Aerospike Kubernetes Operator Command Line Tool
akoctl
is a Krew plugin for the Kubernetes Operator.
It provides multiple sub-commands to perform different functions related to Aerospike Kubernetes Operator and Aerospike Kubernetes Cluster.
There are two ways to grant permission for the target namespaces:
Using kubectlโ
The procedure to use the namespace aerospike
is as follows:
Create the namespaceโ
Create the Kubernetes namespace if not already created:
kubectl create namespace aerospike
Create a service accountโ
kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager
Create RoleBinding/ClusterRoleBinding for Aerospike clusterโ
Next, create a RoleBinding or ClusterRoleBinding as per requirement to attach this service account to ClusterRole aerospike-cluster
.
This ClusterRole is created as part of AKO installation and grants Aerospike cluster permission to service account.
- For using Kubernetes native Pod only network to connect to Aerospike cluster create RoleBinding:
kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
- For connecting to Aerospike cluster from outside Kubernetes create ClusterRoleBinding:
kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
For attaching multiple service accounts of different namespaces in one go, add multiple --serviceaccount
params in above command
Example: To attach service accounts of aerospike and aerospike1 namespace
kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager --serviceaccount=aerospike1:aerospike-operator-controller-manager
If the required ClusterRoleBinding already exists in cluster, edit it to attach new service account:
kubectl edit clusterrolebinding aerospike-cluster
This command launches an editor. Append the following lines to the subjects section:
# A new entry for aerospike.
# Replace aerospike with your namespace
- kind: ServiceAccount
name: aerospike-operator-controller-manager
namespace: aerospike
Save and ensure that the changes are applied.
Using akoctl pluginโ
For instructions on installing the akoctl
plugin, refer to akoctl installation.
The procedure to use the namespace aerospike
is as follows:
- For using Kubernetes native Pod only network to connect to Aerospike cluster grant namespace scope permission:
kubectl akoctl auth create -n aerospike --cluster-scope=false
- For connecting to Aerospike cluster from outside Kubernetes grant cluster scope permission:
kubectl akoctl auth create -n aerospike
For granting permission of multiple namespaces in one go, specify comma separated namespace list in -n
param
Example: To grant permission for aerospike and aerospike1 namespace
kubectl akoctl auth create -n aerospike,aerospike1
Install with Krew plugin managerโ
Install Krew.
Follow the Krew setup instructions here.
Install
akoctl
:
kubectl krew index add akoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git
kubectl krew index list
INDEX URL
akoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git
default https://github.com/kubernetes-sigs/krew-index.git
kubectl krew install akoctl/akoctl
Updated the local copy of plugin index "akoctl".
Updated the local copy of plugin index.
Installing plugin: akoctl
Installed plugin: akoctl
\
| Use this plugin:
| kubectl akoctl
| Documentation:
| https://github.com/aerospike/aerospike-kubernetes-operator-ctl
/
Upgrade to latest version if already installedโ
kubectl krew upgrade akoctl
Available sub-commandsโ
Global Flags:โ
The global flags in the following table are associated with akoctl
.
Flag | Shorthand | Type | Description |
---|---|---|---|
all-namespaces | -A | bool | Specify whether to get logs from all Kubernetes namespaces. Either this flag or namespaces is mandatory. |
namespaces | -n | string | Comma-separated list of Kubernetes namespaces to operate in. Either this flag or all-namespaces is mandatory. |
kubeconfig | string | Absolute path to the kubeconfig file. | |
cluster-scope | bool | Permission to work in cluster scoped mode (operate on cluster scoped resources like ClusterRoleBinding). Default true. |
collectinfo
sub-commandโ
akoctl
uses the collectinfo
command to collect logs and objects from a given namespace and cluster-scoped resources.
collectinfo
collects the following data:
- All container logs
- All event logs
- Inventory of the following objects:
Namespace Scoped Cluster Scoped Pods Nodes StatefulSets PersistentVolumes Deployments StorageClasses PersistentVolumeClaims MutatingWebhookConfigurations Services ValidatingWebhookConfigurations AerospikeClusters
asadm
collectinfo
commandโ
akoctl
and asadm
each use the collectinfo
command, but the types of information returned are different.
