List all the Sock Shop pods running:
kubectl get po -l product=sockshop --all-namespaces
Pick up a pod and a namespace (production
or dev
) and get the pods details, including the Labels and the Annotations.
kubectl describe po <pod_name> -n <namespace>
Those Labels and Annotations are centrally defined and managed in Kubernetes but we also want them available in Weaveworks for grouping and filtering purposes.
The OneAgent will use a pod service account to query for this metadata via the Kubernetes REST API.
The service accounts must be granted viewer role in order to have this access.
In the terminal, execute the following command to grant viewer role. This needs to be done for each namespace.
kubectl create rolebinding serviceaccounts-view --clusterrole=view --group=system:serviceaccounts:production --namespace=production
You can repeat the procedure for the dev
namespace.
kubectl create rolebinding serviceaccounts-view --clusterrole=view --group=system:serviceaccounts:dev --namespace=dev
Wait a few minutes 😀 seriously, let’s take a 10 minutes break here