Setup Kubernetes labels

Explore metadata in pod definitions

List all the Sock Shop pods running:

kubectl get po -l product=sockshop --all-namespaces 

Pick up a pod and a namespace (production or dev) and get the pods details, including the Labels and the Annotations.

kubectl describe po <pod_name> -n <namespace>


Grant viewer role to service accounts

Those Labels and Annotations are centrally defined and managed in Kubernetes but we also want them available in Weaveworks for grouping and filtering purposes.

The OneAgent will use a pod service account to query for this metadata via the Kubernetes REST API.

The service accounts must be granted viewer role in order to have this access.

In the terminal, execute the following command to grant viewer role. This needs to be done for each namespace.

kubectl create rolebinding serviceaccounts-view --clusterrole=view --group=system:serviceaccounts:production --namespace=production

You can repeat the procedure for the dev namespace.

kubectl create rolebinding serviceaccounts-view --clusterrole=view --group=system:serviceaccounts:dev --namespace=dev


Wait a few minutes 😀 seriously, let’s take a 10 minutes break here