Closed sa-cloud closed 4 years ago
starting the skydive-operator demonstration:
kubectl1 create -f deploy/crds/charts.helm.k8s.io_skydives_crd.yaml
customresourcedefinition.apiextensions.k8s.io/skydives.charts.helm.k8s.io created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 create -f deploy/crds/charts.helm.k8s.io_netflowcollectors_crd.yaml
customresourcedefinition.apiextensions.k8s.io/netflowcollectors.charts.helm.k8s.io created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 create -f deploy/
deployment.apps/skydive-operator created
clusterrole.rbac.authorization.k8s.io/skydive-operator created
clusterrolebinding.rbac.authorization.k8s.io/skydive-operator created
serviceaccount/skydive-operator created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 describe pod skydive-operator-74cf9d786-qzjbm
Name: skydive-operator-74cf9d786-qzjbm
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 10.74.144.77/10.74.144.77
Start Time: Thu, 09 Jan 2020 12:03:55 +0000
Labels: name=skydive-operator
pod-template-hash=74cf9d786
Annotations: kubernetes.io/psp: ibm-privileged-psp
Status: Running
IP: 172.30.248.199
Controlled By: ReplicaSet/skydive-operator-74cf9d786
Containers:
skydive-operator:
Container ID: containerd://c3c0c29b6f90ceb585115ec8012b40479a1300b3947b4dc25fe103e5c9a2fcdd
Image: quay.io/sacloud/skydive-op:v0.0.2
Image ID: sha256:416b63c8269225f6ac02aba1afbe7432a23b36a306e735cc7e89b29bcaf4424a
Port: <none>
Host Port: <none>
State: Running
Started: Thu, 09 Jan 2020 12:03:57 +0000
Ready: True
Restart Count: 0
Environment:
WATCH_NAMESPACE:
POD_NAME: skydive-operator-74cf9d786-qzjbm (v1:metadata.name)
OPERATOR_NAME: skydive-operator
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from skydive-operator-token-rd4rh (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
skydive-operator-token-rd4rh:
Type: Secret (a volume populated by a Secret)
SecretName: skydive-operator-token-rd4rh
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 600s
node.kubernetes.io/unreachable:NoExecute for 600s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 50s default-scheduler Successfully assigned default/skydive-operator-74cf9d786-qzjbm to 10.74.144.77
Normal Pulling 49s kubelet, 10.74.144.77 pulling image "quay.io/sacloud/skydive-op:v0.0.2"
Normal Pulled 48s kubelet, 10.74.144.77 Successfully pulled image "quay.io/sacloud/skydive-op:v0.0.2"
Normal Created 48s kubelet, 10.74.144.77 Created container
Normal Started 48s kubelet, 10.74.144.77 Started container
creating the netflowcollector resource using the skydive-operator:
kubectl1 create -f deploy/crds/charts.helm.k8s.io_v1alpha1_netflowcollector_cr.yaml
netflowcollector.charts.helm.k8s.io/netflow-collector created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 describe pod netflow-collector-skydive-analyzer-6f99875b6b-shjjw
Name: netflow-collector-skydive-analyzer-6f99875b6b-shjjw
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 10.74.144.77/10.74.144.77
Start Time: Thu, 09 Jan 2020 12:13:35 +0000
Labels: app=netflow-collector-skydive
chart=skydive
heritage=Tiller
pod-template-hash=6f99875b6b
release=netflow-collector
tier=analyzer
Annotations: kubernetes.io/psp: ibm-privileged-psp
productID: 8e6bdbcba44f46939c3d1c54447386b2
productName: skydive
productVersion: 1.1.2
Status: Running
IP: 10.74.144.77
Controlled By: ReplicaSet/netflow-collector-skydive-analyzer-6f99875b6b
Containers:
skydive-analyzer:
Container ID: containerd://64bd28ee06f8c8156b7cc5356704b86d7831765f765616a90902c9a491fdc5a2
Image: cognetive/skydive:2019.10.15___12.24
Image ID: docker.io/cognetive/skydive@sha256:41dc92dbc79ee7fdeb024ea75d4e07d7d90ebf91af82ddd3dd7e4757ec4e352e
Ports: 8082/TCP, 8082/UDP, 12379/TCP
Host Ports: 8082/TCP, 8082/UDP, 12379/TCP
Args:
analyzer
--listen=0.0.0.0:8082
State: Running
Started: Thu, 09 Jan 2020 12:13:36 +0000
Ready: True
Restart Count: 0
Limits:
cpu: 2
memory: 8Gi
Requests:
cpu: 100m
memory: 512Mi
Liveness: http-get http://:8082/api/status delay=20s timeout=1s period=10s #success=1 #failure=10
Readiness: http-get http://:8082/api/status delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
SKYDIVE_UI: {"theme":"light","k8s_enabled":"true"}
SKYDIVE_ANALYZER_TOPOLOGY_PROBES: k8s
SKYDIVE_EMBEDDED: true
SKYDIVE_FLOW_PROTOCOL: websocket
SKYDIVE_ANALYZER_TOPOLOGY_FABRIC: TOR1->*[Type=host]/eth0
SKYDIVE_LOGGING_LEVEL: INFO
SKYDIVE_FLOW_UPDATE: 30
SKYDIVE_ANALYZER_STARTUP_CAPTURE_GREMLIN: G.V().has('Name', NE('lo'))
