摘要:簡(jiǎn)介是公司開源的用于監(jiān)控�,可視化,管理集群的一個(gè)類似于的系統(tǒng)�。另外一個(gè)是插件,該插件用來控制容器的流量���。在官方不支持流控之前��,也是一個(gè)不侵入的選擇����。由于沒有提供登錄認(rèn)證的功能���。通過將暴露�,內(nèi)網(wǎng)可以訪問��。
scope簡(jiǎn)介
scope 是 weave公司開源的用于監(jiān)控�,可視化,管理kubernetes集群的一個(gè)類似于dashbord的UI系統(tǒng)����。有一下四大特點(diǎn):
實(shí)時(shí)了解你的docker容器�。
相關(guān)細(xì)節(jié)和深層鏈接�。提供了容器tags,元數(shù)據(jù)���,metrics等細(xì)節(jié)�,也提供了cpu和內(nèi)存指標(biāo)��。
集成了容器管理���。可以pause����,stop容器,也提供了webshell�,方便對(duì)容器進(jìn)行操作。
插件機(jī)制��。這個(gè)很重要�����,可以根據(jù)約定,寫一些自己需要的插件���。官方提供的插件集中在github�����。
個(gè)人感覺有兩個(gè)地方做的不錯(cuò)�����。第一個(gè)是scope提供了容器之間的業(yè)務(wù)拓?fù)?�,可以很方便的查看調(diào)用關(guān)系�。
另外一個(gè)是scope-traffic-control插件�,該插件用來控制容器的流量。
本身k8s只提供了cpu����,內(nèi)存和存儲(chǔ)的限制。在官方不支持流控之前�,也是一個(gè)不侵入的選擇。利用的原理就是linux tc��。后期我們會(huì)對(duì)該插件專門介紹���。
scope部署
直接上yaml文件
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Namespace
metadata:
name: weave
annotations:
cloud.weave.works/version: v1.0.0-44-gd0d2369
- apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope
namespace: weave
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope
namespace: weave
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
- nonResourceURLs:
- "*"
verbs:
- "*"
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope
namespace: weave
roleRef:
kind: ClusterRole
name: weave-scope
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-scope
namespace: weave
- apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
namespace: weave
spec:
replicas: 1
revisionHistoryLimit: 2
template:
metadata:
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
spec:
containers:
- name: app
args:
- "--no-probe"
- "--weave=false"
env: []
image: "registry.xxx.com/kubernetes/scope:1.7.3"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 4040
protocol: TCP
- apiVersion: v1
kind: Service
metadata:
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
namespace: weave
spec:
type: NodePort
ports:
- name: app
port: 80
protocol: TCP
targetPort: 4040
nodePort: 32404
selector:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-scope-agent
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
namespace: weave
spec:
template:
metadata:
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
spec:
containers:
- name: scope-agent
args:
- "--no-app"
- "--probe.docker.bridge=docker0"
- "--probe.docker=true"
- "--probe.kubernetes=true"
- "weave-scope-app.weave:80"
- "--weave=false"
env:
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: "registry.xxx.com/kubernetes/scope:1.7.3"
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
- name: scope-plugins
mountPath: /var/run/scope/plugins
- name: sys-kernel-debug
mountPath: /sys/kernel/debug
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostPID: true
serviceAccountName: weave-scope
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- name: scope-plugins
hostPath:
path: /var/run/scope/plugins
- name: sys-kernel-debug
hostPath:
path: /sys/kernel/debug
updateStrategy:
type: RollingUpdate
將鏡像源修改為自己服務(wù)器可以pull到即可�。
由于scope沒有提供登錄認(rèn)證的功能。所以沒有通過ingress映射到外網(wǎng)���。通過nodeport將service暴露��,內(nèi)網(wǎng)可以訪問�。當(dāng)然可以輕松改造�,整個(gè)接口采用mux實(shí)現(xiàn),實(shí)現(xiàn)一個(gè)自己的認(rèn)證中間件即可���,這就是后續(xù)工作了。
如果你的k8s版本不是1.8.0��,那么你可以獲取yaml文件通過下面語句
curl https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.6.7 -sL -o scope.yaml
最后上一張效果圖
總結(jié)
當(dāng)然如果是一個(gè)商用的k8s集群���,scope遠(yuǎn)遠(yuǎn)不夠����。但是對(duì)于內(nèi)部使用����,scope是dashbord的一種很好的補(bǔ)充�,也可以擴(kuò)展��,來滿足自己��。
文章版權(quán)歸作者所有���,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為����,您可以聯(lián)系管理員刪除����。
轉(zhuǎn)載請(qǐng)注明本文地址:http://systransis.cn/yun/32629.html
