Lemur Installation
Lemur extracts information from kubernetes, and Istio. To get started, the following should be set up in your targeted kubernetes cluster:
- Install
Istio,KialiandJaegerby following the steps here. Lemur currently works with Istio 1.4.
For example:
To deploy Istio using istioctl with default profile, together with Kiali and Jaeger:
istioctl manifest apply --set values.tracing.enabled=true --set values.kiali.enabled=true
To deploy MTLS enabled Istio using istioctl with default profile, together with Kiali and Jaeger:
istioctl manifest apply --set values.global.mtls.enabled=true --set values.global.controlPlaneSecurityEnabled=true --set values.tracing.enabled=true --set values.kiali.enabled=true
-
Have
Istiosidecar injected in the services you want to trace. -
Save
Kialilogin details to use when you log intoLemur.
For example, the following command is a simple way to create a secret for Kiali whose username is admin, and password is admin:
kubectl create secret generic kiali -n istio-system --from-literal=username=admin --from-literal=passphrase=admin
-
Lemurwill create dynamic PVs using the cluster's default storage class. For clusters running in multiple Cloud AZs, use a storage class that has avolumeBindingModeset to WaitForFirstConsumer. -
Your k8s cluster has internet access to Docker Hub, and you have cluster admin access.
Looking for the lemurctl instructions for a powerful CLI utility to use along with Lemur? Go here.
- Clone the repository
$ git clone https://github.com/turbonomic/lemur.git
Starting with the lemur-operator here, create the following resources on your k8s/OCP cluster:
- Create a namespace
lemurand scope to that namespace/project
$ kubectl create namespace lemur
When creating the rest of the resources, remember to add the -n lemur option. (If running in OpenShift, you can switch to the project using oc project lemur)
- Setup Service Account
$ kubectl create -f deploy/service_account.yaml -n lemur
- Setup RBAC
$ kubectl create -f deploy/cluster_role_binding.yaml
- Setup the CRD
$ kubectl create -f deploy/crds/charts_v1alpha1_lemur_crd.yaml -n lemur
- Deploy the operator
$ kubectl create -f deploy/operator.yaml -n lemur
- Edit the custom resource file deploy/crds/charts_v1alpha1_lemur_cr.yaml with the following values:
-
grafanaadministrator password. The default password is set toadmin. The username isadmin. NOTE - grafana will require a password change if you leave this to admin; this must be changed.
-
grafana:
# Specify the password for grafana here
adminPassword: admin
- If your
Istioinstallation is enabled with MTLS, and your Istio Meshpolicy is notPERMISSIVE, in order to accessLemur, you have two options:- Inject sidecars to all pods in the
lemurnamespace, or - Disable TLS for
Lemurby applying the following destination rule:
- Inject sidecars to all pods in the
kubectl -n lemur create -f deploy/destination_rule_lemur.yaml
- Similarly, If your
Istioinstallation is enabled with MTLS, and your Istio Meshpolicy is notPERMISSIVE, in order to accessJaegerandKialiservice, you have two options:- Inject sidecars to
JaegerandKiali, or - Disable TLS for
JaegerandKialiby applying the following destination rules:
- Inject sidecars to
kubectl -n lemur create -f deploy/destination_rule_lemur.yaml
- Create the custom resource that will import the container images required for Lemur
$ kubectl create -f deploy/crds/charts_v1alpha1_lemur_cr.yaml -n lemur
- Wait for all pods to become ready, and then get the service IP endpoint for Lemur UI
$ kubectl -n lemur wait --for=condition=Ready pod --all
pod/api-5f4f854c8f-7gvc2 condition met
pod/auth-7cf44485b5-r72qz condition met
pod/clustermgr-776d66b6bf-w6vz4 condition met
pod/consul-58d49bb7cf-ht2x2 condition met
pod/db-7b898dd6f6-7wlk5 condition met
pod/grafana-86884f777c-t2blx condition met
pod/group-645cdc5bc7-w9wfb condition met
pod/influxdb-6f889b969d-k7v8p condition met
pod/kafka-69946db65-jfqh4 condition met
pod/kubeturbo-lemur-release-92hoi5t5od5aqlr1sm8v3ineb-76558cd6rl2x9 condition met
pod/ml-datastore-686df8b467-cgzg9 condition met
pod/prometheus-alertmanager-867bc49557-s7qs7 condition met
pod/prometheus-kube-state-metrics-f84f86964-gssc5 condition met
pod/prometheus-node-exporter-jzfbp condition met
pod/prometheus-pushgateway-599b8fc64d-6bx6r condition met
pod/prometheus-server-6dd95df9c7-zplql condition met
pod/repository-b598fcfc5-rcc49 condition met
pod/rsyslog-5ff5bbfb6c-7fmfw condition met
pod/t8c-istio-ingressgateway-f94cbcc69-sdckj condition met
pod/t8c-operator-6f4479b58c-7cfcc condition met
pod/topology-processor-d6f97467b-8v48r condition met
pod/zookeeper-65fd654fb8-mzt7c condition met
$ kubectl get svc -n lemur | grep t8c-istio-ingressgateway
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
t8c-istio-ingressgateway LoadBalancer 10.xxx.xxx.xxx {identifier}.{region}.elb.amazonaws.com 15020:31640/TCP,80:30039/TCP,443:32379/TCP,15443:30168/TCP 16h
- Copy the IP address into a browser window, using HTTPS
- You will be asked to set a password for the "administrator" user
- Apply a license key.
- For a temporary key, apply the key Turbonomic-Engineering-Lemur-6M-100.xml
- Want a permanent key? Join our Slack channel and use our Slackbot to get one.
- Note, when you navigate Lemur, you will be required to enter the Kiali admin credentials, and only needed for the first time.
Now you are ready to enable data collection that will provide the context you need.
Lemur collects metrics using the kubeturbo pod that can be enabled by modifying the operator custom resource yaml.
- Edit the custom resource file deploy/crds/charts_v1alpha1_lemur_cr.yaml for kubeturbo to enable true and supply the lemur administrator password you created.
kubeturbo:
enabled: true
...
restAPIConfig:
opsManagerPassword: {your_lemur_password}
opsManagerUserName: administrator
- Apply the update
$ kubectl apply -f deploy/crds/charts_v1alpha1_lemur_cr.yaml -n lemur
- Go back to the Lemur UI to see the supply chain for your cluster appear.
You are ready to leap! Next review Use Cases to see a demo on how to use Lemur! Then set up the lemurctl utility.