search

skydive-project / skydive-operator

4 stars 5 forks source link

operator v0.0.3: subnets autodiscovery & api key authentication fix #4

Closed sa-cloud closed 4 years ago

hunchback commented 4 years ago

@sa-cloud - still some minor issues to correct

sa-cloud commented 4 years ago

starting the skydive-operator demonstration:

kubectl1 create -f deploy/crds/charts.helm.k8s.io_skydives_crd.yaml
customresourcedefinition.apiextensions.k8s.io/skydives.charts.helm.k8s.io created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 create -f deploy/crds/charts.helm.k8s.io_netflowcollectors_crd.yaml
customresourcedefinition.apiextensions.k8s.io/netflowcollectors.charts.helm.k8s.io created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 create -f deploy/
deployment.apps/skydive-operator created
clusterrole.rbac.authorization.k8s.io/skydive-operator created
clusterrolebinding.rbac.authorization.k8s.io/skydive-operator created
serviceaccount/skydive-operator created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 describe pod skydive-operator-5ff8d5d749-56x5r
Name:               skydive-operator-5ff8d5d749-56x5r
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               10.74.144.77/10.74.144.77
Start Time:         Sun, 09 Feb 2020 09:40:26 +0000
Labels:             name=skydive-operator
                    pod-template-hash=5ff8d5d749
Annotations:        kubernetes.io/psp: ibm-privileged-psp
Status:             Running
IP:                 172.30.248.224
Controlled By:      ReplicaSet/skydive-operator-5ff8d5d749
Containers:
  skydive-operator:
    Container ID:   containerd://849e30c426cf8f46ebb32796c15ce898739bcca788d6045dd3673816ace98c46
    Image:          quay.io/sacloud/skydive-op:v0.0.3
    Image ID:       quay.io/sacloud/skydive-op@sha256:c75a3ced5472d53439e0e45c5e8e9ca809bca66bae29264ecbffba71b810fdae
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Sun, 09 Feb 2020 09:40:27 +0000
    Ready:          True
    Restart Count:  0
    Environment:
      WATCH_NAMESPACE:
      POD_NAME:         skydive-operator-5ff8d5d749-56x5r (v1:metadata.name)
      OPERATOR_NAME:    skydive-operator
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-operator-token-rd4rh (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  skydive-operator-token-rd4rh:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  skydive-operator-token-rd4rh
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 600s
                 node.kubernetes.io/unreachable:NoExecute for 600s
Events:
  Type    Reason     Age    From                   Message
  ----    ------     ----   ----                   -------
  Normal  Scheduled  5m41s  default-scheduler      Successfully assigned default/skydive-operator-5ff8d5d749-56x5r to 10.74.144.77
  Normal  Pulling    5m40s  kubelet, 10.74.144.77  pulling image "quay.io/sacloud/skydive-op:v0.0.3"
  Normal  Pulled     5m40s  kubelet, 10.74.144.77  Successfully pulled image "quay.io/sacloud/skydive-op:v0.0.3"
  Normal  Created    5m40s  kubelet, 10.74.144.77  Created container
  Normal  Started    5m40s  kubelet, 10.74.144.77  Started container
sa-cloud commented 4 years ago

creating the netflowcollector resource using the skydive-operator:

