added information about Agones running on Azure Kubernetes Service #269
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Build Succeeded 👏 Build Id: efad6ce0-fcf8-4075-a9e5-d897e049a457 The following development artifacts have been built, and will exist for the next 30 days:
|
|
Build Succeeded 👏 Build Id: 43158b3b-016f-4501-8987-cd1989c50a52 The following development artifacts have been built, and will exist for the next 30 days:
|
markmandel
reviewed
Jun 15, 2018
| Nodes in AKS don't get a Public IP by default. To assign a Public IP to a Node, find the Resource Group where the AKS resources are installerd on the [portal](https://portal.azure.com) (it should have a name like `MC_resourceGroupName_AKSName_westeurope`). Then, you can follow the instructions [here](https://blogs.technet.microsoft.com/srinathv/2018/02/07/how-to-add-a-public-ip-address-to-azure-vm-for-vm-failed-over-using-asr/) to create a new Public IP and assign it to the Node/VM. For more information on Public IPs for VM NICs, see [this document](https://docs.microsoft.com/azure/virtual-network/virtual-network-network-interface-addresses). | ||
|
|
||
| Continue to [Installing Agones](#installing-agones). | ||
|
|
There was a problem hiding this comment.
For AKS, did you need to do anything for RBAC?
There was a problem hiding this comment.
Thank you! So, I can confirm that nothing else needs to be set for RBAC apart from the existing instructions/commands, just did a quick test by creating a cluster from scratch with RBAC enabled, installed Agones and quickstarting a game server, having a successful ACK. Apparently, the Agones controllers are working just fine.
Anything else I should check to make sure Agones RBAC stuff is working as intended?
There was a problem hiding this comment.
Hello @dgkanatsios ,
if you created the gameserver in the default namespace and the controller lived in the agones-system you have tested RBAC, if RBAC was active it wouldn't work. Assuming pods of the gameserver was 2/2 active.
There was a problem hiding this comment.
also I think @markmandel was wondering if the kubectl config fetched by az aks get-credentials get a cluster-admin role by default, I guess the answer is yes again since you were able to install agones, is this correct ?
There was a problem hiding this comment.
Also, I vaguely remember some conversation about whether you needed the AKS equivalent of
kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole cluster-admin --user `gcloud config get-value account`
Did you end up needing to do that? If not, we should probably also make that clear.
There was a problem hiding this comment.
thanks for your comments @Kuqd and @markmandel! To answer your questions
- the gameserver is created in the default namespace
dgkanatsios@digkanat:~$ k get po --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
agones-system agones-controller-cfccbcc6b-v9xr2 1/1 Running 0 15h
default simple-udp-msmr9 2/2 Running 0 15h
kube-system azureproxy-899885bfb-5rsql 1/1 Running 2 15h
kube-system heapster-56c6f9566f-pkbxw 2/2 Running 0 15h
kube-system kube-dns-v20-7c556f89c5-75qzb 3/3 Running 0 15h
kube-system kube-dns-v20-7c556f89c5-msfbc 3/3 Running 0 15h
kube-system kube-proxy-rsjpn 1/1 Running 0 15h
kube-system kube-svc-redirect-gtghx 1/1 Running 0 15h
kube-system kubernetes-dashboard-5ffc5c5558-tdkwh 1/1 Running 4 15h
kube-system tunnelfront-856cdb8bb7-khs86 1/1 Running 0 15h- Correct,
az aks get-credentialsfetches admin credentials. You end up with a kubeconfig with that has an embedded cert with an identity of system:masters, which has a cluster-admin ClusterRoleBinding. Agones itself as well as test game server are installed with kubectl using these credentials. Moreover, all default cluster roles are there, including cluster-admin. - a clusterrolebinding creation wasn't necessary, this is why I opted to skip the 'configure RBAC section'. Open to rewrite this in a better way, any suggestions?
