All the configuration information required to create the pods/containers for SuperHero application in the AKS cluster are stored in the respective yaml files under "~/blackbelt-aks-hackfest/labs/helper-files" location in your jumpbox.
In this exercise, we will create a "kubernetes secret" to access the private Azure Container Registry(ACR) that you have already setup. We will also update the respective yaml files with the ACR and secret information for AKS to download and use the db, web and api images that you have uploaded to the ACR.
Perform these steps in the Jumpbox
In the Jumpbox edit
cd ~/blackbelt-aks-hackfest/labs/helper-files vi heroes-db.yaml
Review the yaml file and learn about some of the settings
Update the yaml file for the proper container image name
You will need to replace the
<login server>
with the ACR login server created in lab 2 -
containers: - image: name: heroes-db-cntnr
In the Jumpbox edit
cd ~/blackbelt-aks-hackfest/labs/helper-files vi heroes-web-api.yaml
Review the yaml file and learn about some of the settings. Note the environment variables that allow the services to connect
Update the yaml file for the proper container image names.
You will need to replace the
<login server>
with the ACR login server created in lab 2Note: You will need to update the image name at 2 places in the heroes-web-api.yaml to reference the web and api container images.
containers: - image: name: heroes-api-cntnr
containers: - image: name: heroes-web-cntnr
There are a few ways that AKS clusters can access your private Azure Container Registry. Generally the service account that kubernetes utilizes will have rights based on its Azure credentials. In our lab config, we must create a secret to allow this access.
In the Azure portal, navigate to the 'Access Keys' section of the Container Registry you have created to get the below values and update them in the shell:
# set these values to yours
Run the following command to create a secret key in the AKS cluster to access your ACR.
kubectl create secret docker-registry acr-secret --docker-server=$ACR_SERVER --docker-username=$ACR_USER --docker-password=$ACR_PWD
You can verify the secret by running the following command:
kubectl get secret
acr-secret 1 8s
default-token-xd8wk 3 53m
Note: You can review the
to see where theimagePullSecrets
are configured.
Use the kubectl CLI to deploy each app
cd ~/blackbelt-aks-hackfest/labs/helper-files kubectl apply -f heroes-db.yaml
Get mongodb pod name
kubectl get pods
NAME READY STATUS RESTARTS AGE heroes-db-deploy-2357291595-k7wjk 1/1 Running 0 3m
Assign pod name to variable MONGO_POD
Import data into MongoDB using script
# ensure the pod name variable is set to your pod name # once you exec into pod, run the `` script kubectl exec -it $MONGO_POD bash root@heroes-db-deploy-2357291595-xb4xm:/# ./ 2018-01-16T21:38:44.819+0000 connected to: localhost 2018-01-16T21:38:44.918+0000 imported 4 documents 2018-01-16T21:38:44.927+0000 connected to: localhost 2018-01-16T21:38:45.031+0000 imported 72 documents 2018-01-16T21:38:45.040+0000 connected to: localhost 2018-01-16T21:38:45.152+0000 imported 2 documents root@heroes-db-deploy-2357291595-xb4xm:/# exit
Use the kubectl CLI to deploy each app
cd ~/blackbelt-aks-hackfest/labs/helper-files kubectl apply -f heroes-web-api.yaml
Check to see if pods are running in your cluster
kubectl get pods
NAME READY STATUS RESTARTS AGE heroes-api-deploy-1140957751-2z16s 1/1 Running 0 2m heroes-db-deploy-2357291595-k7wjk 1/1 Running 0 3m heroes-web-1645635641-pfzf9 1/1 Running 0 2m
Check to see if services are deployed.
kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE api LoadBalancer 3000:31416/TCP 5m kubernetes ClusterIP <none> 443/TCP 12m mongodb ClusterIP <none> 27017/TCP 5m web LoadBalancer 8080:32404/TCP 5m
Refer the respective yaml files to understand how services got created as LoadBalancer and ClusterIP.
Browse to the External IP for your web application on port 8080 (eg: in this example) and try the app
The public IP can take a few minutes to create with a new cluster. Sit back and relax. Maybe check Facebook.
Now you have the SuperHero Rating App, which can be accessed via Internet from your AKS cluster.