Skip to content

Latest commit

 

History

History
109 lines (84 loc) · 2.61 KB

03.apiclarity-setup.md

File metadata and controls

109 lines (84 loc) · 2.61 KB

03. APIClarity setup

Follow these few steps to install APIClarity on your Kubernetes cluster.

Task 1. Install APIClarity

helm repo add apiclarity https://openclarity.github.io/apiclarity

Specify that envoy (Istio) is used to monitor for API traffic. Don't forget to specify which namespaces are monitored by APIClarity.

helm install \
--set trafficSource.envoyWasm.enabled=true \
--set trafficSource.envoyWasm.namespaces=default \
--create-namespace \
--namespace apiclarity \
apiclarity \
apiclarity/apiclarity

Task 2. Expose APIClarity UI

Run the following command to install the load balancer MetalLb:

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.5/config/manifests/metallb-native.yaml

We will setup MetalLb using layer2 protocol. We need to provide MetalLb a range of IP addresses it controls. We want this range to be on the docker kind network.

docker network inspect -f '{{.IPAM.Config}}' kind

You should have an output similar to:

[{172.18.0.0/16  172.18.0.1 map[]} {fc00:f853:ccd:e793::/64   map[]}]

We notice the CIDR used by Docker is 172.18.0.0/16 so we can allocate to MetalLb the following range 172.18.255.200-172.18.255.250.

Let's create the config file with the following command:

tee metallb-l2.yaml <<EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: default
  namespace: metallb-system
spec:
  addresses:
  - 172.18.255.200-172.18.255.250
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: default
  namespace: metallb-system
EOF

Then apply the configuration (the installation may not have yet finished, so if it fails grant a little bit of time ~ 1min or so...):

kubectl apply -f metallb-l2.yaml

Create an lb service yaml to access APIClarity.

cat > lb-apiclarity.yaml << EOF
apiVersion: v1
kind: Service
metadata:  
  name: lb-apiclarity
  labels:
    app: apiclarity-apiclarity
spec:
  selector:
    app: apiclarity-apiclarity
  type: LoadBalancer
  ports:  
  - name: http
    port: 8080
    targetPort: 8080
    protocol: TCP
EOF

Apply the lb service to access APIClarity.

kubectl apply -f lb-apiclarity.yaml -n apiclarity

Set the variable "ingressipapiclarity" and ensure it matches the smm-ingressgateway-external EXTERNAL-IP address:

ingressipapiclarity=$(kubectl get service -n apiclarity lb-apiclarity -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
caddy reverse-proxy --from :8080 --to ${ingressipapiclarity}:8080 > /dev/null 2>&1 &

APIClarity WebUI is available at dashboard.