We Keep Coding

I see empty list of disks using "az disk list". Created in AKS and working ok

I am trying to follow this tutorial to backup a persistent volume in Azure AKS:
https://learn.microsoft.com/en-us/azure/aks/azure-disks-dynamic-pv
I can see the volumes doing
az aks get-credentials --resource-group MYRESOURCEGROUP --name HIDDEN --subscription MYSUBSCRIPTION
kubectl get pv
(Both disk and file, managed-premium and standard storage classes)
but then I do:
az disk list --resource-group MYRESOURCEGROUP --subscription MYSUBSCRIPTION
and I get an empty list, so I can't know the source full path to perform the snapshot.
Am I missing something?

Upgrade your az cli version.
I was getting this issue with az cli 2.0.75 returning an empty array for the disk list, with an AKS PV.
upgraded to az cli 2.9.1 and same command worked.

that happens because AKS is creating a service resource group with AKS resources, it is called something like MC_%AKS-name%_%AKS-resource-group-name%_%region% (not configurable at the time of writing). you should list disks in that resource group to view those.

Back-off pulling image "XYZ/customer-management/dev/72-kubernetes-setup:XYZ"

I am trying to automate build and deployment using gitlab CI. for this,i have added few steps like build, test, quality checks, review&deployment. Currently i am facing an issue on deployment, i am creating the docker image and pushing those images into the azure container registry and from there i'm trying to deploy on azure kubernetes by using helm. also i added ingress on the same. but due to some issue docker image is not able to pull the image on kubernetes and throwing below error-
and my gitlab ci pipeline getting success.
This is my deployment function which is written in .gitlab-ci.yml file-

you need to grant AKS service principal ACRPull permission. that will allow it to silently auth to the ACR without you doing anything (you dont even need to create a docker secret in kubernetes).
AKS_RESOURCE_GROUP=myAKSResourceGroup
AKS_CLUSTER_NAME=myAKSCluster
ACR_RESOURCE_GROUP=myACRResourceGroup
ACR_NAME=myACRRegistry
# Get the id of the service principal configured for AKS
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
# Create role assignment
az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID
https://learn.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks

best way to seed new machine with k8s/eks info

Say we have a couple of clusters on Amazon EKS. We have a new user or new machine that needs .kube/config to be populated with the latest cluster info.
Is there some easy way we get the context info from our clusters on EKS and put the info in the .kube/config file? something like:
eksctl init "cluster-1-ARN" "cluster-2-ARN"
so after some web-sleuthing, I heard about:
aws eks update-kubeconfig
I tried that, and I get this:
$ aws eks update-kubeconfig usage: aws [options]
[ ...] [parameters] To see help text, you can
run:
aws help aws help aws help
aws: error: argument --name is required
I would think it would just update for all clusters then, but it don't. So I put the cluster names/ARNs, like so:
aws eks update-kubeconfig --name arn:aws:eks:us-west-2:913xxx371:cluster/eks-cluster-1
aws eks update-kubeconfig --name arn:aws:eks:us-west-2:913xxx371:cluster/ignitecluster
but then I get:
kbc stderr: An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name: arn:aws:eks:us-west-2:913xxx371:cluster/eks-cluster-1.
kbc stderr: An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name: arn:aws:eks:us-west-2:913xxx371:cluster/ignitecluster.
hmmm this is kinda dumb 😒 those cluster names exist..so what 🤷 do I do now

So yeah those clusters I named don't actually exist. I discovered that via:
aws eks list-clusters
ultimately however, I still feel strong because we people need to make a tool that can just update your config with all the clusters that exist instead of having you name them.
So to do this programmatically, it would be:
aws eks list-clusters | jq '.clusters[]' | while read c; do
aws eks update-kubeconfig --name "$c"
done;

In my case, I was working with two AWS environments. My ~/.aws/credentials were pointing to one and had to be changed to point to the correct account. Once you change the account details, you can verify the change by running the following commands:
eksctl get clusters
and then setting the kube-config using the command below after verifying the region.
aws eks --region your_aws_region update-kubeconfig --name your_eks_cluster

AWS ecs scheduled task with cloudwatch

I am trying to create scheduled task with cloudwatch.
I am using this page
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html
The problem i see is when i run task normally then aws asks
vpc
subnets
Launchtype
BUT when i use cloudwatch target then it dont ask for vpc, subnets etc. why is that ?

CloudFormation has not been updated to accommodate some Fargate functionality yet. If you get an error while trying to deploy an ECS task from CloudFormation,
try using the command line interface (aws events put-target) instead, which allows you to add a target that contains the required ECS parameters for launch type and network config.
Here is an example of how I configured my ECS tasks to be deployed from the CLI instead of CloudFormation:
1. Add vpc/subnet config to a variable, NETWORK_CONFIGURATION:
NETWORK_CONFIGURATION='{"awsvpcConfiguration":{"AssignPublicIp":"ENABLED","SecurityGroups": \["'${AWS_NETWORKCONFIG_SECURITY_GROUP}'"],"Subnets":["'${AWS_NETWORKCONFIG_SUBNET}'"]}}'
Run the following command to deploy your task, which will take the vpc config from the variable declared above
aws events put-targets \
--rule events-rule--${TASK_NAME} \
--targets '{"Arn":"arn:aws:ecs:'${AWS_REGION}':'${AWS_ACCOUNT_ID}':cluster/ecs-cluster-1","EcsParameters":{"LaunchType":"FARGATE","NetworkConfiguration":'${NETWORK_CONFIGURATION}',"TaskCount": 1,"TaskDefinitionArn": "arn:aws:ecs:'${AWS_REGION}':'${AWS_ACCOUNT_ID}':task-definition/ecs-task-'${TASK_NAME}'"},"Id": "ecs-targets-'${TASK_NAME}'","RoleArn": "arn:aws:iam::'${AWS_ACCOUNT_ID}':role/ecsEventsRole"}' \
;

What should I do when Fargate runs out of capacity?

I'm kicking off a single ECS Fargate task with a command such as:
aws ecs run-task --cluster Fargate \
--task-definition $ECR_REPO-run-setup
--overrides file:///tmp/ecs-overrides-db-migrate.txt \
--count 1 --launch-type FARGATE \
--network-configuration "awsvpcConfiguration={subnets=[$PUBLIC_SUBNET_1, $PUBLIC_SUBNET_2],securityGroups=[$FARGATE_SG],assignPubli cIp=ENABLED}"
There are no ECS services, tasks or instances at all running in my account at the moment. This is the response I get back:
{
"failures": [
{
"reason": "Capacity is unavailable at this time. Please try again later or in a different availability zone"
}
],
"tasks": []
}
I don't even see a way to specify a different availability zone for a Fargate Task?
If I should just retry, how long should I wait before retries?

Withing a VPC you can create one or more subnets that correspond to an availability zone.
When launching your Fargate task you will notice the network-configuration parameter and associated awsvpcConfiguration. To specify multiple zones you can pass in multiple subnets. For example:
aws ecs run-task --cluster Fargate \
--task-definition $ECR_REPO-run-setup
--overrides file:///tmp/ecs-overrides-db-migrate.txt \
--count 1 --launch-type FARGATE \
--network-configuration "awsvpcConfiguration={subnets=[$MY_SUBNET_IN_AZ1,
$MY_SUBNET_IN_AZ2]
The VPC documentation in aws contains more helpful information:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#vpc-subnet-basics