The akoctl
collectinfo
command focuses on Kubernetes-specific information. The asadm
collectinfo
command returns detailed information about the system performance, network information, filesystem, and operating system of an individual machine.
- Use the following command to get the
asadm
collectinfo
file from a Kubernetes cluster:
kubectl -n <kubernetes-namespace-name> exec -it <podname> -- asadm -e collectinfo -U <username> -P <password>
- Extract the file from the cluster:
kubectl cp <kubernetes-namespace-name>/<podname>:/tmp <localdirectory> -c <container-name> -n <kubernetes-namespace-name>
Requirementsโ
akoctl
inherits the user's kubectl
permissions. If a user cannot access a particular resource, its logs do not appear in the akoctl
results.
- Current user should have the list and get permission for all the objects collected by the command.
- If cluster-scope flag is set, along with the previously mentioned permissions, user should have list and get permission for cluster-scoped resources like Nodes and StorageClasses.
kubectl
binary should be available in the system PATH environment variable.
Associated Flagsโ
Flag | Shorthand | Type | Description |
---|---|---|---|
path | string | Absolute path to save output tar file. |
Example:
kubectl akoctl collectinfo -n aerospike,olm --path ~/sample-directory/
This creates a timestamped tar file called scraperlogs-<timestamp>
and saves it in the ~/sample-directory/
directory.
The directory structure appears as follows:
akoctl_collectinfo
โโโ akoctl.log
โโโ k8s_cluster
โย ย โโโ nodes
โย ย โย ย โโโ <node1 name>.yaml
โย ย โย ย โโโ <node2 name>.yaml
โย ย โโโ storageclasses
โย ย โโโ <storageclass name>.yaml
โย ย โโโ mutatingwebhookconfigurations
โย ย โโโ <mutatingwebhook name>.yaml
โย ย โโโ validatingwebhookconfigurations
โย ย โโโ <validatingwebhook name>.yaml
โย ย โโโ persistentvolumes
โย ย โโโ <persistentvolume name>.yaml
โย ย โโโ summary
โย ย โโโ summary.txt
โโโ k8s_namespaces
โโโ aerospike
โโโ aerospikeclusters
โย ย โโโ <aerospikecluster name>.yaml
โโโ persistentvolumeclaims
โย ย โโโ <pvc name>.yaml
โโโ pods
โย ย โโโ <pod name>
โย ย โย ย โโโ <pod name>.yaml
โย ย โย ย โโโ logs
โย ย โย ย โโโ previous
โย ย โย ย โย ย โโโ <container name>.log
โย ย โย ย โโโ <container name>.log
โโโ statefulsets
โย ย โโโ <sts name>.yaml
โโโ deployments
โย ย โโโ <deployment name>.yaml
โโโ services
โย ย โโโ <service name>.yaml
โโโ summary
โย ย โโโ summary.txt
โย ย โโโ events.txt
โโโโโโโโโโโโโโโโโโโโโโโโโโโ
auth
sub-commandโ
akoctl
uses the auth
command to create and delete RBAC resources for the Aerospike cluster for the given namespaces.
It creates/deletes ServiceAccount, RoleBinding or ClusterRoleBinding as per given scope of operation.
There are 2 sub-commands associated with auth
command:
create
- Creates and updates RBAC resources for the given namespaces.delete
- Deletes RBAC resources for the given namespaces.
If cluster-scope is set (default true), the auth
command grants cluster level RBAC.
In case of cluster-scope
false, it grants namespace level RBAC.
Requirements:โ
akoctl inherits the user's kubectl permissions. If a user doesn't have RBAC access, it cannot grant RBAC for that resource.
- Current user should have the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and RoleBinding.
- If the cluster-scope flag is set, user should have the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and ClusterRoleBinding.
The following example creates namespace-scope RBAC resources for the aerospike
namespace:
kubectl akoctl auth create -n aerospike --cluster-scope=false
The following example creates cluster-scope RBAC resources for the aerospike
namespace:
kubectl akoctl auth create -n aerospike
The following example deletes namespace-scope RBAC resources for the aerospike
namespace:
kubectl akoctl auth delete -n aerospike --cluster-scope=false
The following example deletes cluster-scope RBAC resources for the aerospike
namespace:
kubectl akoctl auth delete -n aerospike