Rotate Kubernetes Certificates with Rancher 2.1.7 - kubernetes

How to rotate the certificates of a K8s cluster when Rancher version does not provide this option? I have Rancher 2.1.7 and I don't find anything about that. Do you know an API or command line doing the job?
I tried API with action=rotateCertificates but it returns InvalidAction.
I can't update Rancher.

It looks very clear 🔮 on how to do it on the docs:
Available as of v2.0.14 and v2.1.9
Rancher launched Kubernetes clusters have the ability to rotate the
auto-generated certificates through the API.
In the Global view, navigate to the cluster that you want to rotate
certificates.
Select the ⋮ > View in API.
Click on RotateCertificates.
Click on Show Request.
Click on Send Request.
✌️☮️

Related

Not getting Kubernetes cluster option in Create Server Group of Spinnaker

I am using Spinnaker version 1.26.6 which is deployed using Halyard.
I have added multiple Kubernetes account with provider version V2 following here https://spinnaker.io/docs/setup/install/providers/kubernetes-v2/ and the service account has entire cluster access.
While clicking on Create Server Group in UI, I don't get option to select my kubernetes accounts added. I get something like this
This account has empty dropdown list.
Is there any way by which instead of this prompt I get to choose my kubernetes accounts which I have added and deployed applications to?
We skipped this manual step of user grants.
https://spinnaker.io/docs/setup/productionize/persistence/clouddriver-sql/#database-setup
After adding this, it took sometime to sync and we are able to get the required results.

Being notified for changes in namespace of a pod

I have an application running on gcp. I want to set up a mechanism to be notified if there's any change in the namespace. There is an option to use kubernetes Watch to monitor any changes in namespace. But I'm looking for something to create an event or get notification to java application for such a change in namespace. I searched but could not find anything relevant, are there any options to be notified on such namespace changes?
If you are looking for forwarding to use third party app you can use plugin : botkube
If you want to create application in java you can check for respetvice client library of it in official document
https://kubernetes.io/docs/reference/using-api/client-libraries/
Java official client library for Kubernetes : https://github.com/kubernetes-client/java
This is some good example or it you can also use default Kubernetes API and write custom code and run that contained in same Kubernetes cluster to monitor any changes in namespace.
In order to do it, what I would do is deploying an application that checks if there are changes. To do it, you can use kubernetes api. You just need to install curl, instead of kubectl and the rest is restful.
curl http://localhost:8080/api/v1/namespaces/default/pods
Depending on your configuration you may need to use ssl or provide client certificate.
You should do a script with kubernetes api calls in order to check if there are changes.
I would use watches, depends on your specific use case, you can start here:
https://kubernetes.io/docs/reference/using-api/api-concepts/#efficient-detection-of-changes
https://engineering.bitnami.com/articles/kubernetes-async-watches.html
Let me know if this doesn't solve your use case, I can suggest other solutions.

Customizing kubernetes dashboard with company name and environment

Problem statement:
Currently we are running k8s in multiple environments e.g. dev, uat,staging.
It becomes very difficult to identify for us just by looking at k8s dashboard UI.
Do we have any facility to customize k8s dashboard indicating somewhere in header or footer cluster or environment we are using?
Since K8S is open source, you should have the ability to do whatever you want. You will ofcourse need to play with the code and build you own custom dashboard image.
You can start off from here
https://github.com/kubernetes/dashboard/tree/master/src/app/frontend
This feature was released back in 2017, with the introduction of the settings ConfigMap. You just need to set the values of the kubernetes-dashboard-settings ConfigMap in kubernetes-dashboard namespace. You don't even need to restart the dashboard service/deployment.

Kiali can't see any topo of my services in the Graph view

I'm running kubernetes v1.7.10, and Istio 1.0.4, and also, kiali v0.9, which bundled with istio 1.0.4.
Then I deployed bookinfo example into a namespace, gateway points to the bookinfo service, and accessed the productpage homepage from a browser, all were fine.
But, from Graph view of kiali, just a diamon icon with label "unknown" displayed. what's wrong with it?
I can see all the services, workloads, istio configs on the Kiali, just no topology.
At last, I traced back to the prometheus metrics, something like:
istio_requests_total{connection_security_policy="none",destination_app="unknown",destination_principal="unknown",destination_service="details.test.svc.cluster.local",destination_service_name="details",destination_service_namespace="test",destination_version="unknown",destination_workload="unknown",destination_workload_namespace="unknown",instance="172.22.178.111:42422",job="istio-mesh",reporter="destination",request_protocol="http",response_code="200",source_app="unknown",source_principal="unknown",source_version="unknown",source_workload="unknown",source_workload_namespace="unknown"}
I noticed that they were all "unknown", destination_app, destination_version, source_app, source_version ... , I believe that's why no topo displayed.
And the metrics from http://istio-telemetry:42422/metrics:
istio_requests_total{connection_security_policy="none",destination_app="unknown",destination_principal="unknown",destination_service="details.test.svc.cluster.local",destination_service_name="details",destination_service_namespace="test",destination_version="unknown",destination_workload="unknown",destination_workload_namespace="unknown",reporter="destination",request_protocol="http",response_code="200",source_app="unknown",source_principal="unknown",source_version="unknown",source_workload="unknown",source_workload_namespace="unknown"} 32
Then I did another testing, I setup a cluster of kubernetes v1.10.3, and installed istio 1.0.4 into it, deployed bookinfo examples, everything is fine, with a beatiful topo graph.
So, I doubt is there anyting different between the kubernetes versions that break the graph view of kiali?
Can someone give any hints?
thanks.
likun
I can't find a clear information on Istio website, but I believe kubernetes below 1.9 isn't supported. This is kind of suggested in the install page for Minikube: https://istio.io/docs/setup/kubernetes/platform-setup/minikube/
Maybe you can try with an older version of Istio, but I wouldn't guarantee it's going to work either. You would also have to pick up an older version of Kiali.
Kiali builds its graph from labels in istio telemetry, so you're right to correlate with what you see in Prometheus. In particular, source_app, source_workload, destination_app and destination_workload are used by Kiali to detect graph relations.

Spinnaker server group labelling

I am creating a server group and I want to add a label to the deployment. I don't find any option in the spinnaker UI to add one. Any help on this?
The current version of the Kubernetes cloud provider (v1) does not support configuring labels on Server Groups.
The new Kubernetes Provider (v2), which is manifest-based, allows you to configure labels. This version, however, is still in alpha.
Sources
https://github.com/spinnaker/spinnaker/issues/1624
https://www.spinnaker.io/reference/providers/kubernetes-v2/