|
| 1 | +# Running the Application Study Tool in Kubernetes |
| 2 | + |
| 3 | +This directory contains the manifest files for running the Application Study Tool in a Kubernetes cluster. |
| 4 | + |
| 5 | +To clone only this directory (./ast-on-k8s), where the Kubernetes manifest files are located, follow these steps: |
| 6 | +``` |
| 7 | +git init |
| 8 | +git clone -n --depth=1 --filter=tree:0 https://github.com/javajason/ast-config-wizard/ |
| 9 | +cd ast-config-wizard |
| 10 | +git sparse-checkout set --no-cone /ast-on-k8s |
| 11 | +git checkout |
| 12 | +cd ast-on-k8s |
| 13 | +``` |
| 14 | + |
| 15 | +You will also need to modify the following files, at minimum. |
| 16 | +- env-configmap.yaml |
| 17 | + |
| 18 | + Update the Grafana credentials to the desired credentials and the SENSOR_ID/SENSOR_SECRET_TOKEN if using the global AST dashboard. |
| 19 | +- env-device-secrets-configmap.yaml |
| 20 | + |
| 21 | + Update the BIGIP_PASSWORD_1 value to the password of your BIG-IPs. If there are multiple BIG-IP passwords, also update BIGIP_PASSWORD_2, BIGIP_PASSWORD_3, BIGIP_PASSWORD_4, etc. (TODO: This needs to be changed so these passwords are stored as Kubernetes secrets.) |
| 22 | +- otel-collector-deployment.yaml |
| 23 | + |
| 24 | + This file has two environment variables that represent BIG-IP passwords, BIGIP_PASSWORD_1 and BIGIP_PASSWORD_2. If you have more than two BIG-IP passwords, you will need to add them here. |
| 25 | +- rec-pipe-configmap.yaml |
| 26 | + |
| 27 | + This is the equivalent of the services/otel_collector/receivers.yaml file. You will need to list all BIG-IPs to be monitored, along with their settings, in this file (within the "receivers.yaml" section). The following is an example that shows how to include two BIG-IP devices. (Additional devices would be added to the end as bigip/3, bigip/4, etc.) |
| 28 | + |
| 29 | +``` |
| 30 | + receivers.yaml: | |
| 31 | + bigip/1: |
| 32 | + collection_interval: 60s |
| 33 | + data_types: |
| 34 | + f5.apm: |
| 35 | + enabled: true |
| 36 | + ... |
| 37 | + endpoint: https://10.1.1.5 |
| 38 | + password: ${env:BIGIP_PASSWORD_1} |
| 39 | + timeout: 60s |
| 40 | + tls: |
| 41 | + ca_file: '' |
| 42 | + insecure_skip_verify: true |
| 43 | + username: admin |
| 44 | + bigip/2: |
| 45 | + collection_interval: 60s |
| 46 | + data_types: |
| 47 | + f5.apm: |
| 48 | + enabled: false |
| 49 | + ... |
| 50 | + endpoint: https://10.1.1.15 |
| 51 | + password: ${env:BIGIP_PASSWORD_1} |
| 52 | + timeout: 60s |
| 53 | + tls: |
| 54 | + ca_file: '' |
| 55 | + insecure_skip_verify: true |
| 56 | + username: admin |
| 57 | + ``` |
| 58 | + |
| 59 | + You will also need to ensure reference to these devices are included in the list of BIG-IPs (i.e., "bigip/1", "bigip/2", etc.) in the receivers subsection under "pipelines.yaml" section (also in this file). The "pipelines.yaml" section of this file will look like the following: |
| 60 | +``` |
| 61 | + pipelines.yaml: | |
| 62 | + metrics/local: |
| 63 | + exporters: |
| 64 | + - otlphttp/metrics-local |
| 65 | + - debug/bigip |
| 66 | + processors: |
| 67 | + - batch/local |
| 68 | + receivers: |
| 69 | + - bigip/1 |
| 70 | + - bigip/2 |
| 71 | + - bigip/3 |
| 72 | + ... |
| 73 | +``` |
| 74 | + |
| 75 | +Other files in this directory can also be modified for additional customization. See the original repo (https://github.com/f5devcentral/application-study-tool) for specific customization guidance. |
| 76 | + |
| 77 | +Deploy the AST application on Kubernetes using the following command. This requires the _kubectl_ client to be installed ahead of time and configured to connect and authenticate with your Kubernetes cluster. |
| 78 | +``` |
| 79 | +kubectl create -f . |
| 80 | +``` |
| 81 | + |
| 82 | +To verify AST has been successfully deployed, run the following command: |
