반응형
Kialif란?
Docs: https://kiali.io/
Istio의 컴포넌트 간 트래픽과 Service Mesh를 시각화 및 모니터링 할 수 있는 툴
배포
kiali operator pod생성 , operator의 ClusterRole, ServiceAccount, ClusterRoleBinding 생성
또한 Kiali customresource 생성 → Kiali 의 횐경설정 리소스 & 실제 동작하는 pod
구버전 배포 yaml
더보기
# Kiali Operator 'v1.18' All-in-One YAML
# This operator will be granted permission to create cluster roles. Use with caution!
# Auto-generated by merge-operator-yaml.sh on Mon May 11 02:57:43 EDT 2020
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: monitoringdashboards.monitoring.kiali.io
labels:
app: kiali
version: v1.18
spec:
group: monitoring.kiali.io
names:
kind: MonitoringDashboard
listKind: MonitoringDashboardList
plural: monitoringdashboards
singular: monitoringdashboard
scope: Namespaced
version: v1alpha1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kialis.kiali.io
labels:
app: kiali-operator
version: v1.18
spec:
group: kiali.io
names:
kind: Kiali
listKind: KialiList
plural: kialis
singular: kiali
scope: Namespaced
subresources:
status: {}
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
# NOTE: Changes to this file must be reflected in the OperatorHub.io CSV file
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kiali-operator
labels:
app: kiali-operator
version: v1.18
rules:
- apiGroups: [""]
resources:
- configmaps
- endpoints
- events
- persistentvolumeclaims
- pods
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: [""]
resources:
- namespaces
verbs:
- get
- list
- patch
- apiGroups: [""]
resources:
- secrets
verbs:
- create
- list
- watch
- apiGroups: [""]
resourceNames:
- kiali-signing-key
resources:
- secrets
verbs:
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["apps"]
resources:
- deployments
- replicasets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["monitoring.coreos.com"]
resources:
- servicemonitors
verbs:
- create
- get
- apiGroups: ["apps"]
resourceNames:
- kiali-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups: ["kiali.io"]
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["rbac.authorization.k8s.io"]
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["apiextensions.k8s.io"]
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups: ["extensions"]
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["route.openshift.io"]
resources:
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["oauth.openshift.io"]
resources:
- oauthclients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["config.openshift.io"]
resources:
- clusteroperators
verbs:
- list
- watch
- apiGroups: ["config.openshift.io"]
resourceNames:
- kube-apiserver
resources:
- clusteroperators
verbs:
- get
- apiGroups: ["console.openshift.io"]
resources:
- consolelinks
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: ["monitoring.kiali.io"]
resources:
- monitoringdashboards
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
# The permissions below are for Kiali itself; operator needs these so it can escalate when creating Kiali's roles
- apiGroups: [""]
resources:
- configmaps
- endpoints
- namespaces
- nodes
- pods
- pods/log
- replicationcontrollers
- services
verbs:
- get
- list
- watch
- apiGroups: ["extensions", "apps"]
resources:
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups: ["batch"]
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- config.istio.io
- networking.istio.io
- authentication.istio.io
- rbac.istio.io
- security.istio.io
resources: ["*"]
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups: ["authentication.maistra.io"]
resources:
- servicemeshpolicies
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups: ["rbac.maistra.io"]
resources:
- servicemeshrbacconfigs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups: ["apps.openshift.io"]
resources:
- deploymentconfigs
verbs:
- get
- list
- watch
- apiGroups: ["project.openshift.io"]
resources:
- projects
verbs:
- get
- apiGroups: ["route.openshift.io"]
resources:
- routes
verbs:
- get
- apiGroups: ["monitoring.kiali.io"]
resources:
- monitoringdashboards
verbs:
- get
- list
- apiGroups: ["iter8.tools"]
resources:
- experiments
verbs:
- create
- delete
- get
- list
- patch
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kiali-operator
namespace: kiali-operator
labels:
app: kiali-operator
version: v1.18
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kiali-operator
labels:
app: kiali-operator
version: v1.18
subjects:
- kind: ServiceAccount
name: kiali-operator
namespace: kiali-operator
roleRef:
kind: ClusterRole
name: kiali-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kiali-operator
namespace: kiali-operator
labels:
app: kiali-operator
version: v1.18
spec:
replicas: 1
selector:
matchLabels:
app: kiali-operator
template:
metadata:
name: kiali-operator
labels:
app: kiali-operator
version: v1.18
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8383"
spec:
serviceAccountName: kiali-operator
containers:
- name: operator
image: quay.io/kiali/kiali-operator:v1.18
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
- name: WATCH_NAMESPACE
value: istio-system
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OPERATOR_NAME
value: "kiali-operator"
- name: ANSIBLE_DEBUG_LOGS
value: "True"
volumes:
- name: runner
emptyDir: {}
---
apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
name: kiali
namespace: istio-system
spec:
deployment:
accessible_namespaces: ["**"]
image_version: "operator_version"
auth:
strategy: anonymous
identity:
cert_file: ""
externalIP 설정하거나
virtual service 배포
kiali_virtualservice.yaml
더보기
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kiali
namespace: istio-system
spec:
gateways:
- kubeflow/kubeflow-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /kiali/
rewrite:
uri: /kiali/
route:
- destination:
host: kiali.istio-system.svc.cluster.local
port:
number: 20001
배포 후 configmaps>kiali 에서 kubeflow등의 네임스페이스를 제외시키기때문에
namespaces exclude: kube.* 삭제
kiali config
custom resource Kiali config option : https://github.com/kiali/kiali-operator/blob/master/deploy/kiali/kiali_cr.yaml
kiali/kiali-operator
Kiali operator that is used to install, manage, and update Kiali deployments. - kiali/kiali-operator
github.com
customresource Kiali 배포시 아래 config 설정
deployment:
accessible_namespaces: ["**"]
auth:
strategy: anonymous
version: "operator_version"
identity:
cert_file: ""- auth : 키알리 계정인증설정 - 로그인인증없이 접근: anonymous
- version: 유효한 Kiali 이미지버전
- identity - cert_file: 해당 설정을 하지않으면 default가 https통신을 하므로 접속이 안된다 반드시 "" empty string을 값으로 줘야 http통신을 한다.
주의
Kiali는 이스티오 버전에 맞추어 사용할것을 권장한다.
하지만 Kiali버전과 realesed된 이미지가 활발하게 삭제 및 수정 등 업데이트가 되어 제대로 구동되지않는 경우가 발생한다.
따라서 image가 없어져 구동이 안된다면 아래 페이지에서 공식 released된 이미지와 태그를 찾아서 수정해 재배포하면 된다.
https://quay.io/repository/kiali/kiali?tab=tags
반응형
댓글