Create User Node Pool

In this section you will add a user node pool to your AKS cluster. This will host all the Arrikto EKF workloads.

Procedure

  1. Specify the number of nodes:

    root@rok-tools:~# export UNP_NODE_COUNT=3
  2. Specify the VM size:

    root@rok-tools:~# export UNP_VM_SIZE=standard_l8s_v2
  3. Specify the zones in which to deploy the node pool:

    root@rok-tools:~# export UNP_ZONES=1
  4. Create the user node pool:

    root@rok-tools:~# az aks nodepool add \ > --cluster-name ${AKS_CLUSTER?} \ > --name workers \ > --resource-group ${AZ_RESOURCE_GROUP?} \ > --mode User \ > --os-type Linux \ > --zones ${UNP_ZONES?} \ > --node-vm-size ${UNP_VM_SIZE?} \ > --node-count ${UNP_NODE_COUNT?} \ > --max-pods 250 { "agentPoolType": "VirtualMachineScaleSets", "availabilityZones": [ "1" ], "count": 3, "enableAutoScaling": null, ... "maxPods": 250, ... "mode": "User", "name": "workers", ... "osSku": "Ubuntu", "osType": "Linux", ... "provisioningState": "Succeeded", ... "resourceGroup": "arrikto", ... "vmSize": "standard_l8s_v2", ... }

    Troubleshooting

    You have insufficient quotas to create the node pool

    If the quotas in your Azure subscription are not sufficient to create the node pool, the Azure CLI will emit the following error message:

    Operation failed with status: 'Bad Request'. Details: Provisioning of resource(s) for Agent Pool workers failed. Error: { "code": "InvalidTemplateDeployment", "message": "The template deployment '86887354-3280-4df4-a018-97206bd9ae9c' is not valid according to the validation procedure. The tracking id is '30ef5968-b026-441e-a271-829fe95a4266'. See inner errors for details.", "details": [ { "code": "QuotaExceeded", "message": "Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: eastus, Current Limit: 10, Current Usage: 4, Additional Required: 24, (Minimum) New Limit Required: 28. Submit a request for Quota increase at https://aka.ms/ProdportalCRP/?#create/Microsoft.Support/Parameters/%7B%22subId%22:%225361f4ed-77bb-4e35-b223-f875d30df1a9%22,%22pesId%22:%2206bfd9d3-516b-d5c6-5802-169c800dec89%22,%22supportTopicId%22:%22e12e3d1d-7fa0-af33-c6d0-3c50df9658a3%22%7D by specifying parameters listed in the 'Details' section for deployment to succeed. Please read more about quota limits at https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests." } ] }

    In this case, you need to either delete other resources to free up quota, or follow these steps to create a support request to increase them. Note however that it can take a few hours until Azure increases your quotas.

    1. Go to the Help and Support page of the Azure portal.
    2. Click Create a support request.
    3. Set Issue type to Service and subscription limits (quotas).
    4. Set Subscription to your Azure subscription.
    5. Set Quota type to Compute-VM (cores-vCPUs) subscription limit increases.
    6. Click Next.
    7. Click Enter details.
    8. Set Deployment model to Resource Manager.
    9. Set Locations to the location of your AKS cluster.
    10. Set Quotas to LSv2 Series.
    11. Set New vCPU Limit to 64.
    12. Click Save and continue.
    13. Set Preferred contact method to your preferred contact method.
    14. Click Next.
    15. Click Create.

    Lsv2-series instances are not available in the selected zone

    It is possible that Lsv2-series instances are not available in zone 1 of your desired region.

    In this case, the Azure CLI will emit the following error message:

    Deployment failed. Correlation ID: 0331f0a1-4093-494f-b668-2fd1e8a42a9c. Code="OverconstrainedZonalAllocationRequest" Message="Allocation failed. VM(s) with the following constraints cannot be allocated, because the condition is too restrictive. Please remove some constraints and try again. Constraints applied are:\n - Availability Zone\n - Networking Constraints (such as Accelerated Networking or IPv6)\n - VM Size\n"

    To fix this, select one of the other available zones and run the command again. If they are not available in any of the available zones then make sure you have followed the instructions in section Set Up Cloud Environment for Azure to select a region that supports instances of this type.

    The command failed with an authorization error

    If the above command fails with an error message similar to the following:

    (AuthorizationFailed) The client '0c799e27-a84f-41a2-a02b-236af002af99' with object id '0c799e27-a84f-41a2-a02b-236af002af99' does not have authorization to perform action 'Microsoft.ContainerService/managedClusters/agentPools/write' over scope '/subscriptions/3b63afce-113a-4798-a303-f37dada04319/resourceGroups/arrikto/providers/Microsoft.ContainerService/managedClusters/arrikto-cluster/agentPools/workers' or the scope is invalid. If access was recently granted, please refresh your credentials.

    it means that your identity does not have sufficient permissions to create a node pool.

    To proceed, make sure you have followed the Configure Azure CLI section to configure your Azure CLI with an identity that has Owner permissions. If you only have Reader permissions, contact your administrator to grant Owner permissions to create the node pool for you.

Verify

  1. Verify that the node pool exists and ProvisioningState is succeeded:

    root@rok-tools:~# az aks nodepool list -o table \ > --resource-group ${AZ_RESOURCE_GROUP} \ > --cluster-name ${AKS_CLUSTER} Name OsType VmSize Count MaxPods ProvisioningState Mode --------- -------- --------------- ------- --------- ------------------- ------ agentpool Linux Standard_DS2_v2 2 110 Succeeded System workers Linux Standard_L8s_v2 3 250 Succeeded User

    Troubleshooting

    The command failed with an authorization error

    If the above command fails with an error message similar to the following:

    The client '82a19692-1c50-4f24-b3e2-95675ddc5213' with object id '82a19692-1c50-4f24-b3e2-95675ddc5213' does not have authorization to perform action 'Microsoft.ContainerService/managedClusters/agentPools/read' over scope '/subscriptions/a8eb0222-2657-4a68-ae60-f06536139029/resourceGroups/arrikto/providers/Microsoft.ContainerService/managedClusters/arrikto-cluster' or the scope is invalid. If access was recently granted, please refresh your credentials.

    it means that your identity does not have sufficient permissions to list node pools.

    To proceed, make sure you have followed the Configure Azure CLI section to configure your Azure CLI with an identity that has either Owner or Reader permissions. If you do not have the required permissions, contact your administrator to grant them to your identity.

  2. Verify that the nodes show up in the Kubernetes cluster:

    root@rok-tools:~# kubectl get nodes NAME STATUS ROLES AGE VERSION aks-agentpool-42403446-vmss000000 Ready agent 34m v1.23.8 aks-agentpool-42403446-vmss000001 Ready agent 34m v1.23.8 aks-workers-42403446-vmss000000 Ready agent 9m45s v1.23.8 aks-workers-42403446-vmss000001 Ready agent 9m45s v1.23.8 aks-workers-42403446-vmss000002 Ready agent 9m45s v1.23.8

Summary

You have successfully created a user node pool to host the Arrikto EKF workloads.

What’s Next

The next step is to verify that your nodes have the necessary local storage for Rok to use.