# Aerospike Kubernetes Operator Command Line Tool `akoctl` is a [Krew](https://krew.sigs.k8s.io/) plugin for Aerospike Kubernetes Operator (AKO). It provides multiple sub-commands to perform different functions related to AKO and Aerospike Kubernetes clusters. ### Install akoctl with Krew plugin manager 1. Install Krew. Follow the [Krew setup instructions here](https://krew.sigs.k8s.io/docs/user-guide/setup/install/). 2. Install `akoctl`: Terminal window ```shell kubectl krew index add akoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git ``` Terminal window ```shell kubectl krew index list ``` Terminal window ```console INDEX URL akoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git default https://github.com/kubernetes-sigs/krew-index.git ``` Terminal window ```shell kubectl krew install akoctl/akoctl ``` Terminal window ```console Updated the local copy of plugin index "akoctl". Updated the local copy of plugin index. Installing plugin: akoctl Installed plugin: akoctl \ | Use this plugin: | kubectl akoctl | Documentation: | https://github.com/aerospike/aerospike-kubernetes-operator-ctl / ``` ### Upgrade to latest version if already installed Terminal window ```shell kubectl krew upgrade akoctl ``` ## Available sub-commands - [collectinfo](#collectinfo-sub-command) - [auth](#auth-sub-command) ## Global Flags: The global flags in the following table are associated with `akoctl`. | Flag | Shorthand | Type | Description | | --- | --- | --- | --- | | `all-namespaces` | `-A` | bool | Specify whether to get logs from all Kubernetes namespaces. Either this flag or `namespaces` is mandatory. | | `namespaces` | `-n` | string | Comma-separated list of Kubernetes namespaces to operate in. Either this flag or `all-namespaces` is mandatory. | | `kubeconfig` | | string | Absolute path to the kubeconfig file. | | `cluster-scope` | | bool | Permission to work in cluster-scoped mode (operate on cluster-scoped resources like ClusterRoleBinding). Default `true`. | ## `collectinfo` sub-command `akoctl` uses the `collectinfo` command to collect logs and objects from a given namespace and cluster-scoped resources. `collectinfo` collects the following data: - All container logs - All event logs - Inventory of the following objects: | Namespace-scoped | Cluster-scoped | | --- | --- | | Pods | Nodes | | StatefulSets | PersistentVolumes | | Deployments | StorageClasses | | PersistentVolumeClaims | MutatingWebhookConfigurations | | Services | ValidatingWebhookConfigurations | | AerospikeClusters | CustomResourceDefinitions | | AerospikeBackupServices | | | AerospikeBackups | | | AerospikeRestores | | | ConfigMaps | | | PodDisruptionBudgets | | ### `asadm` `collectinfo` command `akoctl` and [`asadm`](https://aerospike.com/docs/database/tools/asadm) each use the `collectinfo` command, but the types of information returned are different. The `akoctl` `collectinfo` command focuses on Kubernetes-specific information. The `asadm` `collectinfo` command returns detailed information about the system performance, network information, filesystem, and operating system of an individual machine. 1. Use the following command to get the `asadm` `collectinfo` file from a Kubernetes cluster: Terminal window ```bash kubectl -n exec -it -- asadm -e collectinfo -U -P ``` 2. Extract the file from the cluster: Terminal window ```bash kubectl cp /:/tmp -c -n ``` ### Requirements `akoctl` inherits the user’s `kubectl` permissions. If a user cannot access a particular resource, its logs do not appear in the `akoctl` results. - You must have permissions for all the objects collected by the command. - If the `cluster-scope` flag is set, along with the previously mentioned permissions, you must have permissions for cluster-scoped resources like Nodes and StorageClasses. - The `kubectl` binary should be available in the system PATH environment variable. ### Associated flags | Flag | Shorthand | Type | Description | | --- | --- | --- | --- | | `path` | | string | Absolute path to save output tar file. | Example: ```plaintext kubectl akoctl collectinfo -n aerospike,olm --path ~/sample-directory/ ``` This creates a timestamped tar file called `scraperlogs-TIMESTAMP` and saves it in the `~/sample-directory/` directory. The directory structure appears as follows: - Directoryakoctl\_collectinfo - akoctl.log - Directoryk8s\_cluster - Directorynodes - NODE1\_NAME.yaml - NODE2\_NAME.yaml - Directorystorageclasses - STORAGE\_CLASS\_NAME.yaml - Directorymutatingwebhookconfigurations - MUTATING\_WEBHOOK\_NAME.yaml - Directoryvalidatingwebhookconfigurations - VALIDATING\_WEBHOOK\_NAME.yaml - Directorypersistentvolumes - PERSISTENTVOLUME\_NAME.yaml - Directorycustomresourcedefinitions - aerospikeclusters.asdb.aerospike.com.yaml - aerospikebackupservices.asdb.aerospike.com.yaml - aerospikebackups.asdb.aerospike.com.yaml - aerospikerestores.asdb.aerospike.com.yaml - Directorysummary - summary.txt - Directoryk8s\_namespaces - Directoryaerospike - Directoryaerospikeclusters - AEROSPIKECLUSTER\_NAME.yaml - Directoryaerospikebackupservices - AEROSPIKEBACKUPSERVICE\_NAME.yaml - Directoryaerospikebackups - AEROSPIKEBACKUP\_NAME.yaml - Directoryaerospikerestores - AEROSPIKERESTORE\_NAME.yaml - Directorypersistentvolumeclaims - PVC\_NAME.yaml - Directorypods - DirectoryPOD\_NAME - POD\_NAME.yaml - Directorylogs - Directoryprevious - CONTAINER\_NAME.log - CONTAINER\_NAME.log - Directorystatefulsets - STS\_NAME.yaml - Directorydeployments - DEPLOYMENT\_NAME.yaml - Directoryservices - SERVICE\_NAME.yaml - Directoryconfigmaps - CONFIGMAP\_NAME.yaml - Directorypoddisruptionbudgets - PDB\_NAME.yaml - Directorysummary - summary.txt - events.txt ## `auth` sub-command `akoctl` uses the `auth` command to create and delete RBAC resources for the Aerospike cluster for the given namespaces. It creates and deletes ServiceAccount, RoleBinding or ClusterRoleBinding as per given scope of operation. There are two sub-commands associated with `auth` command: - `create` - Creates and updates RBAC resources for the given namespaces. - `delete` - Deletes RBAC resources for the given namespaces. If **cluster-scope** is set (default true), the `auth` command grants cluster level RBAC. In case of `cluster-scope` false, it grants namespace level RBAC. ### Requirements: `akoctl` inherits the user’s kubectl permissions. If a user does not have RBAC access, kubectl cannot grant RBAC for that resource. - You must have the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and RoleBinding. - If the `cluster-scope` flag is set, you need the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and ClusterRoleBinding. The following examples show how to modify RBAC resources for the `aerospike` namespace. Create a namespace-scope resource: Terminal window ```sh kubectl akoctl auth create -n aerospike --cluster-scope=false ``` Create a cluster-scope RBAC resource: Terminal window ```sh kubectl akoctl auth create -n aerospike ``` Delete a namespace-scope RBAC resource: Terminal window ```sh kubectl akoctl auth delete -n aerospike --cluster-scope=false ``` Delete a cluster-scope RBAC resource: Terminal window ```sh kubectl akoctl auth delete -n aerospike ```