-- Leo's gemini proxy
-- Connecting to rawtext.club:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
===================================================================== ___ __ _ __ ___ _____/ (_)___ / /_(_) /__ / _ \/ ___/ / / __ \/ __/ / //_/ / __/ /__/ / / /_/ / /_/ / ,< \___/\___/_/_/ .___/\__/_/_/|_| /_/ =====================================================================
Running the Azure Container Instances Connector for Kubernetes[1] on a Raspberry Pi Cluster.
One of the most interesting features of Azure Container Instances[2] is the Azure Container Instances Connector for Kubernetes[3]. This adds an ACI "node" to an existing Kubernetes[4] cluster and allows you to deploy pods to it. This "node" will run pods in ACI without having to create or manage and additional Azure VMs, just point-and-shoot a pod at it and it will run with no additional setup required.
By using the ACI Connector for Kubernetes on a Raspberry PI, a cluster can run homogenous ARM containers on-prem, but still have the ability to deploy and manage x86 containers to a cloud provider.
Read more about Azure Container Instances,
https://thenewstack.io/azure-container-instances-mean-cheaper-agile-container-tools-way/[5][6]
https://docs.microsoft.com/en-us/azure/container-instances/[7][8]
https://azure.microsoft.com/en-us/blog/announcing-azure-container-instances/[9][10]
The upstream aci-connector-k8s image is x86 only, but since it's written in typescript it can easily be run on different architectures. To run on a Raspberry Pi k8s cluster, all that is required is building an armhf Docker image.
> Note: As of 9/12/2017 Docker Hub Official Images support multi-platform[11] and re-building an image for armhf (or arm64, ppc64le, and s390x) is no longer required if using a supported image (currently Debian based only, Alpine based like below still need to be re-built).
>
The aci-connector-k8s Dockerfile[12] uses `node:8.4.0-alpine` as it's base image. While there are some "unofficial" node ARM images, lets create one from a somewhat official repository. This involves finding an armhf Alpine 3.6 image, copying/pasting the node:8.4-alpine Dockerfile[13], replacing the `FROM` with the armhf version of alpine, and building the image.
There are two ways to build an armhf image,
Build on Raspberry Pi * 100% native build, less likely to run into bugs * Painfully slow due to Raspberry Pi hardware
Cross-build using Docker for Mac[14] or Multiarch[15] * Dramatically speed up builds * Could have unforseen issues due to running in an emulated environment
After first attempting option 1, two hours later and losing the ability to ssh into the Raspberry Pi, option 2 is a much faster approach. Building on a MacBook Pro using the built-in multiarch features of Docker for Mac works well, but is still slow even on a 4 core system. Fortunately Using up a 24-core Packet.net[16] Type 2 bare-metal instance to cross-compile using Multiarch is easy to do too.
> Note: The official Docker images for armhf are arm32v6[17] and arm32v7[18]. These will work natively on a Raspberry Pi, Docker for Mac, Multiarch, and a Linux system with `qemu-*-static support`. For full details on these see my post on cross-building Docker images[19].
>
A armhf multiarch nodejs Dockerfile[20] was built on the Packet.net Type 2 instance and pushed to Docker hub as `ecliptik/node:8.4.0-alpine-armhf`. This only took a few minutes using the Type 2 instance, much faster than Raspberry Pi or Macbook Pro.
Example Using Multiarch to re-build a node armhf alpine image,
curl -sSL https://raw.githubusercontent.com/nodejs/docker-node/c044d61e6d02756bb8ed1557b2f0c7a0d7fead6f/8.4/alpine/Dockerfile | sed "s/alpine:3.6/multiarch\/alpine:armhf-v3.6/" > Dockerfile.node.armhf docker build -f Dockerfile.node.armhf -t ecliptik/node:8.4.0-alpine-armhf . docker push ecliptik/node:8.4.0-alpine-armhf
Once a nodejs arm-alpine image is created, clone the aci-connector-k8s[21] repositoriy, and update the `Dockerfile` to use the `ecliptik/node:8.4.0-alpine-armhf` image. Additionaly, use the `Dockefile` below to use multi-stage builds for improved image size.
### Base Image # Setup up a base image to use in Build and Runtime images FROM ecliptik/node:8.4.0-alpine-armhf AS base WORKDIR /app COPY package.json . ### Build Image # Installs build dependencies and npm packages # Creates artifacts to copy into Runtime image FROM base AS build # Install build OS packages RUN set -ex && \ buildDeps=' \ make \ gcc \ g++ \ python \ py-pip \ curl \ openssl \ ' && \ apk add --no-cache \ --virtual .build-deps $buildDeps #Copy application into build image COPY . . # Install npm packages RUN npm install -g RUN npm install --silent --save-dev -g \ gulp-cli \ typescript # Compile typescript sources to javascript artifacts RUN tsc --target es5 connector.ts ### Runtime Image # Copy artifacts from Build image and setups up entrypoint/cmd to run app FROM base AS runtime # Copy artifacts from Build Image COPY --from=build /app/node_modules ./node_modules COPY --from=build /app/*.js ./ COPY --from=build /app/LICENSE ./ # Runtime command ENTRYPOINT ["node"] CMD ["connector.js"]
With an updated `Dockerfile` in the cloned repo, build the aci-connector-k8s image *on* a Raspberry Pi,
docker build -t ecliptik/aci-connector-k8s:alpine-armhf . docker push ecliptik/aci-connector-k8s:alpine-armhf
> Note: Trying to build the image on non-native armhf platform like Docker for Mac or Multiarch may result in errors like `"SyntaxError: Unexpected end of JSON input"`. The image only seems to build on native Raspberry Pi or ARM hardware.
