摘要:簡介是公司開源的用于監(jiān)控�,可視化,管理集群的一個類似于的系統(tǒng)�����。另外一個是插件���,該插件用來控制容器的流量��。在官方不支持流控之前��,也是一個不侵入的選擇���。由于沒有提供登錄認證的功能����。通過將暴露��,內(nèi)網(wǎng)可以訪問�。
scope簡介
scope 是 weave公司開源的用于監(jiān)控,可視化�����,管理kubernetes集群的一個類似于dashbord的UI系統(tǒng)���。有一下四大特點:
實時了解你的docker容器�����。
相關(guān)細節(jié)和深層鏈接���。提供了容器tags�����,元數(shù)據(jù)����,metrics等細節(jié)��,也提供了cpu和內(nèi)存指標(biāo)���。
集成了容器管理??梢詐ause,stop容器��,也提供了webshell���,方便對容器進行操作��。
插件機制��。這個很重要��,可以根據(jù)約定��,寫一些自己需要的插件���。官方提供的插件集中在github�。
個人感覺有兩個地方做的不錯����。第一個是scope提供了容器之間的業(yè)務(wù)拓撲,可以很方便的查看調(diào)用關(guān)系���。
另外一個是scope-traffic-control插件�,該插件用來控制容器的流量����。
本身k8s只提供了cpu,內(nèi)存和存儲的限制���。在官方不支持流控之前�,也是一個不侵入的選擇��。利用的原理就是linux tc��。后期我們會對該插件專門介紹。
scope部署
直接上yaml文件
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Namespace
metadata:
name: weave
annotations:
cloud.weave.works/version: v1.0.0-44-gd0d2369
- apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope
namespace: weave
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope
namespace: weave
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
- nonResourceURLs:
- "*"
verbs:
- "*"
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope
namespace: weave
roleRef:
kind: ClusterRole
name: weave-scope
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-scope
namespace: weave
- apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
namespace: weave
spec:
replicas: 1
revisionHistoryLimit: 2
template:
metadata:
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
spec:
containers:
- name: app
args:
- "--no-probe"
- "--weave=false"
env: []
image: "registry.xxx.com/kubernetes/scope:1.7.3"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 4040
protocol: TCP
- apiVersion: v1
kind: Service
metadata:
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
namespace: weave
spec:
type: NodePort
ports:
- name: app
port: 80
protocol: TCP
targetPort: 4040
nodePort: 32404
selector:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-scope-agent
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
namespace: weave
spec:
template:
metadata:
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
spec:
containers:
- name: scope-agent
args:
- "--no-app"
- "--probe.docker.bridge=docker0"
- "--probe.docker=true"
- "--probe.kubernetes=true"
- "weave-scope-app.weave:80"
- "--weave=false"
env:
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: "registry.xxx.com/kubernetes/scope:1.7.3"
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
- name: scope-plugins
mountPath: /var/run/scope/plugins
- name: sys-kernel-debug
mountPath: /sys/kernel/debug
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostPID: true
serviceAccountName: weave-scope
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- name: scope-plugins
hostPath:
path: /var/run/scope/plugins
- name: sys-kernel-debug
hostPath:
path: /sys/kernel/debug
updateStrategy:
type: RollingUpdate
將鏡像源修改為自己服務(wù)器可以pull到即可�����。
由于scope沒有提供登錄認證的功能��。所以沒有通過ingress映射到外網(wǎng)�。通過nodeport將service暴露,內(nèi)網(wǎng)可以訪問���。當(dāng)然可以輕松改造,整個接口采用mux實現(xiàn)����,實現(xiàn)一個自己的認證中間件即可,這就是后續(xù)工作了���。
如果你的k8s版本不是1.8.0�����,那么你可以獲取yaml文件通過下面語句
curl https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.6.7 -sL -o scope.yaml
最后上一張效果圖
總結(jié)
當(dāng)然如果是一個商用的k8s集群��,scope遠遠不夠�����。但是對于內(nèi)部使用��,scope是dashbord的一種很好的補充�,也可以擴展,來滿足自己����。
文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為�,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/33030.html
