SAML for using Amazon Managed Grafana Workspace (To-Do)
- kkumtree
2024-11-02T21:43:00+09:00
Organization์ ์ด์๊ฐ ์์ด
Amazon Managed Grafana Workspace๋ฅผ ์ฌ์ฉํ๋ ค๋ฉด SAML ์ธ์ฆ์ ๊ตฌ์ฑํด์ผํ๋๋ฐ, SAML ์ธ์ฆ ์ ์ด๊ฐ ๋๋ฉด ๊ฒํ ํด๋ณด๊ฒ ์ต๋๋ค.
๋น์ฐํ ๊ฑฐ์ 4๋ ์ด ๋ค๋๊ฐ๋ Amazon Managed Grafana โ Getting Started์๋ ๋ค๋ฅธ ์ธํฐํ์ด์ค๋ฅผ ํ์ธํ ์ ์์์ต๋๋ค.
ํ์ฌ ์ ๊ถํ์ผ๋ก๋ Organization์ ์์ฑํ ์ ์์ด์, Workspace๋ง ์์ฑํด๋ณด์์ต๋๋ค.
์ฆ, ๋งค์ฐ ๋์จํ ๊ถํ์ผ๋ก Workspace๋ฅผ ๋ง๋ค์ด์ฃผ๊ฒ ๋ค ์ด๊ฒ์
๋๋ค.
1. ‘๋ธ๊น’์ผ๋ก ์์ํ๊ธฐ
- Getting Started with
๋ธ๊น
- ์ด๋ฆ๋ง ์ง๊ณ , ๋์ด๊ฐ ๋ณด๊ฒ ์ต๋๋ค.
Monitoring CoreDNS in EKS with Grafana Cloud
- kkumtree
2024-10-30T23:44:01+09:00
Grafana Cloud ์ฒซ ์ฌ์ฉ๊ธฐ
CloudNet@์์ ์งํํ๊ณ ์๋ K8s Advanced Network Study(์ดํ, KANS)๋ฅผ ํตํด ํ์ตํ ๋ด์ฉ์ ์ ๋ฆฌํฉ๋๋ค.
์ด๋ฒ ์ฃผ์ฐจ๋ ์ค๊ฐ์ด ์์ง ์๋๋๋ฐ, ์คํฐ๋ ๋ง์ง๋ง ์ฃผ์ฐจ์
๋๋ค.
๊ทธ๋์ ์ฌ๋ฌ๋ถ์ด ์ ์๊ณ , ๋งค์ฐ ์ข์ํ๋ EKS๋ฅผ ํตํด, CoreDNS ์ด์๋ฅผ ๋ชจ๋ํฐ๋งํ๋ Hands-on์ ์ฐจ๊ทผ์ฐจ๊ทผ ๋ฐ๋ผํด๋ณด๋ ค๊ณ ํฉ๋๋ค.
์์ Blog๋ฅผ ๊ทธ๋๋ก ๋ฐ๋ผํด๋ณผ ๊ฒ๋๋ค.
0. EKS Cluster ์์ฑ
์คํฐ๋์์ ์ ๊ณต๋ CloudFormation์ ํตํด EKS Cluster๋ฅผ ์์ฑํด๋ณผ๊นํฉ๋๋ค.
eksctl์ด ์ธ๊ธ๋์ด ์์ด์ ์ ์ง… ๋์ค์ ๋กค๋ฐฑํ๊ณ ํ์ด๋ง์๋ถํฐ eksctl ๊ธฐ๋ฐ CloudFormation ๋ฐฐํฌ๋ฅผ ํ ๊ฒ ๊ฐ์ ๋ถ์ํจ์ด ์์ง๋ง ํด๋ณด์ฃ (?).
iptables monitoring with Grafana (Not Completed)
- kkumtree
2024-09-29T13:35:13+09:00
iptables๋ฅผ ์์งํ์ฌ Grafana๋ก ํํํ๋ ๋ฐฉ๋ฒ์ ์์๋ด ๋๋ค.
CloudNet@์์ ์งํํ๊ณ ์๋ K8s Advanced Network Study(์ดํ, KANS)๋ฅผ ํตํด ํ์ตํ ๋ด์ฉ์ ์ ๋ฆฌํฉ๋๋ค.
0. ํ๊ฒฝ ๊ตฌ์ฑ (kind)
์์ฑ์๊ฐ ์ด์๋ก featureGates, ConfigPatches, networking ์ค์ ์ค๋ช ์ ์คํต…ํฉ๋๋ค.
a. 1 Master, 3 Slave ํ๊ฒฝ ๊ตฌ์ฑ
cat <<EOT> kind-svc-1w.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
"InPlacePodVerticalScaling": true
"MultiCIDRServiceAllocator": true
nodes:
- role: control-plane
labels:
mynode: control-plane
topology.kubernetes.io/zone: ap-northeast-2a
extraPortMappings:
- containerPort: 30000
hostPort: 30000
- containerPort: 30001
hostPort: 30001
- containerPort: 30002
hostPort: 30002
kubeadmConfigPatches:
- |
kind: ClusterConfiguration
apiServer:
extraArgs:
runtime-config: api/all=true
controllerManager:
extraArgs:
bind-address: 0.0.0.0
etcd:
local:
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
scheduler:
extraArgs:
bind-address: 0.0.0.0
- |
kind: KubeProxyConfiguration
metricsBindAddress: 0.0.0.0
- role: worker
labels:
mynode: worker1
topology.kubernetes.io/zone: ap-northeast-2a
- role: worker
labels:
mynode: worker2
topology.kubernetes.io/zone: ap-northeast-2b
- role: worker
labels:
mynode: worker3
topology.kubernetes.io/zone: ap-northeast-2c
networking:
podSubnet: 10.10.0.0/16
serviceSubnet: 10.200.1.0/24
EOT
kind create cluster --config kind-svc-1w.yaml --name myk8s --image kindest/node:v1.31.0
b. ๊ธฐ๋ณธ ํด ์ค์น
docker exec -it myk8s-control-plane sh -c 'apt update && apt install tree psmisc lsof wget bsdmainutils bridge-utils net-tools ipset ipvsadm nfacct tcpdump ngrep iputils-ping arping git vim arp-scan -y'
1. prometheus stack ์ค์น (helm)
a. repository ์ถ๊ฐ ๋ฐ ๊ตฌ์ฑ
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
cat <<EOT > monitor-values.yaml
prometheus:
prometheusSpec:
podMonitorSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false
nodeSelector:
mynode: control-plane
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
effect: "NoSchedule"
grafana:
defaultDashboardsTimezone: Asia/Tokyo
adminPassword: kans7969
service:
type: NodePort
nodePort: 30002
nodeSelector:
mynode: control-plane
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
effect: "NoSchedule"
defaultRules:
create: false
alertmanager:
enabled: false
EOT
b. ์ค์น
kubectl create ns monitoring
helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --version 62.3.0 -f monitor-values.yaml --namespace monitoring
c. prometheus ์ฝ์ ์ ์
์๋ก์ด ํฐ๋ฏธ๋์ ์ด์ด, port-forwarding์ ํตํด ์ ์ํฉ๋๋ค.
