Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,13 @@ install -m 0600 /tmp/aks-flex-node-config.json /etc/aks-flex-node/config.json
cat /etc/aks-flex-node/config.json
```

After reviewing the config, bootstrap the node. This installs the long-running agent service and starts the local Kubernetes worker environment. Use a standard `022` umask so bootstrap-created nspawn rootfs paths remain traversable by non-root service users such as `dbus`; the config file remains `0600`.
After reviewing the config, run preflight checks. Preflight is non-mutating and validates host prerequisites, API server reachability, rootfs image reachability, and bootstrap artifact sources before bootstrap changes the host.

```bash
aks-flex-node preflight --config /etc/aks-flex-node/config.json
```

Then bootstrap the node. This installs the long-running agent service and starts the local Kubernetes worker environment. Use a standard `022` umask so bootstrap-created nspawn rootfs paths remain traversable by non-root service users such as `dbus`; the config file remains `0600`.

```bash
umask 022
Expand Down
2 changes: 2 additions & 0 deletions cmd/aks-flex-node/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/spf13/cobra"

"github.com/Azure/AKSFlexNode/pkg/cmd/daemon"
"github.com/Azure/AKSFlexNode/pkg/cmd/preflight"
"github.com/Azure/AKSFlexNode/pkg/cmd/reset"
"github.com/Azure/AKSFlexNode/pkg/cmd/start"
"github.com/Azure/AKSFlexNode/pkg/cmd/token"
Expand All @@ -25,6 +26,7 @@ func main() {
}

rootCmd.AddCommand(start.NewCommand())
rootCmd.AddCommand(preflight.NewCommand())
rootCmd.AddCommand(daemon.NewCommand())
rootCmd.AddCommand(reset.NewCommand())
rootCmd.AddCommand(version.NewCommand())
Expand Down
6 changes: 4 additions & 2 deletions docs/labs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Before starting a lab, prepare:
- [Private AKS Cluster With Unmanaged Cilium And Cross-Region Flex Node](aks-private-cluster-cilium.md) - Private AKS with `--network-plugin none`, unmanaged Cilium, and VXLAN pod networking.
- [Private AKS Cluster With Unbounded-Net And Cross-Region Flex Node](aks-private-cluster-unbounded-net.md) - Private AKS with `--network-plugin none`, `unbounded-net`, and private-L3 site peering.
- [Public AKS Cluster With Unbounded-Net And Cross-Region VNet-Peered Flex Node](aks-public-cluster-unbounded-net-vnet-peering.md) - Public AKS with `--network-plugin none`, `unbounded-net`, and private-L3 site peering over cross-region VNet peering.
- [AKS Flex Node With Offline Bootstrap Artifacts](aks-public-cluster-offline-bootstrap.md) - Flex VM bootstrap from local host packages, a mirrored rootfs image, and filesystem or local-registry offline artifacts. The walkthrough uses a public AKS cluster, but the same flow applies to private clusters with API reachability.
- [Public AKS Cluster With Unbounded-Net WireGuard Flex Node](aks-public-cluster-unbounded-net-wireguard.md) - Public AKS with `--network-plugin none`, `unbounded-net`, and WireGuard gateway connectivity without VNet peering.

## Topic Matrix
Expand All @@ -31,7 +32,8 @@ Before starting a lab, prepare:
| Private AKS API access | [Private AKS with unmanaged Cilium](aks-private-cluster-cilium.md), [Private AKS with unbounded-net](aks-private-cluster-unbounded-net.md) |
| Cross-region VNet peering | [Private AKS with unmanaged Cilium](aks-private-cluster-cilium.md), [Private AKS with unbounded-net](aks-private-cluster-unbounded-net.md), [Public AKS with unbounded-net VNet peering](aks-public-cluster-unbounded-net-vnet-peering.md) |
| `unbounded-net` CNI | [Private AKS with unbounded-net](aks-private-cluster-unbounded-net.md), [Public AKS with unbounded-net VNet peering](aks-public-cluster-unbounded-net-vnet-peering.md), [Public AKS with unbounded-net WireGuard](aks-public-cluster-unbounded-net-wireguard.md) |
| Public AKS API access | [Public AKS with unbounded-net VNet peering](aks-public-cluster-unbounded-net-vnet-peering.md), [Public AKS with unbounded-net WireGuard](aks-public-cluster-unbounded-net-wireguard.md) |
| Public AKS API access | [Public AKS with unbounded-net VNet peering](aks-public-cluster-unbounded-net-vnet-peering.md), [Offline bootstrap artifacts walkthrough](aks-public-cluster-offline-bootstrap.md), [Public AKS with unbounded-net WireGuard](aks-public-cluster-unbounded-net-wireguard.md) |
| WireGuard gateway connectivity | [Public AKS with unbounded-net WireGuard](aks-public-cluster-unbounded-net-wireguard.md) |
| No VNet peering | [Public AKS with unbounded-net WireGuard](aks-public-cluster-unbounded-net-wireguard.md) |
| Private-L3 `SitePeering` | [Private AKS with unbounded-net](aks-private-cluster-unbounded-net.md), [Public AKS with unbounded-net VNet peering](aks-public-cluster-unbounded-net-vnet-peering.md) |
| Offline bootstrap artifacts | [AKS Flex Node with offline bootstrap artifacts](aks-public-cluster-offline-bootstrap.md) |
| Private-L3 `SitePeering` | [Private AKS with unbounded-net](aks-private-cluster-unbounded-net.md), [Public AKS with unbounded-net VNet peering](aks-public-cluster-unbounded-net-vnet-peering.md), [Offline bootstrap artifacts walkthrough](aks-public-cluster-offline-bootstrap.md) |
Loading
Loading