How does Cluster Collector work? #408
Comments
|
Also what is covered in the "cluster" collector? I couldn't find an explanation for this. Is this referring to kube components and maybe some other things? |
|
Cluster collector calls the cluster to get k8s resources via the rest api. As to why its not working from the gitlab runner I am not sure. Its likely attempting to call the master control plane, and it might not have access. |
|
Thank you for the response, Is it different in scope from the helm releases (helm collector)? Or is there overlap? |
|
Yes its different. Helm deploys to a different location, which is the reason both of those collectors are separate. |
|
Do you happen to know what kinds of things are covered in the cluster collector? just trying to get an idea of what I'm not getting if I accept not being able to reach the master via rest api cni? kube components? network policies? just guessing |
|
anything not deployed by helm, basically |
|
those are the resources which kubent looks for by default, we also support additional kinds, but you will need to provide a list via the |
|
I find it unlikely that this is a kubent problem, so might close this one off if thats ok |
|
Ok thank you for the clarification. ALso thats a very helpful link edit: actually pods arent there? |
|
Well the goal was to figure how what exactly cluster collector is doing (not necessarily saying its a kubent issue per se), to better troubleshoot this, if your certain it works by hitting master node rest api then yes it can be closed. Wondering if i can change to debug or something to see it complain about reaching something. |
|
We merge all the collected data together, so it doesn't really matter if there is overlap. We don't scan for pods as pods are a super low level resource, in general its best practice not to create them manually. |
|
Ok it makes sense. I'm gonna try to run it with --log-level debug at least once before closing to see if we can confirm complaints to master node rest, at least in my mind that resolves the ticket idea of "how does it work (and why isn't it working in my scenario)" |
|
After running it with debug i found out the issue was rbac and it couldn't get the cluster resources due to their apiGroups. |
|
Glad you were able to figure this out @perezjasonr 👍, I have created an issue (#426) to consider logging this at a warning level - I think it might be more user-friendly and make possible permission issue immediately obvious. |
Sorry but I couldnt find it in the docs.
When I do a bootstrap a k8s cluster, then run an in-cluster kubent pod using local kubectl
I get:
the exact same cluster, but done in cicd (gitlab), where the gitlab runner has kubectl, and kubeconfig in the runner then does the exact same pod, I get:
the cluster is in the same cloud platform, bootstrapped with the same method (its AKS).
I'm trying to figure out why its 0 from collector Cluster in the gitlab runner. The only difference in my mind is where kubectl calls are coming from. One is from a gitlab runner, one is just from my local workstation. but the gitlab runner basically is handed the same stuff, its essentially just a mini setup (kubectl and kubeconf) put in a runner... but then runs the same commands meaning, it creates the clusterrole, binding, and sa, runs the kubent pod. I would think from the perspective of in-cluster kubent job, everything would be the same.
The text was updated successfully, but these errors were encountered: