kubectl-az/README.md

6.8 KiB

Azure Kubernetes Service (AKS) kubectl plugin

kubectl-aks is a kubectl plugin that provides a set of commands that enable users to interact with an AKS cluster even when the control plane is not functioning as expected. For example, users can still use the plugin to debug their cluster if the API server is not working correctly. This plugin allows users to perform various tasks, retrieve information, and execute commands against the cluster nodes, regardless of the control plane's state.

It's important to note that this plugin does not replace the Azure CLI, az. Instead, it complements it by offering additional commands and providing users with a kubectl-like experience. In practice, users will use az to create and delete their AKS cluster, and then use kubectl and kubectl-aks to interact with and debug it.

Going through the following documentation will help you to understand each available command and which one is the most suitable for your case:

Take into account that kubectl-aks expects the cluster to use virtual machine scale sets, which is the case of an AKS cluster.

You can get the node information needed to execute the commands directly from the Azure portal or you can let kubectl-aks get that information for you. If you already have such a information, you can pass it using the flags or environment variables. If you don't have it, kubectl-aks can retrieve it either from the Azure API or the Kubernetes API server. If you expect to use the same node multiple times, it is recommended to import the node information in the configuration file and set it as the default node, see the config command for further details.

Install

There is multiple ways to install the kubectl-aks.

Using krew

krew is the recommended way to install kubectl-aks. You can follow the krew's quickstart to install it and then install kubectl-aks by executing the following command:

kubectl krew install aks
kubectl aks version

It can be uninstalled using the following command:

kubectl krew uninstall aks

Install a specific release

It is possible to download the asset for a given release and platform from the releases page, uncompress and move the kubectl-aks executable to any folder in your $PATH.

VERSION=$(curl -s https://api.github.com/repos/azure/kubectl-aks/releases/latest | jq -r .tag_name)
curl -sL https://github.com/azure/kubectl-aks/releases/latest/download/kubectl-aks-linux-amd64-${VERSION}.tar.gz | sudo tar -C ${HOME}/.local/bin -xzf - kubectl-aks
kubectl aks version

It can be uninstalled by using the following command:

rm ${HOME}/.local/bin/kubectl-aks

Compile from source

To build kubectl-aks from source, you'll need to have a Golang version 1.17 or higher installed:

git clone https://github.com/Azure/kubectl-aks.git
cd kubectl-aks
# Build and copy the resulting binary in $HOME/.local/bin/
make install
kubectl aks version

It can be uninstalled by using the following command:

make uninstall

Usage

$ kubectl aks --help
Azure Kubernetes Service (AKS) kubectl plugin

Usage:
  kubectl-aks [command]

Available Commands:
  check-apiserver-connectivity Check connectivity between the nodes and the Kubernetes API Server
  completion                   Generate the autocompletion script for the specified shell
  config                       Manage configuration
  help                         Help about any command
  run-command                  Run a command in a node
  version                      Show version

Flags:
  -h, --help   help for kubectl-aks

Use "kubectl-aks [command] --help" for more information about a command.

It is necessary to sign in to Azure to run any kubectl-aks command. To do so, you can use any authentication method provided by the Azure CLI using the az login command; see further details here. However, if you do not have the Azure CLI or have not signed in yet, kubectl-aks will open the default browser and load the Azure sign-in page where you need to authenticate.

Permissions

In order to run kubectl-aks commands, the user/service principal must have the permissions to perform the following operations:

  • Run command on the instances: Microsoft.Compute/virtualMachineScaleSets/virtualmachines/runCommand/action
  • List Virtual Machine Scale Sets (VMSS): Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read
  • List Virtual Machine Scale Set Instances (VMSS Instances): Microsoft.Compute/virtualMachineScaleSets/read

Normally if you are using built-in roles e.g Contributor, you should have the above permissions. However, if you are using custom roles for a service principal, you need to make sure that the permissions are granted.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.