To deploy kubearchive locally you need to install the following:
- podman
- jq
- helm
- kubectl
- kind
- cosign
On fedora, install podman, jq, and helm with this command:
sudo dnf install podman jq helm
Otherwise follow the podman, jq, and helm install instructions.
Follow the kubernetes, kind, and cosign install instructions.
Create a cluster using kind.
kind create cluster
By default the cluster name is kind
. You can choose a name by using the --name
flag.
If you are still getting this error after following the instructions here
ERROR: failed to create cluster: running kind with rootless provider requires setting systemd property "Delegate=yes", see https://kind.sigs.k8s.io/docs/user/rootless/
try creating the cluster with this command:
systemd-run -p Delegate=yes --user --scope kind create cluster
After the cluster is created, run the kubectl command printed by kind to set your kube context to the kind cluster.
Verfiy the image signatures for knative:
curl -sSL https://github.com/knative/serving/releases/download/knative-v1.13.1/serving-core.yaml \
| grep 'gcr.io/' | awk '{print $2}' | sort | uniq \
| xargs -n 1 \
cosign verify -o text \
--certificate-identity=signer@knative-releases.iam.gserviceaccount.com \
--certificate-oidc-issuer=https://accounts.google.com
Finally run the helm chart to delploy kubearchive:
helm install [deployment name] charts/kubearchive
You can use the -g
flag to have helm generate a deployment name for you.
Run this command remove the the kubearchive deployment:
helm uninstall [deployment name]
The kubearchive helm chart deploys the following:
- Namespace named
kubearchive
- ClusterRole named
kubearchive
- ClusterRoleBinding named
kubearchive
- Service Account named
kubearchive
in thekubearchive
namespace - ApiServerSource named
api-server-source
in thekubearchive
namespace - Deployment and Service for
kubearchive-sink
in thekubearchive
namespace - (optionally) Namespace named
test
The ApiServerSource deployed by this helm chart uses the kubearchive
service account to watch resources
on the cluster. By default it is deployed to watch for events. The ClusterRole
and ClusterRoleBinding
by default give the kubearchive service account permissions to get
, list
, and watch
Events
cluster-wide.
The ApiServerSource is deploy by default to only listen for events in namepspaces with the label kubearchive: watch
.
The test
namespace, if created, has that label applied. The resources that the ApiServerSource listens for can be
changed by running the helm chart with kubearchive.role.rules[0].resources
and apiServerSource.resources
overridden.
kubearchive.role.rules[0].resources
expects that that the resource type(s) list are all lowercase and plural. If one
or more of the resources in kubearchive.role.rules[0].resources
is not in the kubernetes core API group, then
kubearchive.role.rules[0].apiGroups
must be overridden as well to include all API groups that contain all the
resources that you are interested in. apiServerSource.resources
is a list where each item includes the kind
and
apiVersion
of the resouce.
An ApiServerSource requires a sink that it can send cloud events to. Right now, kubearchive-sink is
https://github.com/knative-sample/event-display/
which is a simple sink written in go that prints
all cloud events it receives to stdout
. You can view cloud events it receives with the following
command:
kubectl logs --namespace=kubearchive -l app=kubearchive-sink --tail=1000
event-display
is just a placeholder. It needs to be replaced with a sink that is written for kubearchive.