diff --git a/_entries/02-05 challenge3.md b/_entries/02-05 challenge3.md index 1311100..542fba8 100644 --- a/_entries/02-05 challenge3.md +++ b/_entries/02-05 challenge3.md @@ -33,7 +33,49 @@ Use a combination of the available tools to setup alerting capabilities for your - Identify which pods are causing trouble ![Pod utilization](media/podmetrics.png) - + +#### View the live container logs + +If the cluster is RBAC enabled, you have to create the appropriate `ClusterRole` and `ClusterRoleBinding`. + +Save the YAML below as `logreader-rbac.yaml` or download it from [logreader-rbac.yaml](yaml-solutions/01. challenge-03/logreader-rbac.yaml) + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: containerHealth-log-reader +rules: + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: containerHealth-read-logs-global +roleRef: + kind: ClusterRole + name: containerHealth-log-reader + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: User + name: clusterUser + apiGroup: rbac.authorization.k8s.io +``` + +And deploy it using + +```sh +kubectl apply -f logreader-rbac.yaml +``` + +If you have a Kubernetes cluster that is not configured with Kubernetes RBAC authorization or integrated with Azure AD single-sign on, you do not need to follow the steps above. Because Kubernetes authorization uses the kube-api, read-only permissions is required. + +Head over to the AKS cluster on the Azure portal, click on **Insights** under **Monitoring**, click on the **Containers** tab and pick a container to view its live logs and debug what is going on. + +![media/livelogs.png] + {% endcollapsible %} > **Resources** diff --git a/_entries/03-01 acr.md b/_entries/03-01 acr.md index 353adf2..3241fa2 100644 --- a/_entries/03-01 acr.md +++ b/_entries/03-01 acr.md @@ -14,7 +14,7 @@ Instead of using the public Docker Hub registry, create your own private contain {% collapsible %} ```sh -az acr create --resource-group akschallenge --name --sku Standard +az acr create --resource-group akschallenge --name --sku Standard --location eastus ``` {% endcollapsible %} diff --git a/_entries/03-02 cicd.md b/_entries/03-02 cicd.md index d286a66..dc92984 100644 --- a/_entries/03-02 cicd.md +++ b/_entries/03-02 cicd.md @@ -20,11 +20,29 @@ You are required to create a robust DevOps pipeline supporting CI/CD to deploy c If you peek into the solutions, they're using Azure DevOps. You may choose doing the same process on Jenkins or another CI/CD tool of your choice. +#### Create an Azure DevOps account + +{% collapsible %} + +Go to and sign-in with your Azure subscription credentials. + +If this is your first time to provision an Azure DevOps account, you'll be taken through a quick wizard to create a new organization. + +![media/getstarted-devops.png] + +{% endcollapsible %} + +### Create a project + +Create a new private project, call it **azch-captureorder** + +![media/createproject.png] + #### Fork the source repositories on GitHub or import them to Azure Repos {% collapsible %} -Create a new project on Azure DevOps then import the code of `captureorder` service located at +Click on **Repos** then import the code of the `captureorder` service from the public GitHub repository located at ![Import repository to Azure Repos](media/cicd/0-import-repo.png) diff --git a/media/cicd/createproject.png b/media/cicd/createproject.png new file mode 100644 index 0000000..b22d586 Binary files /dev/null and b/media/cicd/createproject.png differ diff --git a/media/cicd/getstarted-devops.png b/media/cicd/getstarted-devops.png new file mode 100644 index 0000000..7540d6b Binary files /dev/null and b/media/cicd/getstarted-devops.png differ diff --git a/media/livelogs.png b/media/livelogs.png new file mode 100644 index 0000000..c1b28d2 Binary files /dev/null and b/media/livelogs.png differ diff --git a/yaml-solutions/01. challenge-03/logreader-rbac.yaml b/yaml-solutions/01. challenge-03/logreader-rbac.yaml new file mode 100644 index 0000000..3b620b0 --- /dev/null +++ b/yaml-solutions/01. challenge-03/logreader-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: containerHealth-log-reader +rules: + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: containerHealth-read-logs-global +roleRef: + kind: ClusterRole + name: containerHealth-log-reader + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: User + name: clusterUser + apiGroup: rbac.authorization.k8s.io