search

microsoft / ApplicationInsights-Kubernetes

Enrich the telemetry data for .NET applications running inside containers that are managed by Kubernetes.
Other
135 stars 57 forks source link

Use AKS instead of local kubernetes - How #339

Closed eliassal closed 1 year ago

eliassal commented 1 year ago

Hi, can you please let me know how can I adapt the procedure to use AKS instead of local kubernetes? I have ACR and I was able to push the image to it, not sure what should be the next steps to deploy to AKS. Thanks

xiaomi7732 commented 1 year ago

Hi @eliassal, Thanks for contacting us. Do you have a specific question for Application Insights for Kubernetes or are you asking generally, how to host your containers in AKS?

If it is the prior, please state the specific issue, like what is your expectation vs what was not working. If it is the latter, I would suggest you start with the official tutorial: https://learn.microsoft.com/en-us/azure/aks/tutorial-kubernetes-prepare-app

Please let me know if that helps.

eliassal commented 1 year ago

Exact, I followed the steps indicated at https://learn.microsoft.com/en-us/azure/aks/tutorial-kubernetes-prepare-app ut I used your apps and yaml files, after deployment, in AKS I have

image

when I dig, I see "ImagePullBackOff" as follows

I followed troubleshooting at https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/cannot-pull-image-from-acr-to-aks-cluster what is strange is that when I exceute

az aks show --resource-group my-RG --name myKSCluster --query servicePrincipalProfile.clientId --output tsv

I get "msi" image

whereas executing

az role assignment list --scope /subscriptions/XXXXXXXXXXe3b-82512dfda843/resourceGroups/my-RG/providers/Microsoft.ContainerRegistry/registries/myACR I get

Principal Role Scope

8c07666d-XXXX-XXXX-XXXXX-b0aacbd4b6b5 AcrPull /subscriptions/f151ee3f-4725-460d-8e3b-82512dfda843/resourceGroups/my-RG/providers/Microsoft.ContainerRegistry/registries/myACR

so what is missing? I thought that sa-role.yaml should be enoughyto fix the RBAC access. Wjhat m I missing?

Also, it is indicated in the troubleshooting page to

Compare the two service principals. If they don't match, integrate the AKS cluster with the container registry again.

How this can be done in our scenao?

xiaomi7732 commented 1 year ago

It looks like your K8s cluster doesn't have permission to pull from your ACR, that you will need to have proper permissions setup. The RBAC configuration in this repo will not help address that issue.

xiaomi7732 commented 1 year ago

Please refer to Authenticate with Azure Container Registry from Azure Kubernetes Service for how to set up permissions so that AKS can pull from ACR. I'll close this issue now since there are no actionable items in this repo.