| 83 | +``` |
| 84 | +kubectl get pods |
| 85 | +``` |
| 86 | +You should see output similar to the following: |
| 87 | +``` |
| 88 | +NAME READY STATUS RESTARTS AGE |
| 89 | +grafana-54c8bbb46b-kf8fv 1/1 Running 0 2m14s |
| 90 | +otel-collector-5b87d546b6-rnkml 1/1 Running 0 2m13s |
| 91 | +prometheus-69cbc96779-vcrhz 1/1 Running 0 2m13s |
| 92 | +
|
| 93 | +(other pods may be listed here as well) |
| 94 | +``` |
| 95 | + |
| 96 | +Make sure the three AST pods, with names beginning with grafana, otel-collector, and prometheus, have a STATUS of "Running". If so, the Application Study Tool is now running in a Kubernetes environment. This collection also creates [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) services for Grafana and Prometheus for external access. NodePorts use high port numbers (30000 and up) which may be sufficient, depending on your connection to the cluster and connectivity requirements. However, most Internet-facing applications use more robust ingress solutions, such as cloud loadbalancers and F5 BIG-IPs with the [Container Ingress Services](https://clouddocs.f5.com/containers/latest/) (CIS) plugin. These solutions are also able to expose the application to the more common ports, 80 (HTTP) and 443 (HTTPS). |
| 97 | + |
| 98 | +The ./extras directory contains example manifest files for a loadbalancer config in AKS. |
| 99 | + |
| 100 | +In the meantime, you can verify that everything is working correctly by accessing Grafana though the NodePort service. You will need connectivity between your web browser and one of the worker nodes. |
| 101 | +To access this service, first get the NodePort port number using the following command: |
| 102 | +``` |
| 103 | +kubectl get svc |
| 104 | +``` |
| 105 | +You should see output similar to the following: |
| 106 | +``` |
| 107 | +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
| 108 | +graf-service NodePort 192.168.1.188 <none> 3000:31034/TCP 96m |
| 109 | +grafana ClusterIP 192.168.1.18 <none> 3000/TCP 96m |
| 110 | +kubernetes ClusterIP 192.168.1.1 <none> 443/TCP 718d |
| 111 | +openshift ExternalName <none> kubernetes.default.svc.cluster.local <none> 718d |
| 112 | +prom-service NodePort 192.168.1.101 <none> 9090:32300/TCP 96m |
| 113 | +prometheus ClusterIP 192.168.1.221 <none> 9090/TCP 96m |
| 114 | +``` |
| 115 | +In the resulting output, find the _graf-service_ service, and note the port that 3000 is bound to. In the above example, this is port 31034. This is the NodePort port. Now, open a web browser and browse to one of the IP addresses of a worker node (this is not the same as a Cluster-IP address and will not appear in the above output) at the NodePort port. For example: http://10.1.1.1:31034. |
| 116 | +If everything is working correctly and you have network connectivity to the worker node and the NodePort port, you should now see the Grafana dashboard. |
| 117 | +You can follow the same steps to access the Prometheus UI, which can be accessed over the bound port for the _prom-service_ NodePort service (32300 in the above example). |
| 118 | + |
| 119 | +Notes: |
| 120 | +As of this writing, this deployment has been tested on the following platforms: |
| 121 | +- Azure Kubernetes Services (AKS) |
| 122 | +- Google Kubernetes Engine (GKE) |
| 123 | +- F5 Distributed Cloud vK8s (with some additional configuration - docs coming soon). |
| 124 | +- RedHat OpenShift |
| 125 | +- K3s |
| 126 | + |
| 127 | +This collection was created by first leveraging [Kompose](https://kompose.io/) to generate the initial YAML files from the Application Study Tool Docker Compose file, followed by a series of changes needed to get it to work in a production-grade Kubernetes cluster. (More information on that coming soon.) |
0 commit comments