Dapr is an event-driven, portable runtime for building microservices on cloud and edge.
Dapr supports the fundamental features you’ll need such as: service invocation, state management, publish/subscribe messaging and since version 0.5.0 the ability to read from secret stores!
This post will show you to read kubernetes secrets using Dapr and .NET Core:
a couple of weeks ago I was trying to deploy MongoDB in AKS using the MongoDB Enterprise Operator and had trouble finding a simple tutorial to make the thing work. This post intends to fill that gap with a straight to the point approach.
Prerequisites # Be sure to deploy AKS with a set of nodes with at least 8GB of RAM. I used Standard_D3_v2
A common challenge when building cloud applications is how to manage the credentials in your code for authenticating to cloud services. In this session we’ll explore how to keep your credentials safe and how you can work without saving those credentials in the developers machines and therefore avoid an accidental upload to source control.
What if I tell you that it’s possible to connect you AKS pods to an Azure Key Vault using identities but without having to use credentials in an explicit way?
Well with AAD Pod Identities you can enable your Kubernetes applications to access Azure cloud resources securely using Azure Active Directory (AAD) including Azure Key Vault.
Durante el mes de Octubre tuve la suerte de grabar en LinkedIn Learning mi primer curso online sobre Kubernetes.
Aun me queda mucho por aprender y mejorar en este formato, ya que mientras grabas los cursos no recibes feedback inmediato como sí ocurre cuando das una charla o haces una presentación.
Recently I learned about GitOps which is a way to manage your Kubernetes clusters and the applications you run on top using Git. The idea is that you can declaratively describe the desired state of your systems in Git and roll out changes as soon as merges occur.
You can immediately see the main benefits of such an approach: Your Git repositories become the single source of truth for both your infrastructure and application code, allowing the teams to increase productivity and stability (you get the Git log to audit changes).
Two weeks ago I got an email message from Microsoft Azure explaining that Azure Kubernetes Services had been patched but that I had to restart my nodes (reboot the clusters) to complete the operation.
The first thing you need to know is that, when things like this happens, the Azure platform creates a file called /var/run/reboot-required in each of the nodes of your cluster.
Let’s start:
Create a folder for your new project # Open a command prompt an run:
mkdir kuberenetes.scale Create the project # cd kuberenetes.scale dotnet new api Add the references to KubernetesClient # dotnet add package KubernetesClient -v 1.5.18 dotnet restore Create a PodsController.cs with the following code # using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using k8s; using k8s.Models; using Microsoft.AspNetCore.JsonPatch; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; namespace kubernetes.scale { [Route("api/[controller]")] [ApiController] public class PodsController : ControllerBase { private KubernetesClientConfiguration k8sConfig = null; public PodsController(IConfiguration config) { // Reading configuration to know if running inside a cluster or in local mode. var useKubeConfig = bool.Parse(config["UseKubeConfig"]); if (!useKubeConfig) { // Running inside a k8s cluser k8sConfig = KubernetesClientConfiguration.InClusterConfig(); } else { // Running on dev machine k8sConfig = KubernetesClientConfiguration.BuildConfigFromConfigFile(); } } [HttpPatch("scale")] public IActionResult Scale([FromBody]ReplicaRequest request) { // Use the config object to create a client. using (var client = new Kubernetes(k8sConfig)) { // Create a json patch for the replicas var jsonPatch = new JsonPatchDocument<V1Scale>(); // Set the new number of repplcias jsonPatch.Replace(e => e.Spec.Replicas, request.Replicas); // Creat the patch var patch = new V1Patch(jsonPatch); // Patch the "minions" Deployment in the "default" namespace client.PatchNamespacedDeploymentScale(patch, request.Deployment, request.Namespace); return NoContent(); } } } public class ReplicaRequest { public string Deployment { get; set; } public string Namespace { get; set; } public int Replicas { get; set; } } } Replace the contents of the appsettings.Development.json file # Note the UseKubeConfig property is set to true.
Next Saturday the Global Azure Bootcamp will be celebrated all over the world and as in previous years their will be a Science Lab where we’ll try to discover a planet!!!. Isn’t that cool?
Well to make this fast you can run the Science Lab using Azure Container Instances following the instructions found here or you can use the following gist to run the workload in an existing kubernetes cluster:
If you install the Azure Application Gateway Ingress Controller for your AKS clusters you may want to expose more than one service through the same Public IP just changing the url path. In order to make this work you must use the backend-path-prefix annotation.
In the following sample I create an ingress with the following behavior:
In order to deploy a Persistent Volume in your AKS cluster using an existing Storage Account you should take the following steps:
Create a Storage Class with a reference to the Storage Account. Create a Secret with the credentials used to access the Storage Account. Create a Persistent Volume with a reference to the Storage Class, the secret and the File Share. Create a Persistent Volume Claim with a reference to the volume by name. Use the following yaml as a template for the resources described above. Save the contents as aks-existing-storage-account-pv.yaml: