Management container/pod

Akamas provides a Management Container (or called Management Pod, for Kubernetes deployments) that contains the Akamas CLI executable and other popular command line tools to develop custom scripts.

On docker, it runs in the same network of the Akamas' services or, when running on Kubernetes, in the Akamas' namespace. The purposes of this management container are:

Allow technical troubleshooting/maintenance from inside the Kubernetes cluster.
Allow customers to launch/control Akamas without the need to install Akamas CLI on their systems. The akamas executable is configured to connect to the correct endpoint.
Provide an environment for the Akamas workflow to execute custom scripts.

The following is the list of the installed tools:

akamas-cli
curl, ping, wget
docker, docker-cli, docker-compose
git
gzip, zip
jq, yq, vim
kubectl, Helm
openjdk 11
openssh-client, openssh-server, ssh-keygen

Docker compose installation

To run the management container on your docker installation, add the following code block to the list of services of your docker-compose file.

  management-container:
    image: 485790562880.dkr.ecr.us-east-2.amazonaws.com/akamas/management-container:1.0.1
    container_name: management-container
    environment:
      - BASH_ENV=/home/akamas/.bashrc
    expose:
      - 22
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - akamas
    restart: unless-stopped

and launch docker-compose up -d as explained in (online) or (offline).

Kubernetes installation

To run the management pod in the Akamas' namespace, update the following variable in the Values file of the Akamas' Helm chart:

managementPod:
  enabled: true

Then you can issue the helm upgrade --install ... command to launch the pods, as described in (online) or (offline).

Accessing Management Pod on Kubernetes

When it's deployed to Kubernetes, you may access this management pod in two ways:

via kubectl exec -it management-pod
via SSH command

NOTE: both methods require kubectl to be installed and configured for this cluster.

Kubectl access

Accessing is as simple as:

kubectl exec -it deployment/management-pod -- bash

SSH access

For this type of access, you need to retrieve the password for the akamas user. You should issue the following command to read it from management-pod logs:

kubectl logs service/management-pod

# example response is:
# Container started
# You can ssh into this container with user 'akamas' and password 'd48020ab71be6a07'

A similar result could be obtained by reading the file akamas_password in the work folder:

kubectl exec -it deployment/management-pod -- cat /work/akamas_password

# example response is:
# d48020ab71be6a07

At this point, you should launch this command to port-forward the management port to your local terminal (number 2300 can as well be any other number: it should be an unused port on your machine):

kubectl port-forward service/management-pod 2300:22 &

then, on another terminal, you may launch:

ssh akamas@localhost -p 2300

and answer yes to the question, then insert the akamas password to successfully SSH access the management pod (see example below):

my_user@my_machine:~$  ssh akamas@localhost -p 2300
The authenticity of host '[localhost]:2300 ([127.0.0.1]:2300)' can't be established.
ED25519 key fingerprint is SHA256:34GXnmRz1YjWr2TTpUpJmRoHYck0NzeAxni2L857Exs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2300' (ED25519) to the list of known hosts.
akamas@localhost's password:
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.10.178-162.673.amzn2.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

akamas@management-pod-6dd8b7f898-8xwzf:~$

Work folder

If you need to store Akamas artifacts, scripts, or any other file that need persistence, you can use the /work directory, which persists across restarts. This is the default folder at login time. It contains the akamas_password file mentioned above, the Kubernetes and SSH configuration files, which will be symlinked to your home folder.

Last updated 1 year ago