Skip to main content
Aerospike 8 introduces a new era of real-time transaction processingLearn more
Loading
Version: Operator 4.0.0

Aerospike Kubernetes Operator Command Line Tool

akoctl is a Krew plugin for AKO. It provides multiple sub-commands to perform different functions related to AKO and Aerospike Kubernetes clusters.

You can use the kubectl or akoctl tools to grant permissions for the aerospike namespace.

  1. Create the Kubernetes namespace if not already created.

    kubectl create namespace aerospike

  2. Create a service account.

    kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager

  3. Create a RoleBinding or ClusterRoleBinding to attach this service account to the aerospike-cluster ClusterRole. This ClusterRole is created as part of AKO installation and grants Aerospike cluster permissions to the service account.

    • For using the Kubernetes native, pod-only network to connect to the Aerospike cluster, create a RoleBinding with the following command:

      kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager

    • For connecting to the Aerospike cluster from outside Kubernetes, create a ClusterRoleBinding with the following command:

      kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager
      tip

      For attaching multiple service accounts of different namespaces at one time, add multiple --serviceaccount parameters to the previous command.

      Example: To attach service accounts of the aerospike and aerospike1 namespaces:

      kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager --serviceaccount=aerospike1:aerospike-operator-controller-manager

  4. If the required ClusterRoleBinding already exists in the cluster, edit it to attach a new service account.

    kubectl edit clusterrolebinding aerospike-cluster

  5. The kubectl edit command launches an editor. Append the following lines to the subjects section:

      # A new entry for aerospike.
      # Replace aerospike with your namespace
    - kind: ServiceAccount
      name: aerospike-operator-controller-manager
      namespace: aerospike

  6. Save and ensure that the changes are applied.

Install with Krew plugin managerโ€‹

  1. Install Krew.

    Follow the Krew setup instructions here.

  2. Install akoctl:

kubectl krew index add akoctl https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git
kubectl krew index list
INDEX    URL
akoctl   https://github.com/aerospike/aerospike-kubernetes-operator-ctl.git
default  https://github.com/kubernetes-sigs/krew-index.git
kubectl krew install akoctl/akoctl
Updated the local copy of plugin index "akoctl".
Updated the local copy of plugin index.
Installing plugin: akoctl
Installed plugin: akoctl
\
| Use this plugin:
|   kubectl akoctl
| Documentation:
|   https://github.com/aerospike/aerospike-kubernetes-operator-ctl
/

Upgrade to latest version if already installedโ€‹

kubectl krew upgrade akoctl

Available sub-commandsโ€‹

Global Flags:โ€‹

The global flags in the following table are associated with akoctl.

FlagShorthandTypeDescription
all-namespaces-AboolSpecify whether to get logs from all Kubernetes namespaces. Either this flag or namespaces is mandatory.
namespaces-nstringComma-separated list of Kubernetes namespaces to operate in. Either this flag or all-namespaces is mandatory.
kubeconfigstringAbsolute path to the kubeconfig file.
cluster-scopeboolPermission to work in cluster scoped mode (operate on cluster scoped resources like ClusterRoleBinding). Default true.

collectinfo sub-commandโ€‹

akoctl uses the collectinfo command to collect logs and objects from a given namespace and cluster-scoped resources. collectinfo collects the following data:

  • All container logs
  • All event logs
  • Inventory of the following objects:
    Namespace ScopedCluster Scoped
    PodsNodes
    StatefulSetsPersistentVolumes
    DeploymentsStorageClasses
    PersistentVolumeClaimsMutatingWebhookConfigurations
    ServicesValidatingWebhookConfigurations
    AerospikeClusters

asadm collectinfo commandโ€‹

akoctl and asadm each use the collectinfo command, but the types of information returned are different. The akoctl collectinfo command focuses on Kubernetes-specific information. The asadm collectinfo command returns detailed information about the system performance, network information, filesystem, and operating system of an individual machine.

  1. Use the following command to get the asadm collectinfo file from a Kubernetes cluster:
kubectl -n <kubernetes-namespace-name> exec -it <podname> -- asadm -e collectinfo -U <username> -P <password>
  1. Extract the file from the cluster:
kubectl cp <kubernetes-namespace-name>/<podname>:/tmp <localdirectory> -c <container-name> -n <kubernetes-namespace-name>

Requirementsโ€‹

akoctl inherits the user's kubectl permissions. If a user cannot access a particular resource, its logs do not appear in the akoctl results.

  • You must have permissions for all the objects collected by the command.
  • If the cluster-scope flag is set, along with the previously mentioned permissions, you must have permissions for cluster-scoped resources like Nodes and StorageClasses.
  • The kubectl binary should be available in the system PATH environment variable.

