core/oc-monitord
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity
d1dab992cf
oc-monitord/README.md

129 lines
3.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# oc-monitor
## Deploy in k8s (dev)
While a registry with all of the OC docker images has not been set-up we can export this image to k3s ctr
> docker save oc-monitord:latest | sudo k3s ctr images import -
Then in the pod manifest for oc-monitord use :
```
image: docker.io/library/oc-monitord
imagePullPolicy: Never
```
Not doing so will end up in the pod having a `ErrorImagePull`
## Allow argo to create services
In order for monitord to expose **open cloud services** on the node, we need to give him permission to create **k8s services**.
For that we can update the RBAC configuration for a role already created by argo :
### Manually edit the rbac authorization
> kubectl edit roles.rbac.authorization.k8s.io -n argo argo-role
In rules add a new entry :
```
- apiGroups:
- ""
resources:
- services
verbs:
- get
- create
```
### Patch the rbac authorization with a one liner
> kubectl patch role argo-role -n argo --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": [""], "resources": ["services"], "verbs": ["get","create"]}}]'
### Check wether the modification is effective
> kubectl auth can-i create services --as=system:serviceaccount:argo:argo -n argo
This command **must return "yes"**
## Allow services to be joined with reverse proxy
Since the development has been realised in a K3S environment, we will use the lightweight solution provided by **traefik**.
We need to install **metallb** to expose our cluster to the exterior and allow packets to reach traefik.
### Deploy traefik and metallb
- Make sure that helm is installed, else visit : https://helm.sh/docs/intro/install/
- Add the repositories for traefik and metallb
> helm repo add metallb https://metallb.github.io/metallb
> helm repo add traefik https://helm.traefik.io/traefik
>helm repo update
- Create the namespaces for each
> kubectl create ns traefik-ingress
> kubectl create ns metallb-system
- Configure the deployment
```
cat > traefik-values.yaml <<EOF
globalArguments:
deployment:
kind: DaemonSet
providers:
kubernetesCRD:
enabled: true
service:
type: LoadBalancer
ingressRoute:
dashboard:
enabled: false
EOF
```
- Launch the installs
> helm upgrade --install metallb metallb/metallb
> helm upgrade --install metallb metallb/metallb
### Configure metallb
```
cat << 'EOF' | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-pool
namespace: metallb-system
spec:
addresses:
- 192.168.0.200-192.168.0.250
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system
spec:
ipAddressPools:
- default-pool
EOF
```
## TODO
- [ ] Logs the output of each pods :
- logsPods() function already exists
- need to implement the logic to create each pod's logger and start the monitoring routing
- [ ] Allow the front to known on which IP the service are reachable
- currently doing it by using `kubectl get nodes -o wide`
### Adding ingress handling to support reverse proxing
- Test wether ingress-nginx is running or not
- Do something if not found : stop running and send error log OR start installation
-
Reference in New Issue View Git Blame Copy Permalink