Accessing from laptop
In this guide, you will learn how to access Gjensidige's Azure Kubernetes Service (AKS) clusters from your developer laptop. Some commands used in this guide contains placeholder values for cluster information. These values should be replaced with values from Clusters Overview.
Download and install required tools
The following tools are required to complete this guide and must be installed on your laptop:
- Azure CLI -
az - The Kubernetes command-line tool -
kubectl - Credential plugin for Azure authentication -
kubelogin
You can use az aks install-cli command to install kubectl and kubelogin.
Azure login
Login to Azure from your command line by executing the following commands:
az loginaz account set --subscription "<subscription name>"
Configure kubelogin
kubelogin convert-kubeconfig -l azurecli
Access cluster resources
Download cluster credentials to your laptop and query cluster resources:
az aks get-credentials --name <cluster name> --resource-group <cluster resource group name>kubectl get all --namespace <your team namespace>
kubectl Cheat Sheet is a great resource for learning how to use and getting better at using kubectl
Edit cluster resources or getting a shell to a container
Doing persistent changes on cluster resources manually are not allowed. The only reason for doing changes manually is for debugging purposes, otherwise CI/CD should always be used. If you do changes manually, they will most probably be lost when clusters are upgraded.
If you need to edit cluster resources for debugging purposes or use kubectl exec to get a shell to a running container you have to elevate your permissions. This is done by invoking Just In Time Access with Azure Privileged Identity Management:
- Go to the Azure Portal
- Navigate to "All Services" and find "Privileged Identity Management"
- Navigate to "My roles" and then "Privileged access groups"
- Click "Activate" and provide a valid justification for your need to edit cluster resources
- Delete your kube tokens with:
kubelogin remove-tokens