kyverno
kyverno copied to clipboard
kyverno
Add a new option for profiling Kyverno
Problem Statement
The Kyverno endpoint can be exposed via the loadbalancer type of service. We can add an example service manifest under https://github.com/kyverno/kyverno/wiki/Profiling-Kyverno-on-Kubernetes#expose-the-endpoint-at-the-local-port.
Solution Description
apiVersion: v1
kind: Service
metadata:
name: pproc-service
namespace: kyverno
spec:
selector:
app: kyverno
ports:
- protocol: TCP
port: 6060
targetPort: 6060
type: LoadBalancer
Alternatives
No response
Additional Context
No response
Slack discussion
https://kubernetes.slack.com/archives/CLGR9BJU9/p1657102500335939?thread_ts=1657027928.322689&cid=CLGR9BJU9
Research
- [X] I have read and followed the documentation AND the troubleshooting guide.
- [X] I have searched other issues in this repository and mine is not recorded.
Sorry, but how can I open a PR changing GitHub wiki. Forking the repo doesn't fork the wiki automatically and I failed to find much help on the internet.
Heyy @anubha-v-ardhan , you could clone the wiki using git clone https://github.com/kyverno/kyverno.wiki.git and make the change I suppose .
@chetak123 Sure, feel free to assign yourself. unassigning myself....
Hello everyone Sorry for the misread but it turns out I can clone the wiki and make changes to my local git repo but I cannot make PR to the main project wiki (because it's not forked with the main project).
There are some workarounds for it like this or this one
But it will be much easier if the project maintainer makes the required revision to the wiki Thanks.
Hi @chetak123 - you can also attach the instructions here. I can update the wiki.
The HTTP endpoint will now be available as a local port.
You can use loadbalancer type of service to expose Kyverno endpoint, an example service manifest is given below:
apiVersion: v1
kind: Service
metadata:
name: pproc-service
namespace: kyverno
spec:
selector:
app: kyverno
ports:
- protocol: TCP
port: 6060
targetPort: 6060
type: LoadBalancer
@chetak123 - thanks for your reply.
I see this as an alternative to kubectl portforward solution. Can you add this as another option and attach the entire Expose the endpoint at the local port section in the markdown format?
Expose the endpoint at the local port
You can get at the application in the pod by port forwarding with kubectl, for example:
$ kubectl -n kyverno get pod
NAME READY STATUS RESTARTS AGE
kyverno-7d67c967c6-slbpr 1/1 Running 0 19s
$ kubectl -n kyverno port-forward kyverno-7d67c967c6-slbpr 6060
Forwarding from 127.0.0.1:6060 -> 6060
Forwarding from [::1]:6060 -> 6060
The HTTP endpoint will now be available as a local port.
Alternatively you can use loadbalancer type of service to expose Kyverno endpoint, an example service manifest is given below:
apiVersion: v1
kind: Service
metadata:
name: pproc-service
namespace: kyverno
spec:
selector:
app: kyverno
ports:
- protocol: TCP
port: 6060
targetPort: 6060
type: LoadBalancer
Hey @realshuting I have attached the Expose the endpoint section in markdown format in the form of expose.md file attached and the preview can be seen above
Cleaned up Markdown below (maintainers can edit the post to copy raw MD):
Expose the endpoint on a local port
You can Kyverno by port forwarding with kubectl, for example:
$ kubectl -n kyverno get pod
NAME READY STATUS RESTARTS AGE
kyverno-7d67c967c6-slbpr 1/1 Running 0 19s
$ kubectl -n kyverno port-forward kyverno-7d67c967c6-slbpr 6060
Forwarding from 127.0.0.1:6060 -> 6060
Forwarding from [::1]:6060 -> 6060
The HTTP endpoint will now be available as a local port.
Alternatively, use a Service of type LoadBalancer to expose Kyverno. An example Service manifest is given below:
apiVersion: v1
kind: Service
metadata:
name: pproc-service
namespace: kyverno
spec:
selector:
app: kyverno
ports:
- protocol: TCP
port: 6060
targetPort: 6060
type: LoadBalancer
Updated https://github.com/kyverno/kyverno/wiki/Profiling-Kyverno-on-Kubernetes#expose-the-endpoint-on-a-local-port.
Thanks @chetak123 and Chip!