kubectl1 create -f deploy/crds/charts.helm.k8s.io_v1alpha1_netflowcollector_cr.yaml
netflowcollector.charts.helm.k8s.io/netflow-collector created
jlerner@iris-bluesecure:~/workspace/SA-Operators/skydive-operator/skydive-operator$ kubectl1 describe pod netflow-collector-skydive-analyzer-596748b6d9-vtfj4
Name:               netflow-collector-skydive-analyzer-596748b6d9-vtfj4
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               10.74.144.77/10.74.144.77
Start Time:         Sun, 09 Feb 2020 10:06:03 +0000
Labels:             app=netflow-collector-skydive
                    chart=skydive
                    heritage=Tiller
                    pod-template-hash=596748b6d9
                    release=netflow-collector
                    tier=analyzer
Annotations:        kubernetes.io/psp: ibm-privileged-psp
                    productID: 8e6bdbcba44f46939c3d1c54447386b2
                    productName: skydive
                    productVersion: 1.1.2
Status:             Running
IP:                 10.74.144.77
Controlled By:      ReplicaSet/netflow-collector-skydive-analyzer-596748b6d9
Containers:
  skydive-analyzer:
    Container ID:  containerd://0017d4d4420172b3dd29366c72c074c197e9e71c96c6e5ee4dabdb9fea10899a
    Image:         skydive/skydive:0.24.0
    Image ID:      docker.io/skydive/skydive@sha256:e2037c83f8cc0a45eb0947fe81e39e7e7ee46a920098c5fb6dbf0690c139c37b
    Ports:         8082/TCP, 8082/UDP, 12379/TCP
    Host Ports:    8082/TCP, 8082/UDP, 12379/TCP
    Args:
      analyzer
      --listen=0.0.0.0:8082
    State:          Running
      Started:      Sun, 09 Feb 2020 10:06:04 +0000
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     2
      memory:  8Gi
    Requests:
      cpu:      100m
      memory:   512Mi
    Liveness:   http-get http://:8082/api/status delay=20s timeout=1s period=10s #success=1 #failure=10
    Readiness:  http-get http://:8082/api/status delay=10s timeout=1s period=10s #success=1 #failure=3
    Environment:
      SKYDIVE_UI:                                {"theme":"light","k8s_enabled":"true"}
      SKYDIVE_ANALYZER_TOPOLOGY_PROBES:          k8s
      SKYDIVE_EMBEDDED:                          true
      SKYDIVE_FLOW_PROTOCOL:                     websocket
      SKYDIVE_ANALYZER_TOPOLOGY_FABRIC:          TOR1->*[Type=host]/eth0
      SKYDIVE_LOGGING_LEVEL:                     INFO
      SKYDIVE_FLOW_UPDATE:                       30
      SKYDIVE_ANALYZER_STARTUP_CAPTURE_GREMLIN:  G.V().has('Name', NE('lo'))
      SKYDIVE_ANALYZER_STARTUP_CAPTURE_BPF:      not (tcp dst port 8082)
      SKYDIVE_FLOW_DEFAULT_LAYER_KEY_MODE:       L3
      SKYDIVE_ANALYZER_STARTUP_CAPTURE_TYPE:     pcap
      SKYDIVE_AGENT_CAPTURE_SYN:                 True
    Mounts:
      /etc/ssl/certs from ssl (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-g9xl2 (ro)
  skydive-exporter:
    Container ID:   containerd://27eee544944bb426df0dab90c5b30041ca98a9a8274a1c84d970cb6979622311
    Image:          quay.io/sacloud/skydive-exporter:4
    Image ID:       quay.io/sacloud/skydive-exporter@sha256:22ab8d185a7da906b316b64e975d9e0fcb3ef620c1b9fce58196de25e0d7ea90
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Sun, 09 Feb 2020 10:06:21 +0000
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Sun, 09 Feb 2020 10:06:04 +0000
      Finished:     Sun, 09 Feb 2020 10:06:20 +0000
    Ready:          True
    Restart Count:  1
    Environment:
      SKYDIVE_ANALYZERS:                                       netflow-collector-skydive-service:8082
      SKYDIVE_PIPELINE_SUBSCRIBER_URL:                         ws://netflow-collector-skydive-service:8082/ws/subscriber/flow
      SKYDIVE_PIPELINE_STORE_BUFFERED_FILENAME_PREFIX:         <set to the key 'objectPrefix' of config map 'skydive-exporter-s3-configuration'>  Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_ENDPOINT:                      <set to the key 'endpoint' of config map 'skydive-exporter-s3-configuration'>      Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_ACCESS_KEY:                    <set to the key 'accesskey' in secret 'skydive-exporter-secret'>                   Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_SECRET_KEY:                    <set to the key 'secretkey' in secret 'skydive-exporter-secret'>                   Optional: false