Associated Flagsโ€‹

FlagShorthandTypeDescription
pathstringAbsolute path to save output tar file.

Example:

kubectl akoctl collectinfo -n aerospike,olm --path ~/sample-directory/

This creates a timestamped tar file called scraperlogs-TIMESTAMP and saves it in the ~/sample-directory/ directory. The directory structure appears as follows:

akoctl_collectinfo
โ”œโ”€โ”€ akoctl.log
โ”œโ”€โ”€ k8s_cluster
โ”‚ย ย  โ”œโ”€โ”€ nodes
โ”‚ย ย  โ”‚ย ย  โ”œโ”€โ”€ <node1 name>.yaml
โ”‚ย ย  โ”‚ย ย  โ””โ”€โ”€ <node2 name>.yaml
โ”‚ย ย  โ””โ”€โ”€ storageclasses
โ”‚ย ย      โ”œโ”€โ”€ <storageclass name>.yaml
โ”‚ย ย  โ””โ”€โ”€ mutatingwebhookconfigurations
โ”‚ย ย      โ”œโ”€โ”€ <mutatingwebhook name>.yaml
โ”‚ย ย  โ””โ”€โ”€ validatingwebhookconfigurations
โ”‚ย ย      โ”œโ”€โ”€ <validatingwebhook name>.yaml
โ”‚ย ย  โ””โ”€โ”€ persistentvolumes
โ”‚ย ย      โ”œโ”€โ”€ <persistentvolume name>.yaml
โ”‚ย ย  โ””โ”€โ”€ summary
โ”‚ย ย      โ”œโ”€โ”€ summary.txt
โ””โ”€โ”€ k8s_namespaces
    โ””โ”€โ”€ aerospike
        โ”œโ”€โ”€ aerospikeclusters
        โ”‚ย ย  โ”œโ”€โ”€ <aerospikecluster name>.yaml
        โ”œโ”€โ”€ persistentvolumeclaims
        โ”‚ย ย  โ”œโ”€โ”€ <pvc name>.yaml
        โ”œโ”€โ”€ pods
        โ”‚ย ย  โ”œโ”€โ”€ <pod name>
        โ”‚ย ย  โ”‚ย ย  โ”œโ”€โ”€ <pod name>.yaml
        โ”‚ย ย  โ”‚ย ย  โ””โ”€โ”€ logs
        โ”‚ย ย  โ”‚ย ย      โ”œโ”€โ”€ previous
        โ”‚ย ย  โ”‚ย ย      โ”‚ย ย  โ””โ”€โ”€ <container name>.log
        โ”‚ย ย  โ”‚ย ย      โ””โ”€โ”€ <container name>.log
        โ””โ”€โ”€ statefulsets
        โ”‚ย ย  โ”œโ”€โ”€ <sts name>.yaml
        โ””โ”€โ”€ deployments
        โ”‚ย ย  โ”œโ”€โ”€ <deployment name>.yaml
        โ””โ”€โ”€ services
        โ”‚ย ย  โ”œโ”€โ”€ <service name>.yaml
        โ””โ”€โ”€ summary
        โ”‚ย ย  โ”œโ”€โ”€ summary.txt
        โ”‚ย ย  โ”œโ”€โ”€ events.txt
        โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

auth sub-commandโ€‹

akoctl uses the auth command to create and delete RBAC resources for the Aerospike cluster for the given namespaces. It creates and deletes ServiceAccount, RoleBinding or ClusterRoleBinding as per given scope of operation.

There are two sub-commands associated with auth command:

  • create - Creates and updates RBAC resources for the given namespaces.
  • delete - Deletes RBAC resources for the given namespaces.

If cluster-scope is set (default true), the auth command grants cluster level RBAC. In case of cluster-scope false, it grants namespace level RBAC.

Requirements:โ€‹

akoctl inherits the user's kubectl permissions. If a user does not have RBAC access, kubectl cannot grant RBAC for that resource.

  • You must have the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and RoleBinding.
  • If the cluster-scope flag is set, you need the CREATE, GET, UPDATE and DELETE permissions for ServiceAccount and ClusterRoleBinding.

The following examples show how to modify RBAC resources for the aerospike namespace.

Create a namespace-scope resource:

kubectl akoctl auth create -n aerospike --cluster-scope=false

Create a cluster-scope RBAC resource:

kubectl akoctl auth create -n aerospike

Delete a namespace-scope RBAC resource:

kubectl akoctl auth delete -n aerospike --cluster-scope=false

Delete a cluster-scope RBAC resource:

kubectl akoctl auth delete -n aerospike