# Management container/pod

Akamas provides a Management Container (or called Management Pod, for Kubernetes deployments) that contains the Akamas CLI executable and other popular command line tools to develop custom scripts.

On docker, it runs in the same network of the Akamas' services or, when running on Kubernetes, in the Akamas' namespace. The purposes of this management container are:

* Allow technical troubleshooting/maintenance from inside the Kubernetes cluster.
* Allow customers to launch/control Akamas without the need to install Akamas CLI on their systems. The `akamas` executable is configured to connect to the correct endpoint.
* Provide an environment for the Akamas workflow to execute custom scripts.

The following is the list of the installed tools:

* akamas-cli
* curl, ping, wget
* docker, docker-cli, docker-compose
* git
* gzip, zip
* jq, yq, vim
* kubectl, Helm
* openjdk 11
* openssh-client, openssh-server, ssh-keygen

## Docker compose installation

To run the management container on your docker installation, add the following code block to the list of `services` of your docker-compose file.

```yaml
  management-container:
    image: 485790562880.dkr.ecr.us-east-2.amazonaws.com/akamas/management-container:1.0.1
    container_name: management-container
    environment:
      - BASH_ENV=/home/akamas/.bashrc
    expose:
      - 22
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - akamas
    restart: unless-stopped
```

and launch `docker-compose up -d` as explained in [#start-akamas](https://docs.akamas.io/akamas-docs/3.2.2/docker/install-the-akamas-server/online-installation-mode#start-akamas "mention") (online) or [#installation-startakamasservices](https://docs.akamas.io/akamas-docs/3.2.2/docker/install-the-akamas-server/offline-installation-mode#installation-startakamasservices "mention") (offline).

## Kubernetes installation

To run the management pod in the Akamas' namespace, update the following variable in the Values file of the Akamas' Helm chart:

```
managementPod:
  enabled: true
```

Then you can issue the `helm upgrade --install ...` command to launch the pods, as described in [#start-the-installation](https://docs.akamas.io/akamas-docs/3.2.2/kubernetes/install-akamas/online#start-the-installation "mention") (online) or [#start-the-installation](https://docs.akamas.io/akamas-docs/3.2.2/kubernetes/install-akamas/offline#start-the-installation "mention") (offline).

## Accessing Management Pod on Kubernetes

When it's deployed to Kubernetes, you may access this management pod in two ways:

* via kubectl exec -it management-pod
* via SSH command

NOTE: both methods require `kubectl` to be installed and configured for this cluster.

#### Kubectl access

Accessing is as simple as:

```bash
kubectl exec -it deployment/management-pod -- bash
```

#### SSH access

For this type of access, you need to retrieve the password for the `akamas` user. You should issue the following command to read it from management-pod logs:

```bash
kubectl logs service/management-pod

# example response is:
# Container started
# You can ssh into this container with user 'akamas' and password 'd48020ab71be6a07'
```

A similar result could be obtained by reading the file akamas\_password in the work folder:

```bash
kubectl exec -it deployment/management-pod -- cat /work/akamas_password

# example response is:
# d48020ab71be6a07
```

At this point, you should launch this command to port-forward the management port to your local terminal (number 2300 can as well be any other number: it should be an unused port on your machine):

```
kubectl port-forward service/management-pod 2300:22 &
```

then, on another terminal, you may launch:

```
ssh akamas@localhost -p 2300
```

and answer `yes` to the question, then insert the `akamas` password to successfully SSH access the management pod (see example below):

```
my_user@my_machine:~$  ssh akamas@localhost -p 2300
The authenticity of host '[localhost]:2300 ([127.0.0.1]:2300)' can't be established.
ED25519 key fingerprint is SHA256:34GXnmRz1YjWr2TTpUpJmRoHYck0NzeAxni2L857Exs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2300' (ED25519) to the list of known hosts.
akamas@localhost's password:
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.10.178-162.673.amzn2.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

akamas@management-pod-6dd8b7f898-8xwzf:~$

```

## Work folder

If you need to store Akamas artifacts, scripts, or any other file that need persistence, you can use the `/work` directory, which persists across restarts. This is the default folder at login time. It contains the `akamas_password` file mentioned above, the Kubernetes and SSH configuration files, which will be symlinked to your home folder.

##