57 lines
1.7 KiB
Markdown
57 lines
1.7 KiB
Markdown
# oc-monitor
|
||
|
||
## Deploy in k8s (dev)
|
||
|
||
While a registry with all of the OC docker images has not been set-up we can export this image to k3s ctr
|
||
|
||
> docker save oc-monitord:latest | sudo k3s ctr images import -
|
||
|
||
Then in the pod manifest for oc-monitord use :
|
||
|
||
```
|
||
image: docker.io/library/oc-monitord
|
||
imagePullPolicy: Never
|
||
```
|
||
|
||
Not doing so will end up in the pod having a `ErrorImagePull`
|
||
|
||
## Allow argo to create services
|
||
|
||
In order for monitord to expose **open cloud services** on the node, we need to give him permission to create **k8s services**.
|
||
|
||
For that we can update the RBAC configuration for a role already created by argo :
|
||
|
||
### Manually edit the rbac authorization
|
||
|
||
> kubectl edit roles.rbac.authorization.k8s.io -n argo argo-role
|
||
|
||
In rules add a new entry :
|
||
|
||
```
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- services
|
||
verbs:
|
||
- get
|
||
- create
|
||
```
|
||
|
||
### Patch the rbac authorization with a one liner
|
||
|
||
> kubectl patch role argo-role -n argo --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": [""], "resources": ["services"], "verbs": ["get","create"]}}]'
|
||
|
||
### Check wether the modification is effective
|
||
|
||
> kubectl auth can-i create services --as=system:serviceaccount:argo:argo -n argo
|
||
|
||
This command **must return "yes"**
|
||
|
||
|
||
## TODO
|
||
|
||
- [ ] Logs the output of each pods :
|
||
- logsPods() function already exists
|
||
- need to implement the logic to create each pod's logger and start the monitoring routing
|
||
- [ ] Allow the front to known on which IP the service are reachable
|
||
- currently doing it by using `kubectl get nodes -o wide` |