GitOps on EKS with Weaveworks > Workshop Module 1: Introduction to GitOps on EKS > Deploy Sock Shop Application (Optional) > Setup Kubernetes labels

Setup Kubernetes labels

Explore metadata in pod definitions

List all the Sock Shop pods running:

kubectl get po -l product=sockshop --all-namespaces

Pick up a pod and a namespace (production or dev) and get the pods details, including the Labels and the Annotations.

kubectl describe po <pod_name> -n <namespace>

pod_describe

Grant viewer role to service accounts

Those Labels and Annotations are centrally defined and managed in Kubernetes but we also want them available in Weaveworks for grouping and filtering purposes.

The OneAgent will use a pod service account to query for this metadata via the Kubernetes REST API.

The service accounts must be granted viewer role in order to have this access.

In the terminal, execute the following command to grant viewer role. This needs to be done for each namespace.

kubectl create rolebinding serviceaccounts-view --clusterrole=view --group=system:serviceaccounts:production --namespace=production

You can repeat the procedure for the dev namespace.

kubectl create rolebinding serviceaccounts-view --clusterrole=view --group=system:serviceaccounts:dev --namespace=dev

Wait…

Wait a few minutes 😀 seriously, let’s take a 10 minutes break here

keep_calm