Aerospike Kubernetes Operator Command Line Tool
akoctl is a Krew plugin for AKO.
It provides multiple sub-commands to perform different functions related to AKO and Aerospike Kubernetes clusters.
You can use the kubectl or akoctl tools to grant permissions for the aerospike namespace.
-
Create the Kubernetes namespace if not already created.
kubectl create namespace aerospike -
Create a service account.
kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager -
Create a RoleBinding or ClusterRoleBinding to attach this service account to the
aerospike-clusterClusterRole. This ClusterRole is created as part of AKO installation and grants Aerospike cluster permissions to the service account.- For using the Kubernetes native, pod-only network to connect to the Aerospike cluster, create a RoleBinding with the following command:
kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager-
For connecting to the Aerospike cluster from outside Kubernetes, create a ClusterRoleBinding with the following command:
kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
-
If the required ClusterRoleBinding already exists in the cluster, edit it to attach a new service account.
kubectl edit clusterrolebinding aerospike-cluster -
The
kubectl editcommand launches an editor. Append the following lines to thesubjectssection:kind: ServiceAccountname: aerospike-operator-controller-managernamespace: aerospike -
Save and ensure that the changes are applied.
For instructions on installing the akoctl plugin, see akoctl installation.
-
For using the Kubernetes native, pod-only network to connect to the Aerospike cluster, grant namespace scope permissions:
kubectl akoctl auth create -n aerospike --cluster-scope=false -
For connecting to the Aerospike cluster from outside Kubernetes, grant cluster scope permissions:
kubectl akoctl auth create -n aerospikeTo grant permissions for multiple namespaces at the same time, specify a comma-separated namespace list with the
-nflag.kubectl akoctl auth create -n aerospike,aerospike1
Install with Krew plugin manager
-
Install Krew.
Follow the Krew setup instructions here.
-
Install
akoctl:Terminal window kubectl krew index add akoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.gitTerminal window kubectl krew index listTerminal window INDEX URLakoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.gitdefault https://github.com/kubernetes-sigs/krew-index.gitTerminal window kubectl krew install akoctl/akoctlTerminal window Updated the local copy of plugin index "akoctl".Updated the local copy of plugin index.Installing plugin: akoctlInstalled plugin: akoctl\| Use this plugin:| kubectl akoctl| Documentation:| https://github.com/aerospike/aerospike-kubernetes-operator-ctl/
Upgrade to latest version if already installed
kubectl krew upgrade akoctlAvailable sub-commands
Global Flags:
The global flags in the following table are associated with akoctl.
| Flag | Shorthand | Type | Description |
|---|---|---|---|
all-namespaces | -A | bool | Specify whether to get logs from all Kubernetes namespaces. Either this flag or namespaces is mandatory. |
namespaces | -n | string | Comma-separated list of Kubernetes namespaces to operate in. Either this flag or all-namespaces is mandatory. |
kubeconfig | string | Absolute path to the kubeconfig file. | |
cluster-scope | bool | Permission to work in cluster scoped mode (operate on cluster scoped resources like ClusterRoleBinding). Default true. |
collectinfo sub-command
akoctl uses the collectinfo command to collect logs and objects from a given namespace and cluster-scoped resources.
collectinfo collects the following data:
-
All container logs
-
All event logs
-
Inventory of the following objects:
Namespace Scoped Cluster Scoped Pods Nodes StatefulSets PersistentVolumes Deployments StorageClasses PersistentVolumeClaims MutatingWebhookConfigurations Services ValidatingWebhookConfigurations AerospikeClusters
asadm collectinfo command
akoctl and asadm each use the collectinfo command, but the types of information returned are different.
The akoctl collectinfo command focuses on Kubernetes-specific information. The asadm collectinfo command returns detailed information about the system performance, network information, filesystem, and operating system of an individual machine.
- Use the following command to get the
asadmcollectinfofile from a Kubernetes cluster:
kubectl -n <kubernetes-namespace-name> exec -it <podname> -- asadm -e collectinfo -U <username> -P <password>- Extract the file from the cluster:
kubectl cp <kubernetes-namespace-name>/<podname>:/tmp <localdirectory> -c <container-name> -n <kubernetes-namespace-name>Requirements
akoctl inherits the user’s kubectl permissions. If a user cannot access a particular resource, its logs do not appear in the akoctl results.
- You must have permissions for all the objects collected by the command.
- If the
cluster-scopeflag is set, along with the previously mentioned permissions, you must have permissions for cluster-scoped resources like Nodes and StorageClasses. - The
kubectlbinary should be available in the system PATH environment variable.
Associated Flags
| Flag | Shorthand | Type | Description |
|---|---|---|---|
path | string | Absolute path to save output tar file. |
Example:
kubectl akoctl collectinfo -n aerospike,olm --path ~/sample-directory/This creates a timestamped tar file called scraperlogs-TIMESTAMP and saves it in the ~/sample-directory/ directory.
The directory structure appears as follows:
akoctl_collectinfo├── akoctl.log├── k8s_cluster│ ├── nodes│ │ ├── <node1 name>.yaml│ │ └── <node2 name>.yaml│ └── storageclasses│ ├── <storageclass name>.yaml│ └── mutatingwebhookconfigurations│ ├── <mutatingwebhook name>.yaml│ └── validatingwebhookconfigurations│ ├── <validatingwebhook name>.yaml│ └── persistentvolumes│ ├── <persistentvolume name>.yaml│ └── summary│ ├── summary.txt└── k8s_namespaces └── aerospike ├── aerospikeclusters │ ├── <aerospikecluster name>.yaml ├── persistentvolumeclaims │ ├── <pvc name>.yaml ├── pods │ ├── <pod name> │ │ ├── <pod name>.yaml │ │ └── logs │ │ ├── previous │ │ │ └── <container name>.log │ │ └── <container name>.log └── statefulsets │ ├── <sts name>.yaml └── deployments │ ├── <deployment name>.yaml └── services │ ├── <service name>.yaml └── summary │ ├── summary.txt │ ├── events.txt └──────────────────────────auth sub-command
akoctl uses the auth command to create and delete RBAC resources for the Aerospike cluster for the given namespaces.
It creates and deletes ServiceAccount, RoleBinding or ClusterRoleBinding as per given scope of operation.
There are two sub-commands associated with auth command:
create- Creates and updates RBAC resources for the given namespaces.delete- Deletes RBAC resources for the given namespaces.
If cluster-scope is set (default true), the auth command grants cluster level RBAC.
In case of cluster-scope false, it grants namespace level RBAC.
Requirements:
akoctl inherits the user’s kubectl permissions.
If a user does not have RBAC access, kubectl cannot grant RBAC for that resource.
- You must have the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and RoleBinding.
- If the
cluster-scopeflag is set, you need the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and ClusterRoleBinding.
The following examples show how to modify RBAC resources for the aerospike namespace.
Create a namespace-scope resource:
kubectl akoctl auth create -n aerospike --cluster-scope=falseCreate a cluster-scope RBAC resource:
kubectl akoctl auth create -n aerospikeDelete a namespace-scope RBAC resource:
kubectl akoctl auth delete -n aerospike --cluster-scope=falseDelete a cluster-scope RBAC resource:
kubectl akoctl auth delete -n aerospike