Kubeadm v1.6.1
kubernetes简称k8s,是谷歌于2014年开始主导的开源项目,提供了以容器为中心的部署、伸缩和运维平台。k8s 为容器化的应用提供部署运行、资源调度、服务发现和动态伸缩等一系列完整功能,提高了大规模容器集群管理的便捷性,截止目前它的最新版本为1.6.1。
本文介绍了一种轻量级快速部署工具kubeadm,旨在改善开发者在安装、调试和使用k8s时的体验,降低安装和使用门槛,它仍然处于Alpha状态,官方不建议在Production环境下使用。
系统环境
系统版本
- OS:Centos7.3
- 内核:3.10.0-514.10.2.el7.x86_64
- k8s:v1.6.1
- etcd:3.0.17
- docker:1.12.6
系统配置
- 8CPU
- 16GB Memory
- Swap:8G
- root:20G
- docker lvm:40G
配置本地yum源
备份系统默认repo
$ mkdir /etc/yum.repos.d/backup $ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
添加阿里云Yum repo
$ cat <<EOF> /etc/yum.repos.d/kubernetes.repo.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
安装docker kubelet kubeadm kubectl组件
yum install -y docker kubelet kubeadm kubectl kubernetes-cni
RPM包安装
若使用PRM包安装,切换到RPM安装包存放目录
[[email protected] ~]# cd k8s [[email protected] k8s]# ll -rw-r--r-- 1 root root 8217270 Apr 12 11:34 23961d0f7dca1ed118b948195f2fb5dd7a07503d69d7d8ab4433219ea98d033e-kubeadm-1.6.1-0.x86_64.rpm -rw-r--r-- 1 root root 8627678 Apr 12 11:34 9d1ccf0877dfc4228a923a9614661b27d663694680e2bc0a1c184aa937fbf7f2-kubectl-1.6.1-0.x86_64.rpm -rw-r--r-- 1 root root 15484562 Apr 12 11:34 cde0b9092d421800f7207df677d6a1f321c82179e89a24e4b3c009a875e62c91-kubelet-1.6.1-0.x86_64.rpm -rw-r--r-- 1 root root26888 Apr 12 11:34 container-selinux-2.9-4.el7.noarch.rpm -rw-r--r-- 1 root root 21089820 Apr 12 11:34 docker-1.12.6-11.el7.centos.x86_64.rpm -rw-r--r-- 1 root root 4617844 Apr 12 11:34 docker-client-1.12.6-11.el7.centos.x86_64.rpm -rw-r--r-- 1 root root72884 Apr 12 11:34 docker-common-1.12.6-11.el7.centos.x86_64.rpm -rw-r--r-- 1 root root 7800562 Apr 12 11:34 e7a4403227dd24036f3b0615663a371c4e07a95be5fee53505e647fd8ae58aa6-kubernetes-cni-0.5.1-0.x86_64.rpm -rw-r--r-- 1 root root 1110536 Apr 12 11:34 oci-register-machine-0-1.11.gitdd0daef.el7.x86_64.rpm -rw-r--r-- 1 root root29664 Apr 12 11:34 oci-systemd-hook-0.1.4-9.git671c428.el7.x86_64.rpm -rw-r--r-- 1 root root 7760 Apr 12 11:34 skopeo-containers-0.1.18-1.el7.x86_64.rpm -rw-r--r-- 1 root root 261512 Apr 12 11:34 socat-1.7.2.2-5.el7.x86_64.rpm [[email protected] ~]# yum localinstall package *.rpm
Docker devicemapper配置
新建磁盘分区
[[email protected] ~]# fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000a251f
Device Boot Start End Blocks Id System
/dev/sda1 *2048 1026047 512000 83 Linux
/dev/sda2 10260484194303920458496 8e Linux LVM
Disk /dev/mapper/centos-root: 18.8 GB, 18756927488 bytes, 36634624 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/centos-docker--poolmeta: 20 MB, 20971520 bytes, 40960 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdb: 42.9 GB, 42949672960 bytes, 83886080 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
[[email protected] ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x7296037a.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p):
Using default response p
Partition number (1-4, default 1):
First sector (2048-83886079, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-83886079, default 83886079):
Using default value 83886079
Partition 1 of type Linux and of size 40 GiB is set
Command (m for help): p
Disk /dev/sdb: 42.9 GB, 42949672960 bytes, 83886080 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x7296037a
Device Boot Start End Blocks Id System
/dev/sdb120488388607941942016 83 Linux
Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e
Changed type of partition ‘Linux‘ to ‘Linux LVM‘
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[[email protected] ~]# partprobe
创建PV卷
$ pvcreate /dev/sdb1
创建VG卷
$ vgcreate docker /dev/sdb1
创建LV卷
$ lvcreate --wipesignatures y -n thinpool docker -l 95%VG $ lvcreate --wipesignatures y -n thinpoolmeta docker -l 1%VG
格式化LV
$ lvconvert -y --zero n -c 512K --thinpool docker/thinpool --poolmetadata docker/thinpoolmeta
配置LVM Proflie
$ cat <<EOF> /etc/lvm/profile/docker-thinpool.profile
activation {
thin_pool_autoextend_threshold=80
thin_pool_autoextend_percent=20
}
EOF
验证配置生效
$ lvchange --metadataprofile docker-thinpool docker/thinpool $ lvs -o+seg_monitor
配置Docker daemon
$ cat <<EOF> /etc/docker/daemon.json
{
"live-restore": true
}
{
"storage-driver": "devicemapper",
"storage-opts": [
"dm.thinpooldev=/dev/mapper/docker-thinpool",
"dm.use_deferred_removal=true",
"dm.use_deferred_deletion=true"
]
}
EOF
配置 docker storage 信息
[[email protected]]# more /etc/sysconfig/docker-storage DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt dm.thinpooldev=/dev/mapper/docker-thinpool --storage-opt dm.use_deferred_removal=true "
配置log driver信息
为了便于docker 日志排查,将日志模式改为syslog并输出到ELK平台。
[[email protected] k8s]# more /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS=‘--selinux-enabled --log-driver=syslog --signature-verification=false‘
