Skip to main content
We are excited to be a part of AWS re:Invent 2024. Visit us at booth #1844 in Las Vegas.More info
Loading
Version: Operator 3.4.0

Aerospike Kubernetes Operator Command Line Tool

akoctl is a Krew plugin for AKO. It provides multiple sub-commands to perform different functions related to AKO and Aerospike Kubernetes clusters.

There are two ways to grant permission for the target namespaces:

  1. Using kubectl
  2. Using akoctl plugin

Using kubectlโ€‹

The procedure to use the namespace aerospike is as follows:

Create the namespaceโ€‹

Create the Kubernetes namespace if not already created:

kubectl create namespace aerospike

Create a service accountโ€‹

kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager

Create RoleBinding/ClusterRoleBinding for Aerospike clusterโ€‹

Next, create a RoleBinding or ClusterRoleBinding as per requirement to attach this service account to ClusterRole aerospike-cluster. This ClusterRole is created as part of AKO installation and grants Aerospike cluster permission to service account.

  • For using Kubernetes native Pod only network to connect to Aerospike cluster create RoleBinding:
kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
  • For connecting to Aerospike cluster from outside Kubernetes create ClusterRoleBinding:
kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
tip

For attaching multiple service accounts of different namespaces in one go, add multiple --serviceaccount params in above command

Example: To attach service accounts of aerospike and aerospike1 namespace
kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager --serviceaccount=aerospike1:aerospike-operator-controller-manager

If the required ClusterRoleBinding already exists in cluster, edit it to attach new service account:

kubectl edit clusterrolebinding aerospike-cluster

This command launches an editor. Append the following lines to the subjects section:

  # A new entry for aerospike.
  # Replace aerospike with your namespace
- kind: ServiceAccount
  name: aerospike-operator-controller-manager
  namespace: aerospike

Save and ensure that the changes are applied.

Using akoctl pluginโ€‹

For instructions on installing the akoctl plugin, see akoctl installation.

The procedure to use the namespace aerospike is as follows:

  • For using Kubernetes native Pod only network to connect to Aerospike cluster grant namespace scope permission:
kubectl akoctl auth create -n aerospike --cluster-scope=false
  • For connecting to Aerospike cluster from outside Kubernetes grant cluster scope permission:
kubectl akoctl auth create -n aerospike
tip

For granting permission of multiple namespaces in one go, specify comma separated namespace list in -n param

Example: To grant permission for aerospike and aerospike1 namespace
kubectl akoctl auth create -n aerospike,aerospike1

Install with Krew plugin managerโ€‹

  1. Install Krew.

    Follow the Krew setup instructions here.

  2. Install akoctl:

kubectl krew index add akoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git
kubectl krew index list
INDEX    URL
akoctl   https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git
default  https://github.com/kubernetes-sigs/krew-index.git
kubectl krew install akoctl/akoctl
Updated the local copy of plugin index "akoctl".
Updated the local copy of plugin index.
Installing plugin: akoctl
Installed plugin: akoctl
\
| Use this plugin:
|   kubectl akoctl
| Documentation:
|   https://github.com/aerospike/aerospike-kubernetes-operator-ctl
/

Upgrade to latest version if already installedโ€‹

kubectl krew upgrade akoctl

Available sub-commandsโ€‹

Global Flags:โ€‹

The global flags in the following table are associated with akoctl.

FlagShorthandTypeDescription
all-namespaces-AboolSpecify whether to get logs from all Kubernetes namespaces. Either this flag or namespaces is mandatory.
namespaces-nstringComma-separated list of Kubernetes namespaces to operate in. Either this flag or all-namespaces is mandatory.
kubeconfigstringAbsolute path to the kubeconfig file.
cluster-scopeboolPermission to work in cluster scoped mode (operate on cluster scoped resources like ClusterRoleBinding). Default true.

collectinfo sub-commandโ€‹

akoctl uses the collectinfo command to collect logs and objects from a given namespace and cluster-scoped resources. collectinfo collects the following data:

  • All container logs
  • All event logs
  • Inventory of the following objects:
    Namespace ScopedCluster Scoped
    PodsNodes
    StatefulSetsPersistentVolumes
    DeploymentsStorageClasses
    PersistentVolumeClaimsMutatingWebhookConfigurations
    ServicesValidatingWebhookConfigurations
    AerospikeClusters

asadm collectinfo commandโ€‹

akoctl and asadm each use the collectinfo command, but the types of information returned are different. The akoctl collectinfo command focuses on Kubernetes-specific information. The asadm collectinfo command returns detailed information about the system performance, network information, filesystem, and operating system of an individual machine.

  1. Use the following command to get the asadm collectinfo file from a Kubernetes cluster:
kubectl -n <kubernetes-namespace-name> exec -it <podname> -- asadm -e collectinfo -U <username> -P <password>
  1. Extract the file from the cluster:
kubectl cp <kubernetes-namespace-name>/<podname>:/tmp <localdirectory> -c <container-name> -n <kubernetes-namespace-name>

Requirementsโ€‹

akoctl inherits the user's kubectl permissions. If a user cannot access a particular resource, its logs do not appear in the akoctl results.

