I'm trying to follow theses instructions to reduce the costs of an AKS cluster and I'm getting the error in the title.
Since this command (step 1) did not work I did the register command below.
az provider list --query "[?contains(namespace,'Microsoft.ContainerInstance')]" -o table
] was unexpected at this time.
C:\Users\shein> "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\\..\python.exe" -IBm azure.cli
provider list --query [?contains(namespace,'Microsoft.ContainerInstance')] -o table
I then switched from powershell to cygwin bash.
I just did a
az provide list
and did a manual search and concluded the next step was necessary:
az.cmd provider register --namespace Microsoft.ContainerInstance
Since I'm using my existing resource group I did not create a new one.
I created a new service principle. The directions did not specify a name and I specified a name:
az.cmd ad sp create-for-rbac --skip-assignment --name ClusterServicePrincipal-todo-0003-skip-assignment
I created some environment variables:
AZ_NETWORK_NAME=ToDoVNet
AZ_NETWORK_BASE_ADDRESS=10.0.0.0
AZ_NETWORK_SUBNET_NAME=ToDoAKSSubnet
AZ_NETWORK_SUBNET_BASE_ADDRESS=10.240.0.0
I created a virtual network:
az.cmd network vnet create --resource-group $AZ_RESOURCE_GROUP_NAME --name
$AZ_NETWORK_NAME --address-prefixes $AZ_NETWORK_BASE_ADDRESS/8 --subnet-name
$AZ_NETWORK_SUBNET_NAME --subnet-prefix $AZ_NETWORK_SUBNET_BASE_ADDRESS/16
The results looked fine. I'm not sure about security and posting the JSON results of this (and other) command... What sorts of things do I not want to post? I think I don't want to post AppIDs and security principle secrets... what else?
Ok more env vars:
AZ_NETWORK_VNODE_SUBNET_NAME=ToDoVirtualNodeSubnet
AZ_NETWORK_SUBNET_VNODE_BASE_ADDRESS=10.241.0.0
Create another virtual subnet:
az.cmd network vnet subnet create --resource-group $AZ_RESOURCE_GROUP_NAME --vnet-name $AZ_NETWORK_NAME --name $AZ_NETWORK_VNODE_SUBNET_NAME --address-prefixes $AZ_NETWORK_SUBNET_VNODE_BASE_ADDRESS/16
The resulting JSON looked fine...
It looks like the purpose of this command it to fetch the network name -- but I already know that!
az.cmd network vnet show --resource-group $AZ_RESOURCE_GROUP_NAME --name $AZ_NETWORK_NAME --query id -o tsv
I get
/subscriptions/<looks like a UUID>/resourceGroups/rg-todo-temp/providers/Microsoft.Network/virtualNetworks/ToDoVNet
So that is that number that looks like a UUID? Is this the APPID of the network I just created? I assigned this to a new environment variable called AZ_NETWORK_APPID.
az.cmd role assignment create --assignee $AZ_NETWORK_APPID --scope $AZ_NETWORK_NAME --role Contributor
ResourceNotFoundError: The request did not have a subscription or a valid tenant level resource provider.
OK, the directions mentioned that APPID in the last two steps... OK, I'll try again and use the APPID of the newly created service principal:
az.cmd role assignment create --assignee $AZ_SP_APPID --scope $AZ_NETWORK_NAME --role Contributor
ResourceNotFoundError: The request did not have a subscription or a valid tenant level resource provider
No luck... What am I doing wrong?
Oh, I forgot to mention: I'm running azure-cli 2.14.2 and the directions say 2.0.49 or later... looks like I'm good.
Tue Dec 14 2020 evening update:
Yahoo! It works.... More questions:
(1) Is it possible to specify "--nodecount 0" and have 100% serverless (virtual) AKS cluster so there are no compute charges when it is idle?
(2) Will new virtual nodes be added as needed as I create more deployments of various applications?
(3) What is special about 172.17.0.1 (docker-bridge-address)? Is this specific to Docker?
(4) Where do the values for the 10.0.0/16 and 10.0.0.10 for the service-cidr & dns-service come from? Could I have just as easily have used 192.168.0.0/16 and 192.168.0.10?
(5) Where are the parameters that control how long a virtual node is idle before there are no more compute charges?
(6) Can I specify different node sizes (using "--node-vm-size -s" perhaps?) for virtual and non-virtual nodes?
(7) Is there any thing special about aci-hello-world images that allows it to run in a virtual node? I'm worried because I'm not familiar with the ACI feature...
(8) I believe the only thing I have to do to my ASP.NET web apps is to deploy them with the new magic nodeSelector and tolerations yaml clauses? Do I just cut and paste this fragment into my yaml deployment files and then it will run on the virtual nodes?
nodeSelector:
kubernetes.io/role: agent
beta.kubernetes.io/os: linux
type: virtual-kubelet
tolerations:
- key: virtual-kubelet.io/provider
operator: Exists
- key: azure.com/aci
effect: NoSchedule
Thanks
Siegfried