DaemonSet mirroring
- 27 Dec 2022
- 3 Minutes to read
-
PDF
DaemonSet mirroring
- Updated on 27 Dec 2022
- 3 Minutes to read
-
PDF
Traceable provides you with an option to mirror the traffic for Kubernetes pods by running the Traceable agent in a daemonSet. As shown in the diagram below, each worker node has a Traceable Platform agent pod running. The Traceable agent pod has two containers, Traceable Platform agent container and the mirroring container.
Before You Begin
Keep the TA_REFRESH_TOKEN handy. It will be required while installing the Traceable Platform Agent. To fetch the token, log into Traceable Platform and navigate to Administration (
) > Account > Access Token.
Download
There is no download required for DaemonSet agentless traffic mirroring. The installation is completed using Helm chart or Terraform template.
Installation
The installation process consists of the the following steps:
- Create
traceableainamespace - Install Platform Agent
- Enable mirroring
- [optional] Set mirroring mode
Step 1 - Create traceableai namespace
Create a traceableai namespace. Enter the following command:
ActionScript
kubectl create namespace traceableaiStep 2 - Install Platform agent
You can install Traceable platform agent in Kubernetes environment using either Helm chart or Terraform template.
Install using Helm chart
- Create a
values.yamlfile with the following content:YAMLtoken: <ACESS_TOKEN> environment: <ENVIRONMENT_NAME> runAsDaemonSet: true daemonSetMirroringEnabled: true - Enter the following commands to install Traceable Platform Agent into your Kubernetes cluster:ActionScript
helm repo add traceableai https://helm.traceable.ai helm repo update helm install --namespace traceableai traceable-agent traceableai/traceable-agent --values values.yaml
Install using Terraform
- Create a
main.tffile with the following content:ActionScriptmodule "traceable-agent" { source = "https://downloads.traceable.ai/install/traceable-agent/terraform/kubernetes/latest/traceable-agent-tf-k8s.tar.gz" token = "" environment = "" run_as_daemon_set = true daemon_set_mirroring_enabled = true } - Initialize the module by entering the following command:ActionScript
terraform init - Review the setup that will be installed by entering the following command:ActionScriptActionScript
terraform plan - Apply the module by entering the following command:ActionScriptActionScript
Terraform creates aterraform applyterraform.tfstatefile. The file stores the current state of the infrastructure. It is recommended to keep track of this file.
Step 3 - Enable mirroring
To configure mirroring, go through the following points:
- Enable mirroring for all namespaces - Mirroring is disabled by default. To enable mirroring for all namespaces, use the following configuration:
- If you are using Helm, then in
values.yaml, set -daemonSetMirrorAllNamespaces: true - If you are using Terraform, then in
main.tf, set -daemon_set_mirror_all_namespaces=true
- If you are using Helm, then in
- Enable mirroring for a namespace - set the namespace label
traceableai-mirrortoenabled. - Disable mirroring for a namespace - set the namespace label
traceableai-mirrortodisabled. - Disable mirroring for a pod - set the pod annotation
mirror.traceable.ai/enabledtofalse.
Step 4 [optional] - Set mirroring mode
The default mirroring mode for a pod is ingress. To capture the egress traffic instead:
- Pod - For a specific pod, set the annotation
mirror.traceable.ai/modetoegressActionScriptActionScriptkubectl annotate pod <POD> mirror.traceable.ai/mode=egress - Namespace- For a
<NAMESPACE>, set the annotationmirror.traceable.ai/defaultModetoegressActionScriptkubectl annotate namespace <NAMESPACE> mirror.traceable.ai/defaultMode=egress
Verification
- To verify a successful installation of traceable-agent, enter the following command:
ActionScript
kubectl -ntraceableai get podsFor example,
ActionScript
NAME READY STATUS RESTARTS AGE
traceable-agent-dwclc 2/2 Running 0 26m- You can also check whether traces are showing in the Traceable Platform by navigating to Traces.
Troubleshooting
If traces are not showing in Traceable Platform, then:
- Enter the following command to fetch the Traceable agent pod name:ActionScriptActionScript
kubectl -ntraceableai get pods - Enter the following command to get the logs of pods being monitored:ActionScriptActionScript
For example,kubectl -ntraceableai logs -f <TRACEABLE_AGENT_POD> -c traceable-agent | grep "Added pod to maps"ActionScriptActionScript{"level":"info","time":"2022-01-12T08:46:42.218Z","message":"Added pod to maps. {hello-world-deployment-1.default true 0 {default true 0}}","service":"ext_cap","name":"hello-world-deployment-1-58749467bf-d24dr","ip":"10.1.1.221"} {"level":"info","time":"2022-01-12T08:46:42.221Z","message":"Added pod to maps. {product-deployment.default true 0 {default true 0}}","service":"ext_cap","name":"product-deployment-7bd74db6dd-kkbl5","ip":"10.1.1.218"} {"level":"info","time":"2022-01-12T08:46:42.224Z","message":"Added pod to maps. {product-deployment.default true 0 {default true 0}}","service":"ext_cap","name":"product-deployment-7bd74db6dd-wtwrt","ip":"10.1.1.217"} {"level":"info","time":"2022-01-12T08:46:42.234Z","message":"Added pod to maps. {traceable-agent.traceableai true 0 {traceableai true 0}}","service":"ext_cap","name":"traceable-agent-hm7jp","ip":"192.168.65.4"}
Upgrade
You can upgrade the Traceable agent in Kubernetes using either Helm chart or Terraform.
Upgrade using Helm
Enter the following commands:
- Update helm charts by entering the following command:ActionScriptActionScript
helm repo update traceableai - Enter the following command to upgrade Traceable agent to the latest version:ActionScriptActionScript
helm upgrade traceable-agent --namespace traceableai traceableai/traceable-agent
Upgrade using Terraform
To upgrade using terraform, you would need to uninstall and reinstall the Platform agent.
Uninstall
You can uninstall the agent using either Helm chart or Terraform.
Uninstall using Helm
Enter the following command to uninstall the Platform agent using Helm:
ActionScript
helm uninstall traceable-agent --namespace traceableaiUninstall using Terraform
Enter the following command from the directory containing main.tf template file:
ActionScript
terraform destroyWas this article helpful?