Some commands output as well:
dgkanatsios@digkanat:~$ kubectl get clusterrolebindings | grep -v system
NAME AGE
agones-controller-access 15h
cluster-admin 15h
heapster 15h
dgkanatsios@digkanat:~$ k describe clusterrolebinding cluster-admin
Name: cluster-admin
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate=true
Role:
Kind: ClusterRole
Name: cluster-admin
Subjects:
Kind Name Namespace
---- ---- ---------
Group system:masters
dgkanatsios@digkanat:~$ k describe clusterrolebinding agones-controller-access
Name: agones-controller-access
Labels: app=agones
chart=agones-0.2.0
heritage=Tiller
release=agones-manual
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"labels":{"app"
:"agones","chart":"agones-0.2.0","...
Role:
Kind: ClusterRole
Name: agones-controller
Subjects:
Kind Name Namespace
---- ---- ---------
User system:serviceaccount:agones-system:agones-controller
dgkanatsios@digkanat:~$ kubectl get clusterroles | grep -v system
NAME AGE
admin 15h
agones-controller 15h
agones-sdk 15h
cluster-admin 15h
edit 15h
view 15h
dgkanatsios@digkanat:~$ kubectl describe clusterrole cluster-admin
Name: cluster-admin
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate=true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.* [] [] [*]
[*] [] [*]
dgkanatsios@digkanat:~$ k get serviceaccounts --all-namespaces | grep -v kube-system
NAMESPACE NAME SECRETS AGE
agones-system agones-controller 1 18h
agones-system default 1 18h
azure-system default 1 18h
default agones-sdk 1 18h
default default 1 18h
kube-public default 1 18h- some gameserver command output
dgkanatsios@digkanat:~$ kubectl apply -f
https://raw.githubusercontent.com/GoogleCloudPlatform/agones/master/examples/simple-udp/server/gameserver.yaml
gameserver.stable.agones.dev "simple-udp" created
dgkanatsios@digkanat:~$ k get gs
NAME AGE
simple-udp 21s
dgkanatsios@digkanat:~$ k describe gs simple-udp
Name: simple-udp
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"stable.agones.dev/v1alpha1","kind":"GameServer","metadata":{"annotations":{},"name":"simple-udp","name
space":"default"},"spec":{"contain...
API Version: stable.agones.dev/v1alpha1
Kind: GameServer
Metadata:
Cluster Name:
Creation Timestamp: 2018-06-18T07:07:17Z
Finalizers:
stable.agones.dev
Generation: 0
Resource Version: 64414
Self Link: /apis/stable.agones.dev/v1alpha1/namespaces/default/gameservers/simple-udp
UID: 3c38fb5f-72c6-11e8-b304-beff59d82c7f
Spec:
Container: simple-udp
Container Port: 7654
Health:
Failure Threshold: 3
Initial Delay Seconds: 5
Period Seconds: 5
Host Port: 7849
Port Policy: dynamic
Protocol: UDP
Template:
Metadata:
Creation Timestamp: <nil>
Spec:
Containers:
Image: gcr.io/agones-images/udp-server:0.1
Name: simple-udp
Resources:
Status:
Address: 137.117.171.57
Node Name: aks-nodepool1-26745675-0
Port: 7849
State: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal PortAllocation 2m gameserver-controller Port allocated
Normal Creating 2m gameserver-controller Pod simple-udp-qnmqx created
Normal Starting 2m gameserver-controller Synced
Normal Ready 1m gameserver-controller Address and Port populated
dgkanatsios@digkanat:~$ nc -u 137.117.171.57 7849
HALO
ACK: HALO
^Cthanks!
|
Build Succeeded 👏 Build Id: ea39dcf0-5462-49f0-8e90-431b4af8b68b The following development artifacts have been built, and will exist for the next 30 days:
|
|
Build Succeeded 👏 Build Id: df5069f6-3121-4519-8692-dbe1942ccd2d The following development artifacts have been built, and will exist for the next 30 days:
|
markmandel
added
kind/documentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As discussed on #254, our contribution with @BrianPeek