Failing to scale an ACS cluster due to missing ServicePrincipalProfile - azure-container-service

I'm trying to scale an ACS cluster that is running k8s. From the Azure CLI I get the error below, and the Azure Portal results in a similar error message. It seems somehow my k8s cluster isn't setup with a Service Principal correctly?
"ServicePrincipalProfile must be specified with Orchestrator
Kubernetes"
I find this odd because I did use the az ad sp create-for-rbac command to create service principal for the subscription. I then used the resulting appId and password with the az acs create command (in the --service-principal and --client-secret options).
Example:
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/my-subscription-guid"
az acs create -n=myk8skube -g=myresgrp --orchestrator-type=kubernetes --agent-count=2 --generate-ssh-keys --windows --admin-username=myuser --admin-password=mypassword --service-principal=appId --client-secret=password
The cluster is running fine, I can scale pods, but I can't scale nodes. How did I get in this state and more importantly how do I fix it?

There was an issue for scale of ACS cluster in preview regions. The fix rolled out across the world by 8/31/2017.

Related

Spinnaker AWS Provider not allowing create cluster

Deployed Spinnaker in AWS to run a test in the same account. However unable to configure server groups. If I click create the task is queued with the account configured via hal on the CLI. Anyway to troubleshoot this, the logs are looking light.
Storage backend needs to be configured correctly.
https://www.spinnaker.io/setup/install/storage/

Can't deploy marketplace object on GKE

I have a running Kubernetes cluster on Google Cloud Platform.
I want to deploy a postgres image to my cluster.
When selecting the image and my cluster, I get the error:
insufficient OAuth scope
I have been reading about it for a few hours now and couldn't get it to work.
I managed to set the scope of the vm to allow APIs:
Cloud API access scopes
Allow full access to all Cloud APIs
But from the GKE cluster details, I see that everything is disabled except the stackdriver.
Why is it so difficult to deploy an image or to change the scope?
How can I modify the cluster permissions without deleting and recreating it?
Easiest way is to delete and recreate the cluster because there is no direct way to modify the scopes of a cluster. However, there is a workaround. Create a new node pool with the correct scopes and make sure to delete any of the old node pools. The cluster scopes will change to reflect the new node pool.
More details found on this post

Azure AKS pull image from Azure Container Registry

I have an Azure AKS cluster on which i'm trying to deploy a custom image that I have pushed to Azure Container Registry.
I have created a Service Principal and with that SP I have created my AKS. This SP also has Read Access on my ACR as described in below article:
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks
However my pods are not being created but give the message "Back-off pulling image"
Am I missing something?
Seems like I was trying to use windows containers which is not yet supported on Azure AKS. Switched to linux image and worked fine

Azure AKS-API (Preview Authorization Failure

In attempting to create an Azure Container Service (AKS) cluster using the same account information for which I can create a cluster via the portal, I am getting the following error:
ERROR in generic_views: 500 Internal Server Error: Creating cluster
7f3b1ed3-1996-4558-97d1-1672d87d56e1 failed with following reason:
CloudError(\"The client '09ad439c-5569-4e9b-8b23-3311d6837a21' with
object id '09ad439c-5569-4e9b-8b23-3311d6837a21' does not have
authorization to perform action
'Microsoft.ContainerService/managedClusters/write' over scope
'/subscriptions/21a6a032-5d60-45a6-ae51-c5f0c4007995/resourceGroups/MC_BruceContainerGroup_BruceCluster1_eastus/providers/Microsoft.ContainerService/managedClusters/7f3b1ed3-1996-4558-97d1-1672d87d56e1'.\",)
I tried adding (IAM) permissions for Azure Container Services to the RG used, and to the APP, but it didn't work. What do you think could be causing this error?
I actually resolved this issue by adding Access Control (IAM) permissions for ALL Azure Applications to the subscription... I am not sure adding which one resolved the issue, but I suspect it was the Azure Container Service.

Creating a kubernetes cluster on GCP using Spinnaker

For end to end devops automation I want to have an environment on demand. For this I need to Spun up and environment on kubernetes which is eventually hosted on GCP.
My Use case
1. Developer Checks in the code in feature branch
2. Environment in Spun up on Google Cloud with Kubernetes
3. Application gets deployed on Kubernetes
4. Gets tested and then the environment gets destroyed.
I am able to do everything with Spinnaker except #2. i.e create Kube Cluster on GCP using Spinnaker.
Any help please
Thanks,
Amol
I'm not sure Spinnaker was meant for doing what the second point in your list. Spinnaker assumes a collection of resources (VM's or a Kubernetes cluster) and then works with that. So instead of spinning up a new GKE cluster Spinnaker makes use of existing clusters. I think it'd be better (for you costs as well ;) if you seperate the environments using Kubernetes namespaces.