  • You must have permissions for all the objects collected by the command.
  • If the cluster-scope flag is set, along with the previously mentioned permissions, you must have permissions for cluster-scoped resources like Nodes and StorageClasses.
  • The kubectl binary should be available in the system PATH environment variable.

Associated Flagsโ€‹

FlagShorthandTypeDescription
pathstringAbsolute path to save output tar file.

Example:

kubectl akoctl collectinfo -n aerospike,olm --path ~/sample-directory/

This creates a timestamped tar file called scraperlogs-TIMESTAMP and saves it in the ~/sample-directory/ directory. The directory structure appears as follows:

akoctl_collectinfo
โ”œโ”€โ”€ akoctl.log
โ”œโ”€โ”€ k8s_cluster
โ”‚ย ย  โ”œโ”€โ”€ nodes
โ”‚ย ย  โ”‚ย ย  โ”œโ”€โ”€ <node1 name>.yaml
โ”‚ย ย  โ”‚ย ย  โ””โ”€โ”€ <node2 name>.yaml
โ”‚ย ย  โ””โ”€โ”€ storageclasses
โ”‚ย ย      โ”œโ”€โ”€ <storageclass name>.yaml
โ”‚ย ย  โ””โ”€โ”€ mutatingwebhookconfigurations
โ”‚ย ย      โ”œโ”€โ”€ <mutatingwebhook name>.yaml
โ”‚ย ย  โ””โ”€โ”€ validatingwebhookconfigurations
โ”‚ย ย      โ”œโ”€โ”€ <validatingwebhook name>.yaml
โ”‚ย ย  โ””โ”€โ”€ persistentvolumes
โ”‚ย ย      โ”œโ”€โ”€ <persistentvolume name>.yaml
โ”‚ย ย  โ””โ”€โ”€ summary
โ”‚ย ย      โ”œโ”€โ”€ summary.txt
โ””โ”€โ”€ k8s_namespaces
    โ””โ”€โ”€ aerospike
        โ”œโ”€โ”€ aerospikeclusters
        โ”‚ย ย  โ”œโ”€โ”€ <aerospikecluster name>.yaml
        โ”œโ”€โ”€ persistentvolumeclaims
        โ”‚ย ย  โ”œโ”€โ”€ <pvc name>.yaml
        โ”œโ”€โ”€ pods
        โ”‚ย ย  โ”œโ”€โ”€ <pod name>
        โ”‚ย ย  โ”‚ย ย  โ”œโ”€โ”€ <pod name>.yaml
        โ”‚ย ย  โ”‚ย ย  โ””โ”€โ”€ logs
        โ”‚ย ย  โ”‚ย ย      โ”œโ”€โ”€ previous
        โ”‚ย ย  โ”‚ย ย      โ”‚ย ย  โ””โ”€โ”€ <container name>.log
        โ”‚ย ย  โ”‚ย ย      โ””โ”€โ”€ <container name>.log
        โ””โ”€โ”€ statefulsets
        โ”‚ย ย  โ”œโ”€โ”€ <sts name>.yaml
        โ””โ”€โ”€ deployments
        โ”‚ย ย  โ”œโ”€โ”€ <deployment name>.yaml
        โ””โ”€โ”€ services
        โ”‚ย ย  โ”œโ”€โ”€ <service name>.yaml
        โ””โ”€โ”€ summary
        โ”‚ย ย  โ”œโ”€โ”€ summary.txt
        โ”‚ย ย  โ”œโ”€โ”€ events.txt
        โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

auth sub-commandโ€‹

akoctl uses the auth command to create and delete RBAC resources for the Aerospike cluster for the given namespaces. It creates and deletes ServiceAccount, RoleBinding or ClusterRoleBinding as per given scope of operation.

There are two sub-commands associated with auth command:

  • create - Creates and updates RBAC resources for the given namespaces.
  • delete - Deletes RBAC resources for the given namespaces.

If cluster-scope is set (default true), the auth command grants cluster level RBAC. In case of cluster-scope false, it grants namespace level RBAC.

Requirements:โ€‹

akoctl inherits the user's kubectl permissions. If a user does not have RBAC access, kubectl cannot grant RBAC for that resource.

  • You must have the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and RoleBinding.
  • If the cluster-scope flag is set, you need the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and ClusterRoleBinding.

The following examples show how to modify RBAC resources for the aerospike namespace.

Create a namespace-scope resource:

kubectl akoctl auth create -n aerospike --cluster-scope=false

Create a cluster-scope RBAC resource:

kubectl akoctl auth create -n aerospike

Delete a namespace-scope RBAC resource:

kubectl akoctl auth delete -n aerospike --cluster-scope=false

Delete a cluster-scope RBAC resource:

kubectl akoctl auth delete -n aerospike