SKYDIVE_ANALYZER_STARTUP_CAPTURE_BPF: not (tcp dst port 8082)
SKYDIVE_FLOW_DEFAULT_LAYER_KEY_MODE: L3
SKYDIVE_ANALYZER_STARTUP_CAPTURE_TYPE: pcap
SKYDIVE_AGENT_CAPTURE_SYN: True
Mounts:
/etc/ssl/certs from ssl (rw)
/var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-7q4x7 (ro)
skydive-exporter:
Container ID: containerd://6a8222ecdddd46ea5ae00278d84d7267a14283d162964f1b3326a05c4a41e540
Image: docker.io/bluesecure/skydive-exporter:1
Image ID: registry.ng.bluemix.net/secadvisor_dev/skydive-flow-exporter@sha256:178bbc4359b6443137a0228333e1c69154f6b07cef09b4ed2ff42e126e4fd4e3
Port: <none>
Host Port: <none>
State: Running
Started: Thu, 09 Jan 2020 12:13:37 +0000
Ready: True
Restart Count: 0
Environment:
SKYDIVE_ANALYZERS: netflow-collector-skydive-service:8082
SKYDIVE_PIPELINE_SUBSCRIBER_URL: ws://netflow-collector-skydive-service:8082/ws/subscriber/flow
SKYDIVE_PIPELINE_STORE_BUFFERED_FILENAME_PREFIX: <set to the key 'objectPrefix' of config map 'skydive-exporter-s3-configuration'> Optional: false
SKYDIVE_PIPELINE_WRITE_S3_ENDPOINT: <set to the key 'endpoint' of config map 'skydive-exporter-s3-configuration'> Optional: false
SKYDIVE_PIPELINE_WRITE_S3_ACCESS_KEY: <set to the key 'accesskey' in secret 'skydive-exporter-secret'> Optional: false
SKYDIVE_PIPELINE_WRITE_S3_SECRET_KEY: <set to the key 'secretkey' in secret 'skydive-exporter-secret'> Optional: false
SKYDIVE_PIPELINE_CLASSIFY_CLUSTER_NET_MASKS: <set to the key 'netmasks' of config map 'skydive-configuration'> Optional: false
SKYDIVE_PIPELINE_STORE_BUFFERED_DIRNAME: <set to the key 'bucket' of config map 'skydive-exporter-s3-configuration'> Optional: false
SKYDIVE_PIPELINE_WRITE_S3_REGION: <set to the key 'region' of config map 'skydive-exporter-s3-configuration'> Optional: false
SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_FLOWS_PER_OBJECT: 60000
SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_SECONDS_PER_OBJECT: 60
SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_FLOW_ARRAY_SIZE: 100000
SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_SECONDS_PER_STREAM: 86400
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-7q4x7 (ro)
skydive-minio:
Container ID: containerd://446ef89dc6e44ee9919afa1ec52c14ea116f37ea3150b4985cffd99b4e9bf12d
Image: docker.io/bitnami/minio:2019.7.31-debian-9-r1
Image ID: docker.io/bitnami/minio@sha256:f4ab6fa8c7ce912a1b67f57b14afb41bbf97d63e7820db83c8b8b5b15b8d0f67
Port: 9000/TCP
Host Port: 9000/TCP
State: Running
Started: Thu, 09 Jan 2020 12:13:37 +0000
Ready: True
Restart Count: 0
Environment:
MINIO_ACCESS_KEY: admin
MINIO_SECRET_KEY: admin1234
MINIO_DEFAULT_BUCKETS: default
MINIO_REGION_NAME: default
Mounts:
/data from data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-7q4x7 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
ssl:
Type: HostPath (bare host directory volume)
Path: /etc/ssl/certs
HostPathType:
data:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
skydive-service-account-token-7q4x7:
Type: Secret (a volume populated by a Secret)
SecretName: skydive-service-account-token-7q4x7
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 600s
node.kubernetes.io/unreachable:NoExecute for 600s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 68s default-scheduler Successfully assigned default/netflow-collector-skydive-analyzer-6f99875b6b-shjjw to 10.74.144.77
Normal Pulled 67s kubelet, 10.74.144.77 Container image "cognetive/skydive:2019.10.15___12.24" already present on machine
Normal Created 67s kubelet, 10.74.144.77 Created container
Normal Started 67s kubelet, 10.74.144.77 Started container
Normal Pulled 67s kubelet, 10.74.144.77 Container image "docker.io/bluesecure/skydive-exporter:1" already present on machine
Normal Created 67s kubelet, 10.74.144.77 Created container
Normal Started 66s kubelet, 10.74.144.77 Started container
Normal Pulled 66s kubelet, 10.74.144.77 Container image "docker.io/bitnami/minio:2019.7.31-debian-9-r1" already present on machine
Normal Created 66s kubelet, 10.74.144.77 Created container
Normal Started 66s kubelet, 10.74.144.77 Started container
Initial operator, based on the helm version in: https://github.com/skydive-project/skydive-helm/pull/1 that includes exporter component. The operator watches 2 custom resources - 1 for regular SkyDive option, the other is for specific SkyDive as netflow collector option, pre-configured and ready, requiring only few specific user configurations.