linkerd Inject with helm or namespace? - kubernetes

I can't seem to find a simple answer to my question,
how to use linkerd inject command / options to add when using helm to install a package, e.g. like postgres?
I have done it with another package but that was by adding the annotation command to a values file and supplying that when running the helm install command.
With istio, all I have to do is to add a label on the namespace and it works?
So I started to look into adding the annotation to the namespaces I am working with, using the kubectl create namespace command?
However, I cant seem to find a way to add any annotation at the point of creating a namespace, unless I use a file.
So, I either need a way to add this annotation to the namespace with the create command or when installing packages with helm?
Thanks,

I think there are a couple of ways to do this. It all depends on what you are trying to achieve and how you'd like to manage your underlying infrastructure.
I assume you want to automate the installation of helm charts. If you are going to create the namespace using kubectl create namespace then you might be able to follow that up with kubectl annotate <created-namespace> "linkerd.io/inject=enabled".
Alternatively, you can make use of the Linkerd CLI and use the inject command provided -- the workflow here would involve a combination of kubectl and linkerd commands so I'm not sure it's what you're looking for. Nonetheless, you can do something like kubectl create namespace <my-namespace> -o yaml | linkerd inject - | kubectl apply -f -.
Last but not least, if you can use kubectl create namespace then you might be able to pipe the namespace manifest to kubectl directly and call it a day? You can use something similar to the snippet below:
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: foo
annotations:
linkerd.io/inject: enabled
EOF

Related

Kubernetes Simple Declarative Management

Is there a way for more simple Declarative Management than writing template files myself?
E.g. create the template files with kubectl command and then use kubectl apply on those templates?
kubectl create deployment my-app --image=nginx:latest --replicas=3 --port=8080 --dry-run=client --output=yaml > my-deployment.yaml
kubectl create service loadbalancer my-app --tcp=80:8080 --dry-run=client -o=yaml > my-service.yaml
And after this apply the generated template files:
kubectl apply -f .
Is it OK to use such approach for production?
Or it is considered not a good practice?
While it's quite common to write the individual YAML manifests
yourself, it's less common to apply them individually as you've shown
in your question. Where I work, we use Kustomize to manage our
manifests; this is a tool that assembles a collection of manifests
into a configuration which you then apply all at once using kubectl apply (other folks use Helm, but I don't have any experience with that tool).
There are lots of examples in the documentation, but for your example, you might do something like this:
Put your deployment manifest in my-deployment.yaml
Put your service manifest in my-service.yaml
Create a file kustomization.yaml with the following content:
resources:
- my-deployment.yaml
- my-service.yaml
To create or update your resources in the cluster, you run:
kustomize build | kubectl apply -f-
Kustomize has a number of options for generating things like
ConfigMaps and Secrets from files, for creating a hierarchical
configuration in which you can override portions of your manifests
with modified content, etc.
Note that a version of Kustomize is actually build into the kubectl
command; for the above example, you could have simply run:
kubectl apply -k .
The version of Kustomize built into kubectl is a little older than the standalone version, but for simple configurations it works just fine.

Read Kubernetes deployment annotation

How can I get a particular Kubernetes annotation from a deployment resource using kubectl? I know I can dynamically set an annotation on a deployment using:
kubectl annotate deployment api imageTag=dev-ac5ba48.k1dp9
Is there a single kubectl command to then read this deployments imageTag annotation?
You can use the following command to get the imageTag annotation (given that annotation exists):
kubectl get deploy DEPLOY_NAME -o jsonpath='{.metadata.annotations.imageTag}'
You can use jsonpath for that:
kubectl get deployment api -o=jsonpath='{.metadata.annotations}'
The command above will give you all the annotations of your deployment api.
For reference you can take a look at this doc page as it may help.

How to give annotations by using run command in kubernetes to a pod

I attempted but there is an error..i also see See 'kubectl run --help' for usage.
but i can't fix it..
kubectl run pod pod4 --image=aamirpinger/helloworld:latest --port=80 --annotaions=createdBy="Muhammad Shahbaz" --restart=Never
Error: unknown flag: --annotaions
kubectl run supports specifying annotations via the --annotations flag that can be specified multiple times to apply multiple annotations.
For example:
$ kubectl run --image myimage --annotations="foo=bar" --annotations="another=one" mypod
results in the following:
$ kubectl get pod mypod -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
foo: bar
another: one
[...]
kubectl run doesn't have an option to set annotations.
Unless you're running a one-off debugging pod, it's usually better practice to write out the full (Deployment) YAML file, commit to source control, and install it using kubectl apply -f. That will let you specify any Kubernetes object property you need to.
As David Maze mentioned ,there is no --annotations flag for kubectl run command.It is better to write deployment yaml file compared to running using kubectl run command.
However you can add annotations to kubernetes resources using Kubectl annotate command.All Kubernetes objects support the ability to store additional data with the object as annotations.
Hope this helps.

Why does kubectl create only support certain resources?

I'm looking to create yaml files for specific resources (pvs, pvcs, policies and so on) via the command line with kubectl.
kubectl create only supports the creation of certain resource types (namely clusterroles, clusterrolebindings, configmaps, cronjobs, deployments, jobs, namespaces, pod disruption budgets, priorityclasses, quotas, roles, rolebindings, secrets, services and serviceaccounts).
Why doesn't it support pods, pvs, pvcs, etc?
I know of kubectl run --generator=run=pod/v1 for pods, but is there a specific reason it hasn't been added to kubectl create?
I searched the docs and github issues, but couldn't find an explanation.
I know of tools like ksonnet, but I was wondering if there is a native way (or a reason why there isn't).
You can create any type of object with kubectl create. To do that you have two solutions :
Using a file descriptor : kubectl create -f my-pod-descriptor.yml
Using stdin (where your file content is in fact in your console) :
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox-sleep
spec:
containers:
- name: busybox
image: busybox
args:
- sleep
- "1000000"
EOF
Now back to the question, as to why didn't they add a kubectl create pod command for example. I don't really have the answer.
My guess is because it is not really a good practice to manage pods directly. It is recommended to use deployments instead. And you have a kubectl create deployment command.
What about other objects wich are perfectly fine such as pv or pvc. Well, I don't know :)
Just keep in mind that it is not really a good practice to create/manage everything from the console, as you won't be able to keep the history of what you are doing. Prefer using files managed in a SCM.
Thus, I guess the K8S team is not putting too much an effort in a procedure or command that is not recommended. Which is fine to me.

How to get annotation from namespace in side car injector

I am working with Istio. There are certain annotations that we add to our kubernetes namespace. One out of these namespace annotations also needs to be applied to the pods that are created with sidecar-enabled=true label. For this purpose, I looked at using the Istio sidecar injector webhook, but I am not able to find the reference to namespace's annotations.
Is there a way to do this?
You can find all need namespaces annotations using below command in Annotations: section.
kubectl describe namespaces
EDIT:
Your initial question is not clear. As far as I understand your question and additional clarification - you want to get annotations that are applied to a namespace from a configMap.
Official Istio Sidecar Injection Documentation says that
Manual and automatic injection both use the configuration from the
istio-sidecar-injector and istio ConfigMaps in the istio-system
namespace.
Based on this fact you can dump the configMap in the Istio cluster you are interested in by next command:
$ kubectl describe configmap --namespace=istio-system istio-sidecar-injector
This will show you references for pod annotations, global values, etc.
Example:
[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` "*" ]]
The above queries traffic.sidecar.istio.io/includeOutboundIPRanges annotation on the pod, and defaults to "*" if it's not present.