search

skydive-project / skydive-operator

4 stars 5 forks source link

initial commit #1

Closed sa-cloud closed 4 years ago

sa-cloud commented 4 years ago

Initial operator, based on the helm version in: https://github.com/skydive-project/skydive-helm/pull/1 that includes exporter component. The operator watches 2 custom resources - 1 for regular SkyDive option, the other is for specific SkyDive as netflow collector option, pre-configured and ready, requiring only few specific user configurations.

sa-cloud commented 4 years ago

starting the skydive-operator demonstration:

kubectl1 create -f deploy/crds/charts.helm.k8s.io_skydives_crd.yaml
customresourcedefinition.apiextensions.k8s.io/skydives.charts.helm.k8s.io created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 create -f deploy/crds/charts.helm.k8s.io_netflowcollectors_crd.yaml
customresourcedefinition.apiextensions.k8s.io/netflowcollectors.charts.helm.k8s.io created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 create -f deploy/
deployment.apps/skydive-operator created
clusterrole.rbac.authorization.k8s.io/skydive-operator created
clusterrolebinding.rbac.authorization.k8s.io/skydive-operator created
serviceaccount/skydive-operator created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 describe pod skydive-operator-74cf9d786-qzjbm
Name:               skydive-operator-74cf9d786-qzjbm
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               10.74.144.77/10.74.144.77
Start Time:         Thu, 09 Jan 2020 12:03:55 +0000
Labels:             name=skydive-operator
                    pod-template-hash=74cf9d786
Annotations:        kubernetes.io/psp: ibm-privileged-psp
Status:             Running
IP:                 172.30.248.199
Controlled By:      ReplicaSet/skydive-operator-74cf9d786
Containers:
  skydive-operator:
    Container ID:   containerd://c3c0c29b6f90ceb585115ec8012b40479a1300b3947b4dc25fe103e5c9a2fcdd
    Image:          quay.io/sacloud/skydive-op:v0.0.2
    Image ID:       sha256:416b63c8269225f6ac02aba1afbe7432a23b36a306e735cc7e89b29bcaf4424a
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Thu, 09 Jan 2020 12:03:57 +0000
    Ready:          True
    Restart Count:  0
    Environment:
      WATCH_NAMESPACE:
      POD_NAME:         skydive-operator-74cf9d786-qzjbm (v1:metadata.name)
      OPERATOR_NAME:    skydive-operator
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-operator-token-rd4rh (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  skydive-operator-token-rd4rh:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  skydive-operator-token-rd4rh
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 600s
                 node.kubernetes.io/unreachable:NoExecute for 600s
Events:
  Type    Reason     Age   From                   Message
  ----    ------     ----  ----                   -------
  Normal  Scheduled  50s   default-scheduler      Successfully assigned default/skydive-operator-74cf9d786-qzjbm to 10.74.144.77
  Normal  Pulling    49s   kubelet, 10.74.144.77  pulling image "quay.io/sacloud/skydive-op:v0.0.2"
  Normal  Pulled     48s   kubelet, 10.74.144.77  Successfully pulled image "quay.io/sacloud/skydive-op:v0.0.2"
  Normal  Created    48s   kubelet, 10.74.144.77  Created container
  Normal  Started    48s   kubelet, 10.74.144.77  Started container
sa-cloud commented 4 years ago

creating the netflowcollector resource using the skydive-operator:

