鐵人賽

DAY 30
2

總算寫完鐵人賽的最後一篇, 有一種要升天的港覺, 寫完就可以從這個自虐的挑戰賽解脫囉!/images/emoticon/emoticon06.gif
今天這篇筆記輕鬆地介紹怎麼連線到 AKS 叢集進行維護. 說真的, 在這 30 天的過程, 還真有不少機會要進入 AKS 主機中 Troubleshooting 呢! 希望寫這篇以後可以有需要可以再來參考參考, 免得忘記了!

使用 SSH 連線至 AKS 叢集進行維護

(部分資訊將會遮罩)

  1. 使用命令 az aks show --resource-group 15maksrg --name 15makscls --query nodeResourceGroup -o tsv 取得 node resource group
PS C:\k8s> az aks show --resource-group 15maksrg --name 15makscls --query nodeResourceGroup -o tsv
MC_15maksrg_15makscls_southeastasia
  1. 接著使用命令 az vm list --resource-group MC_15maksrg_15makscls_southeastasia -o table 列出 VM 主機
PS C:\k8s> az vm list --resource-group MC_15maksrg_15makscls_southeastasia -o table
Name                      ResourceGroup                        Location       Zones
------------------------  -----------------------------------  -------------  -------
aks-nodepool1-25432928-0  MC_15maksrg_15makscls_southeastasia  southeastasia
aks-nodepool1-25432928-1  MC_15maksrg_15makscls_southeastasia  southeastasia
aks-nodepool1-25432928-2  MC_15maksrg_15makscls_southeastasia  southeastasia
  1. 使用命令 az vm list-ip-addresses --resource-group MC_15maksrg_15makscls 列出 node IP address
PS C:\k8s> az vm list-ip-addresses --resource-group MC_15maksrg_15makscls_southeastasia -o table
VirtualMachine            PrivateIPAddresses
------------------------  --------------------
aks-nodepool1-25432928-0  10.240.0.4
aks-nodepool1-25432928-1  10.240.0.5
aks-nodepool1-25432928-2  10.240.0.6
  1. 使用命令 kubectl run -it --rm aks-ssh --image=ubuntu 建立一個 ubuntu Pod, 並連線進入shell
PS C:\k8s> kubectl run -it --rm aks-ssh --image=ubuntu
If you don't see a command prompt, try pressing enter.
  1. 接下來安裝以下的幾個套件:
    apt-get update && apt install curl -y
    apt-get update && apt-get install openssh-client -y
    apt-get update && apt-get install lsb-release -y
    apt-get update && apt-get install gnupg -y
  2. 安裝 Azure Cli
    (1) 寫入 source list
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list

(2) 取得 package key

curl -L https://packages.microsoft.com/keys/microsoft.asc | apt-key add -

(3) 使用命令 apt-get update && apt-get install azure-cli -y 安裝 Azure cli
7. 使用命令 ssh-keygen -t rsa -b 2048 產生 SSH key pair

root@aks-ssh-6fbc77d848-9zllc:/# ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3MeijgoIiwu5EqfjjBTdGFmZLrDC8HDEt/wCYjLy918 root@aks-ssh-6fbc77d848-9zllc
The key's randomart image is:
+---[RSA 2048]----+
| o.  .o          |
|o.o +o           |
|o+o=..           |
|*++.*. . . .     |
|*= +.o  S o o    |
|+++ o .  . o     |
|*=.. o  . E      |
|Oo .  .o .       |
|*+  ....o        |
+----[SHA256]-----+
  1. 使用命令 az login 登入 Azure, 需要使用 Browser 連線至 https://microsoft.com/devicelogin, 並輸入產生的 Key
root@aks-ssh-6fbc77d848-9zllc:/# az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HXEJ566KH to authenticate.
[
  <略...>
  {
    "cloudName": "AzureCloud",
    "id": "11e5233d-dbe1-4167-ac91-????????????",
    "isDefault": true,
    "name": "Visual Studio Ultimate with MSDN",
    "state": "Enabled",
    "tenantId": "293a593f-cc57-451b-b293-????????????",
    "user": {
      "name": "?????@?????.com",
      "type": "user"
    }
  }
]
  1. 使用命令 az vm user update, 將 ssh public key 更新
az vm user update --resource-group MC_15maksrg_15makscls_southeastasia --name aks-nodepool1-25432928-0 --username azureuser --ssh-key-value /home/sam/.ssh/id_rsa.pub
  1. 使用命令 ssh -i /root/.ssh/id_rsa azureuser@10.240.0.4 連線至 Cluster node
root@aks-ssh-6fbc77d848-9zllc:/# ssh -i /root/.ssh/id_rsa azureuser@10.240.0.4
The authenticity of host '10.240.0.4 (10.240.0.4)' can't be established.
ECDSA key fingerprint is SHA256:IuVBOUs+QEZOZYvtenklKFFF5bz9LYkQn07tsmopZPI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.240.0.4' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.15.0-1023-azure x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

30 packages can be updated.
0 updates are security updates.


*** System restart required ***

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

azureuser@aks-nodepool1-25432928-0:~$

大功告成了, 總算完成了 30 天的鐵人賽, 開勳喝一杯!/images/emoticon/emoticon73.gif


參考資料:


上一篇
Day 29 - 整合 AKS 使用 VSTS 建立 CI/CD pipeline
系列文
15 分鐘學習系列 - 第一次學 Kubernetes 就上手30

1 則留言

0
陳小熊
iT邦新手 4 級 ‧ 2018-11-15 00:23:49

辛苦了,寫的很詳盡。謝謝分享。也恭喜完成30天挑戰!!!

我要留言

立即登入留言