scope简介
scope 是 weave公司开源的用于监控,可视化,管理kubernetes集群的一个类似于dashbord的UI系统。有一下四大特点:
- 实时了解你的docker容器。
- 相关细节和深层链接。提供了容器tags,元数据,metrics等细节,也提供了cpu和内存指标。
- 集成了容器管理。可以pause,stop容器,也提供了webshell,方便对容器进行操作。
- 插件机制。这个很重要,可以根据约定,写一些自己需要的插件。官方提供的插件集中在github。
个人感觉有两个地方做的不错。第一个是scope提供了容器之间的业务拓扑,可以很方便的查看调用关系。
另外一个是scope-traffic-control插件,该插件用来控制容器的流量。
本身k8s只提供了cpu,内存和存储的限制。在官方不支持流控之前,也是一个不侵入的选择。利用的原理就是linux tc。后期我们会对该插件专门介绍。
scope部署
直接上yaml文件
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Namespace
metadata:
name: weave
annotations:
cloud.weave.works/version: v1.0.0-44-gd0d2369
- apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "support@weave.works"
}
labels:
name: weave-scope
namespace: weave
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "support@weave.works"
}
labels:
name: weave-scope
namespace: weave
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "support@weave.works"
}
labels:
name: weave-scope
namespace: weave
roleRef:
kind: ClusterRole
name: weave-scope
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-scope
namespace: weave
- apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "support@weave.works"
}
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
namespace: weave
spec:
replicas: 1
revisionHistoryLimit: 2
template:
metadata:
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
spec:
containers:
- name: app
args:
- '--no-probe'
- '--weave=false'
env: []
image: 'registry.xxx.com/kubernetes/scope:1.7.3'
imagePullPolicy: IfNotPresent
ports:
- containerPort: 4040
protocol: TCP
- apiVersion: v1
kind: Service
metadata:
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "support@weave.works"
}
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
namespace: weave
spec:
type: NodePort
ports:
- name: app
port: 80
protocol: TCP
targetPort: 4040
nodePort: 32404
selector:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-scope-agent
annotations:
cloud.weave.works/launcher-info: |-
{
"original-request": {
"url": "/k8s/scope.yaml?k8s-version=1.8.0",
"date": "Sat Feb 24 2018 09:12:44 GMT+0000 (UTC)"
},
"email-address": "support@weave.works"
}
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
namespace: weave
spec:
template:
metadata:
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
spec:
containers:
- name: scope-agent
args:
- '--no-app'
- '--probe.docker.bridge=docker0'
- '--probe.docker=true'
- '--probe.kubernetes=true'
- 'weave-scope-app.weave:80'
- '--weave=false'
env:
- name: KUBERNETES_HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'registry.xxx.com/kubernetes/scope:1.7.3'
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
- name: scope-plugins
mountPath: /var/run/scope/plugins
- name: sys-kernel-debug
mountPath: /sys/kernel/debug
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostPID: true
serviceAccountName: weave-scope
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- name: scope-plugins
hostPath:
path: /var/run/scope/plugins
- name: sys-kernel-debug
hostPath:
path: /sys/kernel/debug
updateStrategy:
type: RollingUpdate
- 将镜像源修改为自己服务器可以pull到即可。
- 由于scope没有提供登录认证的功能。所以没有通过ingress映射到外网。通过nodeport将service暴露,内网可以访问。当然可以轻松改造,整个接口采用mux实现,实现一个自己的认证中间件即可,这就是后续工作了。
- 如果你的k8s版本不是1.8.0,那么你可以获取yaml文件通过下面语句
curl https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.6.7 -sL -o scope.yaml最后上一张效果图
总结
当然如果是一个商用的k8s集群,scope远远不够。但是对于内部使用,scope是dashbord的一种很好的补充,也可以扩展,来满足自己。
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。