kubectl1 create -f deploy/crds/charts.helm.k8s.io_v1alpha1_netflowcollector_cr.yaml
netflowcollector.charts.helm.k8s.io/netflow-collector created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 describe pod netflow-collector-skydive-analyzer-6f99875b6b-shjjw
Name:               netflow-collector-skydive-analyzer-6f99875b6b-shjjw
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               10.74.144.77/10.74.144.77
Start Time:         Thu, 09 Jan 2020 12:13:35 +0000
Labels:             app=netflow-collector-skydive
                    chart=skydive
                    heritage=Tiller
                    pod-template-hash=6f99875b6b
                    release=netflow-collector
                    tier=analyzer
Annotations:        kubernetes.io/psp: ibm-privileged-psp
                    productID: 8e6bdbcba44f46939c3d1c54447386b2
                    productName: skydive
                    productVersion: 1.1.2
Status:             Running
IP:                 10.74.144.77
Controlled By:      ReplicaSet/netflow-collector-skydive-analyzer-6f99875b6b
Containers:
  skydive-analyzer:
    Container ID:  containerd://64bd28ee06f8c8156b7cc5356704b86d7831765f765616a90902c9a491fdc5a2
    Image:         cognetive/skydive:2019.10.15___12.24
    Image ID:      docker.io/cognetive/skydive@sha256:41dc92dbc79ee7fdeb024ea75d4e07d7d90ebf91af82ddd3dd7e4757ec4e352e
    Ports:         8082/TCP, 8082/UDP, 12379/TCP
    Host Ports:    8082/TCP, 8082/UDP, 12379/TCP
    Args:
      analyzer
      --listen=0.0.0.0:8082
    State:          Running
      Started:      Thu, 09 Jan 2020 12:13:36 +0000
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  8Gi
    Requests:
      cpu:      100m
      memory:   512Mi
    Liveness:   http-get http://:8082/api/status delay=20s timeout=1s period=10s #success=1 #failure=10
    Readiness:  http-get http://:8082/api/status delay=10s timeout=1s period=10s #success=1 #failure=3
    Environment:
      SKYDIVE_UI:                                {"theme":"light","k8s_enabled":"true"}
      SKYDIVE_ANALYZER_TOPOLOGY_PROBES:          k8s
      SKYDIVE_EMBEDDED:                          true
      SKYDIVE_FLOW_PROTOCOL:                     websocket
      SKYDIVE_ANALYZER_TOPOLOGY_FABRIC:          TOR1->*[Type=host]/eth0
      SKYDIVE_LOGGING_LEVEL:                     INFO
      SKYDIVE_FLOW_UPDATE:                       30
      SKYDIVE_ANALYZER_STARTUP_CAPTURE_GREMLIN:  G.V().has('Name', NE('lo'))
      SKYDIVE_ANALYZER_STARTUP_CAPTURE_BPF:      not (tcp dst port 8082)
      SKYDIVE_FLOW_DEFAULT_LAYER_KEY_MODE:       L3
      SKYDIVE_ANALYZER_STARTUP_CAPTURE_TYPE:     pcap
      SKYDIVE_AGENT_CAPTURE_SYN:                 True
    Mounts:
      /etc/ssl/certs from ssl (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-7q4x7 (ro)
  skydive-exporter:
    Container ID:   containerd://6a8222ecdddd46ea5ae00278d84d7267a14283d162964f1b3326a05c4a41e540
    Image:          docker.io/bluesecure/skydive-exporter:1
    Image ID:       registry.ng.bluemix.net/secadvisor_dev/skydive-flow-exporter@sha256:178bbc4359b6443137a0228333e1c69154f6b07cef09b4ed2ff42e126e4fd4e3
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Thu, 09 Jan 2020 12:13:37 +0000
    Ready:          True
    Restart Count:  0
    Environment:
      SKYDIVE_ANALYZERS:                                       netflow-collector-skydive-service:8082
      SKYDIVE_PIPELINE_SUBSCRIBER_URL:                         ws://netflow-collector-skydive-service:8082/ws/subscriber/flow
      SKYDIVE_PIPELINE_STORE_BUFFERED_FILENAME_PREFIX:         <set to the key 'objectPrefix' of config map 'skydive-exporter-s3-configuration'>  Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_ENDPOINT:                      <set to the key 'endpoint' of config map 'skydive-exporter-s3-configuration'>      Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_ACCESS_KEY:                    <set to the key 'accesskey' in secret 'skydive-exporter-secret'>                   Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_SECRET_KEY:                    <set to the key 'secretkey' in secret 'skydive-exporter-secret'>                   Optional: false
      SKYDIVE_PIPELINE_CLASSIFY_CLUSTER_NET_MASKS:             <set to the key 'netmasks' of config map 'skydive-configuration'>                  Optional: false
      SKYDIVE_PIPELINE_STORE_BUFFERED_DIRNAME:                 <set to the key 'bucket' of config map 'skydive-exporter-s3-configuration'>        Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_REGION:                        <set to the key 'region' of config map 'skydive-exporter-s3-configuration'>        Optional: false
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_FLOWS_PER_OBJECT:    60000
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_SECONDS_PER_OBJECT:  60
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_FLOW_ARRAY_SIZE:     100000
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_SECONDS_PER_STREAM:  86400
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-7q4x7 (ro)
  skydive-minio:
    Container ID:   containerd://446ef89dc6e44ee9919afa1ec52c14ea116f37ea3150b4985cffd99b4e9bf12d
    Image:          docker.io/bitnami/minio:2019.7.31-debian-9-r1
    Image ID:       docker.io/bitnami/minio@sha256:f4ab6fa8c7ce912a1b67f57b14afb41bbf97d63e7820db83c8b8b5b15b8d0f67
    Port:           9000/TCP
    Host Port:      9000/TCP
    State:          Running
      Started:      Thu, 09 Jan 2020 12:13:37 +0000
    Ready:          True
    Restart Count:  0
    Environment:
      MINIO_ACCESS_KEY:       admin
      MINIO_SECRET_KEY:       admin1234
      MINIO_DEFAULT_BUCKETS:  default
      MINIO_REGION_NAME:      default
    Mounts:
      /data from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-7q4x7 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  ssl:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/ssl/certs
    HostPathType:
  data:
    Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
  skydive-service-account-token-7q4x7:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  skydive-service-account-token-7q4x7
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 600s
                 node.kubernetes.io/unreachable:NoExecute for 600s
Events:
  Type    Reason     Age   From                   Message
  ----    ------     ----  ----                   -------
  Normal  Scheduled  68s   default-scheduler      Successfully assigned default/netflow-collector-skydive-analyzer-6f99875b6b-shjjw to 10.74.144.77
  Normal  Pulled     67s   kubelet, 10.74.144.77  Container image "cognetive/skydive:2019.10.15___12.24" already present on machine
  Normal  Created    67s   kubelet, 10.74.144.77  Created container
  Normal  Started    67s   kubelet, 10.74.144.77  Started container
  Normal  Pulled     67s   kubelet, 10.74.144.77  Container image "docker.io/bluesecure/skydive-exporter:1" already present on machine
  Normal  Created    67s   kubelet, 10.74.144.77  Created container
  Normal  Started    66s   kubelet, 10.74.144.77  Started container
  Normal  Pulled     66s   kubelet, 10.74.144.77  Container image "docker.io/bitnami/minio:2019.7.31-debian-9-r1" already present on machine
  Normal  Created    66s   kubelet, 10.74.144.77  Created container
  Normal  Started    66s   kubelet, 10.74.144.77  Started container