We have installed Istio manually on GKE cluster. We want to install/add istio stack driver adapter so that Istio metrics are available on Stack Driver monitoring Dashboard of GCP. I am not able to get the metrics despite add the CRD as mentioned in
https://github.com/GoogleCloudPlatform/istio-samples/blob/master/common/install_istio.sh
git clone https://github.com/istio/installer && cd installer
helm template istio-telemetry/mixer-telemetry --execute=templates/stackdriver.yaml -f global.yaml --set mixer.adapters.stackdriver.enabled=true --namespace istio-system | kubectl apply -f -
I feel we are missing the authentication part. Can anyone help in resolving this?
I was unable to replicate your set up and I notice that the Istio version downloaded by the script was 1.4.2 which is not supported by GKE at this moment.
Nonetheless, I’d recommend you to check this document for troubleshooting and consult this guide to get Istio installed on GKE.
You should also be aware of couple of limitations when using Istio on GKE
Related
I am currently trying to install the ops agent on some ubuntu 18.04 gcloud VM instance I am creating with a bash script, based off the gcloud guide accessible here. The script goes as following:
echo "Installing components for agent policies"
gcloud components install beta
echo "Enabling API and setting proper permissions for monitoring"
sh set-permissions.sh --project=XXX
gcloud beta compute instances ops-agents policies create ops-agents-policy-safe-rollout \
--agent-rules="type=logging,version=current-major,package-state=installed,enable-autoupgrade=true;type=metrics,version=current-major,package-state=installed,enable-autoupgrade=true" \
--os-types=short-name=ubuntu,version=18.04 \
--project=XXX \
--instances=zones/us-central1-a/instances/instance-XXX
...
gcloud compute instances create instance-XXX --boot-disk-size=100GB \
--boot-disk-type=pd-ssd --metadata=enable-oslogin=TRUE \
--image-family=ubuntu-minimal-1804-lts --image-project=ubuntu-os-cloud \
--no-service-account --no-scopes --project=XXX --zone=us-central-1 \
--network-interface "" --network-interface subnet=.../regions/us-central1/subnetworks/XXX,no-address
I am not getting any errors when executing this script, but when I go to GCP and try to look for metrics for my instance the charts for Memory Utilization and Disk Space Utilization say that the Ops Agent is required and that I should install it. Following the guide, and after verifying that the OS config agent is installed, I follow the steps in "The OS Config agent is installed but does not install the Ops agents". When I do so I get two errors. None of them is addressed in the guide:
Dec 14 15:34:34 bastion OSConfigAgent[600]: 2021-12-14T15:34:34.1627Z OSConfigAgent Error policies.go:49: Error running LookupEffectiveGuestPolicies: error getting token from metadata: metadata: GCE metadata "instance/service-accounts/default/identity?audience=osconfig.googleapis.com&format=full" not defined
Dec 14 15:34:36 bastion OSConfigAgent[600]: 2021-12-14T15:34:36.9551Z OSConfigAgent Error inventory.go:76: Error reporting inventory checksum: error getting token from metadata: metadata: GCE metadata "instance/service-accounts/default/identity?audience=osconfig.googleapis.com&format=full" not defined
How can I fix these errors to effectively install the Ops Agent? Thank you!
The log which you've provided tells little and this could have many reasons.
Make sure that eg. all of /etc/apt/sources.list.d/ are valid repositories.
Also make sure that the metadata is a) set up correctly and b) can be accessed:
enable-guest-attributes TRUE
enable-osconfig TRUE
This may well have to do with the --agent-rules argument, which you're passing.
Ever thought about a start-up script, which would simply install the agent?
Also see: Managing Agent Policies - Troubleshooting.
I have installed ISTIO using Helm . I forgot to enable grafana, kiali and jaeger. How can i enable all these above services after i have installed istio?
Here is howto: from official repository.
you need to update values.yaml.
and turn on grafana, kiali and jaeger. For example with kiali change:
kiali:
enabled: false
to
kiali:
enabled: true
than rebuild the Helm dependencies:
helm dep update install/kubernetes/helm/istio
than upgrade your istio inside kubernetes:
helm upgrade install/kubernetes/helm/istio
that's it, hope it was helpful
So did you install direct or created a yaml from the templates ?
I would run the command you used to install but with template function and then add the options for jaeger,Kiali and grafana.
Having my cluster up and running on AWS EKS, I'm finding trouble running helm init with the following error:
$ helm init --service-account tiller --upgrade
Error: error installing: deployments.extensions is forbidden: User "system:anonymous" cannot create deployments.extensions in the namespace "kube-system"
kubectl works properly (object retrieval, creation and cluster administration), authenticating and authorizing correctly by running heptio-authenticator-aws at connection time ( with an exec section in the kubectl config).
In order to prepare the cluster for helm, I created the service account and role binding as specified in the helm docs.
I've heard of people having helm running on EKS, and I'm guessing they're skipping the exec section of the kubectl config by hardcoding the token... I'd like to avoid that!
Any ideas on how to fix this? My guess is that it is related to helm not being able to execute heptio-authenticator-aws properly
I was running helm version 2.8.2 when obtaining this error, upgrading to v2.9.1 fixed this!
I use kops create kubernetes cluster in aws.
I want to validate the cluster using this command:
kops validate cluster
The stdout give me: Using cluster from kubectl context: minikube
I think the problem is the wrong context, but why I kops does not create context for me?
This is my contexts:
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* minikube minikube minikube
there is no aws kubernetes cluster context.
How do I solve this?
Works like charm
kops export kubecfg --name=clustername.com
kops has set your kubectl context to k9s.finddeepak.com
kops helps you to create, destroy, upgrade and maintain production-grade, highly available Kubernetes clusters from the command line. AWS (Amazon Web Services) is currently officially supported, with GCE in beta support , and VMware vSphere in alpha, and other platforms planned.
Your actual configuration uses minikube config file from the previous installation. And it is fine. It’s useful to have a few
clusters in one config and switch between them.
The extended configuration will be saved into a ~/.kube/config file, you may try:
kops export kubeconfig ${CLUSTER_NAME}
How should i do to make my app installed by azure/draft integrate with Istio?
Specifically, on official Istio documentation:
https://istio.io/docs/setup/kubernetes/quick-start.html
If you do not have the Istio-Initializer installed, you must use istioctl kube-inject to manuallly inject Envoy containers in your application pods before deploying them:
kubectl create -f <(istioctl kube-inject -f .yaml)
What / where should I modify the Helm chart folder that created by azure/draft to work with Istio?
The answer is not specific to Azure.
There are two ways to integrate Istio with an app:
1.Deploy the Istio initializer before deploying your app. (undeploy it, deploy the initializer and then deploy your app again). Run kubectl create -f install/kubernetes/istio-initializer.yaml. After that moment, all the deployed kubernetes pods in the future in the cluster will be integrated with Istio.
2.Integrate Istio with particular apps, not with every app. For those apps to be integrated with Istio, instead of running: kubectl create -f app.yaml as you would normally do, run kubectl create -f <(istioctl kube-inject -f .yaml).