I am learning how to translate kubectl deployments to terraform. I am currently facing issues getting services to work as intended with terraform provider kubectl once I specify a namespace.
I have confirmed the terraform script works when doing the equivalent kubectl apply to the default namespace.
What is the proper methodology in terraform using the kubectl provider to apply -n namespace?
The two different approaches I have tried are:
resource "kubectl_manifest" "example" {
override_namespace = kubernetes_namespace_v1.namespace.metadata[0].name
yaml_body = file("${path.cwd},deploy.yaml")
}
And also:
resource "kubectl_manifest" "example" {
yaml_body = file("${path.cwd},deploy.yaml")
}
with adding the namespace to the deploy.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: example
namespace: namespace
...
---
apiVersion: v1
kind: Service
metadata:
name: example
namespace: namespace
Then when I try to confirm that the service is functioning as intended via:
kubectl logs example-6878fd468-9vgkm
Error from server (NotFound): pods "example-6878fd468-9vgkm" not found
Your terraform description is fine. You need to specify the -n switch to your kubectl logs command as well, to detect the pod in the right namespace.
kubectl logs example-6878fd468-9vgkm -nexample
Related
I am trying to install a calico GlobalNetworkPolicy that will be applicable to all the pods in the cluster regardless of namespace , and to apply GlobalNetworkPolicy as per docs here -
Calico network policies and Calico global network policies are applied
using calicoctl
i.e calicoctl command (assuming calicoctl binary installed in the host) ->
calicoctl apply -f global-policy.yaml
OR if we have a calicoctl pod running ->
kubectl exec -ti -n kube-system calicoctl -- /calicoctl apply -f global-deny.yaml -o wide
global-policy.yaml ->
apiVersion: projectcalico.org/v3
kind: GlobalNetworkPolicy
metadata:
name: default-deny
spec:
selector: projectcalico.org/namespace == "kube-system"
types:
- Ingress
- Egress
Question -> How do I install such a policy via helm chart ? As helm implicitly calls via kubectl and that causes error on install.
Error using kubectl or helm =>
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: resource mapping not found for name: "default-deny" namespace: "" from "": no matches for kind "GlobalNetworkPolicy" in version "projectcalico.org/v3"
As per the Doc given by you Calico global network policy is a non-namespaced resource and can be applied to any kind of endpoint (pods, VMs, host interfaces) independent of namespace.
But you are using namespace in the Yaml, that might be the reason for the error. Kindly remove the name space and try again.
Because global network policies use kind: GlobalNetworkPolicy, they are grouped separately from kind: NetworkPolicy. For example, global network policies will not be returned from calicoctl get networkpolicy, and are rather returned from calicoctl get globalnetworkpolicy.
Below is the reference yaml from Doc :
apiVersion: projectcalico.org/v3
kind: GlobalNetworkPolicy
metadata:
name: allow-tcp-port-6379
Refer For more information on Global Network Policy, Calico Install Via Helm and Calico command line tools.
apiVersion: projectcalico.org/v3
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
By using kubectl get networkpolicy, I can see only the policies created by networking.k8s.io/v1 and not those created by projectcalico.org/v3. Any suggestion how to see the latter ones?
kubectl get XXX does not display all the resources in the cluster, in your case you cannot see CRD
You can find your object with kubectl get crds
Then kubectl get <crd name> -A
In your case it would be:
# Get all the CRD from the desired type
kubectl get projectcalico.org/v3 -A
# Now grab the desired name and do whatever you want with it
kubectl describe <CRD>/<resource name> -n <namespace>
i have created a ScaledObject and TriggerAuthentication using Keda, in order to horizontally autoscale my pods based on a RabbitMQ length.
but for some reason, when i try to query my ScaledObjects like this:
kubectl get ScaledObjects -n mynamespace
i am not getting anything.
but when i am applying the yaml file which contains all of the information about the ScaledObject, the output is this:
scaledobject.keda.sh/rabbitmq-scaledobject unchanged
i am also able to edit this scaled object using this command:
kubectl edit scaledobject.keda.sh/rabbitmq-scaledobject -n mynamespace
but i am not sure why it is not listed when doing this command:
kubectl get ScaledObjects -n mynamespace
the autoscaler does work, i am just wondering why it is not listed..
Thanks in Advance,
Yaniv
This might be a case of having more than one Custom Resource defined with the same kind but a different apiVersion.
For example, these two versions of Keda create the ScaledObject with different apiVersion:
1.4:
apiVersion: keda.k8s.io/v1alpha1
kind: ScaledObject
2.0:
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
So when you run kubectl get ScaledObjects -n mynamespace, it might be defaulting to the one you are not using.
I am using kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml to create deployment.
I want to create deployment in my namespace examplenamespace.
How can I do this?
There are three possible solutions.
Specify namespace in the kubectl command:
kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml -n my-namespace
Specify namespace in your yaml files:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
namespace: my-namespace
Change default namespace in ~/.kube/config:
apiVersion: v1
kind: Config
clusters:
- name: "k8s-dev-cluster-01"
cluster:
server: "https://example.com/k8s/clusters/abc"
namespace: "my-namespace"
By adding -n namespace to command you already have. It also works with other types of resources.
kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml -n namespacename
First you need to create the namespace likes this
kubectl create ns nameOfYourNamespace
Then you create your deployment under your namespace
kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml -n examplenamespace
The ns at
kubectl create ns nameOfYourNamespace
stands for namespace
The -n
kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml -n examplenamespace
stands for --namespace
So you first create your namespace in order Kubernetes know what namespaces dealing with.
Then when you are about to apply your changes you add the -n flag that stands for --namespace so Kubernetes know under what namespace will deploy/ create the proper resources
I have service account name: myservice
$ kubectl get serviceaccount
NAME SECRETS AGE
default 1 15d
myservice 1 15d
$ kubectl get serviceaccount myservice -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2018-06-13T12:41:18Z
name: myservice
namespace: default
...
I want to change the service's namespace default to development.
I tried to edit it with:
kubectl edit serviceaccount myservice
After saving it I received:
A copy of your changes has been stored to "/tmp/kubectl-edit-gjae6.yaml"
error: the namespace from the provided object "development" does not match the namespace "default". You must pass '--namespace=development' to perform this operation.
So I tried like they wrote and it still didn't work:
$ kubectl edit serviceaccount myservice --namespace=development
Error from server (NotFound): serviceaccounts "myservice" not found
The namespace development is exist and also the service myservice.
It seems you should create new myservice SA in development NS instead modifying existing SA in default namespace. Create new myservice in development NS, then remove one in default NS. The error cause the nonexistent myservice even is in development NS.