Now that we have a armhf image capable of running on a Raspberry Pi, we can deploy the pod to a Raspberry Pi Kubernetes cluster[22].
First clone the aci-connector-k8s[23] repository onto the Raspberry Pi cluster master,
git clone https://github.com/Azure/aci-connector-k8s.git
Edit the `examples/aci-connector.yaml` and update the `image` to use the `ecliptik/aci-connector-k8s:alpine-armhf` image.
Next, if you used `kubeadm` to create your cluster and RBAC is enabled, you'll need to create a role and set it up for the connector. This is discussed in this Github issue[24] that includes creating a RBAC role and updating the service to use it.
Create the RBAC role for the connector,
curl -sSL https://raw.githubusercontent.com/alexjmoore/aci-connector-k8s-arm/master/aci-connector-rbac.yaml | kubectl create -f -
Under `spec` in the `examples/aci-connector.yaml` add the RBAC role,
serviceAccountName: aci-connector-sa
Finally after the connector is setup to use the armhf image and RBAC, follow the rest of the *Quickstart* guide in the aci-connector-k8s README[25] to set up everything else required to run the connector (Azure keys, deployment of service, etc).
Updated `examples/aci-connector.yaml` with RBAC role and `ecliptik/aci-connector-k8s:alpine-armhf` image
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: aci-connector namespace: default spec: replicas: 1 template: metadata: labels: app: aci-connector spec: serviceAccountName: aci-connector-sa containers: - name: aci-connector image: ecliptik/aci-connector-k8s:alpine-armhf imagePullPolicy: Always env: - name: AZURE_CLIENT_ID value: 00000-000-00000-0000-0000 - name: AZURE_CLIENT_KEY value: 00000-000-00000-0000-0000 - name: AZURE_TENANT_ID value: 00000-000-00000-0000-0000 - name: AZURE_SUBSCRIPTION_ID value: 100000-000-00000-0000-0000 - name: ACI_RESOURCE_GROUP value: aci-test
Deploy the aci-connector pod,
kubectl create -f examples/aci-connector.yaml
Wait a few minutes while the pod comes into service (mostly waiting for the image to pull) on a worker node.
Verify aci-connector pod has started,
kubectl get pods NAME READY STATUS RESTARTS AGE aci-connector-1252680567-b88w6 1/1 Running 0 3m
Verify aci-connector node is added,
kubectl get nodes -o wide NAME STATUS AGE VERSION EXTERNAL-IP OS-IMAGE KERNEL-VERSION aci-connector Ready 2m v1.6.6 <none> <unknown> <unknown> navi Ready 1h v1.7.5 <none> Raspbian GNU/Linux 8 (jessie) 4.4.50-hypriotos-v7+ tael Ready 1h v1.7.5 <none> Raspbian GNU/Linux 8 (jessie) 4.4.50-hypriotos-v7+ tatl Ready 1h v1.7.5 <none> Raspbian GNU/Linux 8 (jessie) 4.4.50-hypriotos-v7+
Deploy `example/nginx-pod.yaml` pod from aci-connector-k8s repo,
kubectl create -f examples/nginx-pod.yaml pod "nginx" created
Verify pod deployed and is running in ACI,
kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE aci-connector-1696751608-tcjcq 1/1 Running 0 24m 10.244.2.4 tael nginx 1/1 Running 0 10s 104.42.235.280 aci-connector
While researching and setting this up I came across many good resources on running Docker on ARM,
https://help.packet.net/armv8/docker-on-armv8[26][27]
https://github.com/docker-library/official-images#architectures-other-than-amd64[28][29]
https://blog.hypriot.com/post/first-touch-down-with-docker-for-mac/[30][31]
https://resin.io/blog/building-arm-containers-on-any-x86-machine-even-dockerhub/[32][33]
ARM Docker Image Repositories
arm32v6[34] - Works on RPI 3 with HypriotOS[35] 32-bit
arm32v7[36] - Works on RPI 3 with HypriotOS[37] 32-bit
arm64v8[38] - Currently no 64-bit version of HypriotOS, but will work on Packet.net Type 2A Instances[39]
____________________________________________________________________
-- Response ended
-- Page fetched on Wed Aug 10 23:25:45 2022