      SKYDIVE_PIPELINE_STORE_BUFFERED_DIRNAME:                 <set to the key 'bucket' of config map 'skydive-exporter-s3-configuration'>        Optional: false
      SKYDIVE_PIPELINE_WRITE_S3_REGION:                        <set to the key 'region' of config map 'skydive-exporter-s3-configuration'>        Optional: false
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_FLOWS_PER_OBJECT:    60000
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_SECONDS_PER_OBJECT:  60
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_FLOW_ARRAY_SIZE:     100000
      SKYDIVE_PIPELINE_STORE_BUFFERED_MAX_SECONDS_PER_STREAM:  86400
      SKYDIVE_PIPELINE_CLASSIFY_TYPE:                          subnet_autodiscovery
      SKYDIVE_PIPELINE_CLASSIFY_CLUSTER_NET_MASKS:             10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
      SKYDIVE_PIPELINE_MANGLE_TYPE:                            none
      SKYDIVE_PIPELINE_FILTER_EXCLUDED_TAGS:                   other
      SKYDIVE_PIPELINE_ENCODE_TYPE:                            secadvisor
      SKYDIVE_PIPELINE_COMPRESS_TYPE:                          gzip
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-g9xl2 (ro)
  skydive-minio:
    Container ID:   containerd://fd153281f3e3a6597e5d18b60b0ba923aba19b535be77d2593343fc212d20423
    Image:          docker.io/bitnami/minio:2019.7.31-debian-9-r1
    Image ID:       docker.io/bitnami/minio@sha256:f4ab6fa8c7ce912a1b67f57b14afb41bbf97d63e7820db83c8b8b5b15b8d0f67
    Port:           9000/TCP
    Host Port:      9000/TCP
    State:          Running
      Started:      Sun, 09 Feb 2020 10:06:05 +0000
    Ready:          True
    Restart Count:  0
    Environment:
      MINIO_ACCESS_KEY:       admin
      MINIO_SECRET_KEY:       admin1234
      MINIO_DEFAULT_BUCKETS:  default
      MINIO_REGION_NAME:      default
    Mounts:
      /data from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from skydive-service-account-token-g9xl2 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  ssl:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/ssl/certs
    HostPathType:
  data:
    Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
  skydive-service-account-token-g9xl2:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  skydive-service-account-token-g9xl2
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 600s
                 node.kubernetes.io/unreachable:NoExecute for 600s
Events:
  Type    Reason     Age                   From                   Message
  ----    ------     ----                  ----                   -------
  Normal  Scheduled  6m3s                  default-scheduler      Successfully assigned default/netflow-collector-skydive-analyzer-596748b6d9-vtfj4 to 10.74.144.77
  Normal  Pulled     6m2s                  kubelet, 10.74.144.77  Container image "skydive/skydive:0.24.0" already present on machine
  Normal  Created    6m2s                  kubelet, 10.74.144.77  Created container
  Normal  Started    6m2s                  kubelet, 10.74.144.77  Started container
  Normal  Pulled     6m2s                  kubelet, 10.74.144.77  Container image "docker.io/bitnami/minio:2019.7.31-debian-9-r1" already present on machine
  Normal  Created    6m1s                  kubelet, 10.74.144.77  Created container
  Normal  Started    6m1s                  kubelet, 10.74.144.77  Started container
  Normal  Pulled     5m46s (x2 over 6m2s)  kubelet, 10.74.144.77  Container image "quay.io/sacloud/skydive-exporter:4" already present on machine
  Normal  Created    5m46s (x2 over 6m2s)  kubelet, 10.74.144.77  Created container
  Normal  Started    5m45s (x2 over 6m2s)  kubelet, 10.74.144.77  Started container