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
# If you want to add your own registry to be used for docker search and docker
# pull use the ADD_REGISTRY option to list a set of registries, each prepended
# with --add-registry flag. The first registry added will be the first registry
# searched.
#ADD_REGISTRY=‘--add-registry registry.access.redhat.com‘
# If you want to block registries from being used, uncomment the BLOCK_REGISTRY
# option and give it a set of registries, each prepended with --block-registry
# flag. For example adding docker.io will stop users from downloading images
# from docker.io
# BLOCK_REGISTRY=‘--block-registry‘
# If you have a registry secured with https but do not have proper certs
# distributed, you can tell docker to not look for full authorization by
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
# INSECURE_REGISTRY=‘--insecure-registry‘
# On an SELinux system, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined 1
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
#
# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest
配置docker 自定义信息
[[email protected] k8s]# more /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current --insecure-registry 10.72.240.***:5000 --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --log-opt syslog-format=rfc3164 --log-opt syslog-address=tcp://10.72.7.***:514 --log-opt tag="CONTAINER_NAME:{{.Name}}|CONTAINER_ID:{{.ID}}" $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
MountFlags=slave
[Install]
WantedBy=multi-user.target
重启docker 生效
systemctl daemon-reload systemctl start docker
验证信息
[[email protected] ~]# docker info Containers: 19 Running: 19 Paused: 0 Stopped: 0 Images: 15 Server Version: 1.12.6 Storage Driver: devicemapper Pool Name: docker-thinpool Pool Blocksize: 524.3 kB Base Device Size: 10.74 GB Backing Filesystem: xfs Data file: Metadata file: Data Space Used: 2.364 GB Data Space Total: 40.8 GB Data Space Available: 38.43 GB Metadata Space Used: 753.7 kB Metadata Space Total: 427.8 MB Metadata Space Available: 427.1 MB Thin Pool Minimum Free Space: 4.079 GB Udev Sync Supported: true Deferred Removal Enabled: true Deferred Deletion Enabled: false Deferred Deleted Device Count: 0 Library Version: 1.02.135-RHEL7 (2016-11-16) Logging Driver: syslog Cgroup Driver: systemd Plugins: Volume: local Network: null host bridge overlay Swarm: inactive Runtimes: docker-runc runc Default Runtime: docker-runc Security Options: seccomp Kernel Version: 3.10.0-514.10.2.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 Number of Docker Hooks: 2 CPUs: 8 Total Memory: 15.67 GiB Name: vm-shalku91.aegonthtf.com ID: HPJX:TWZ3:VQK3:4EV4:3EGL:5U2Z:4BU2:REYM:6E7F:ILNC:TIE2:MBAT Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://registry.aegonthtf.com/v1/ Insecure Registries: 10.72.240.53:5000 127.0.0.0/8 Registries: registry.aegonthtf.com (secure), docker.io (secure)
参考: https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/
配置docker 代理
$ mkdir /etc/systemd/system/docker.service.d $ sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf <<-‘EOF‘ [Service] Environment="HTTP_PROXY=http://username:[email protected]:port/" "NO_PROXY=localhost,10.72.240.**,10.72.243.** EOF
更改kubelet Cgroup配置
因为kubelet 默认--cgroup-driver与docker 冲突,改为systemd。
$ sudo tee /etc/systemd/system/kubelet.service.d/10-kubeadm.conf <<-‘EOF‘ [Service] Environment="KUBELET_KUBECONFIG_ARGS=--kubeconfig=/etc/kubernetes/kubelet.conf --require-kubeconfig=true" Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true" Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local" Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" Environment="KUBELET_CGRPUP=--cgroup-driver=systemd" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_CGRPUP $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_EXTRA_ARGS EOF
配置内部Docker Resgistry
Vi /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd --insecure-registry 10.72.240.**:5000
关闭防火墙,启动docker和kubelet
setenforce 0 systemctl daemon-reload systemctl disable firewalld.service&&systemctl stop firewalld.service systemctl enable docker.service&&systemctl start docker.service systemctl enable kubelet&&systemctl start kubelet
导入google镜像
切换到镜像目录
[[email protected] k8s]# cd /root/k8s_images [[email protected] k8s_images]# ll |grep .tar -rw------- 1 root root 169167872 Apr 11 14:34 etcd-amd64.tar -rw-r--r-- 1 root root 45130240 Apr 11 14:34 k8s-dns-dnsmasq-nanny-amd64.tar -rw-r--r-- 1 root root 52617728 Apr 11 14:34 k8s-dns-kube-dns-amd64.tar -rw-r--r-- 1 root root 44777984 Apr 11 14:34 k8s-dns-sidecar-amd64.tar -rw-r--r-- 1 root root 150713344 Apr 11 14:34 kube-apiserver-amd64.tar -rw-r--r-- 1 root root 132934656 Apr 11 14:34 kube-controller-manager-amd64.tar -rw-r--r-- 1 root root 110983680 Apr 11 14:34 kube-proxy-amd64.tar -rw-r--r-- 1 root root 108823552 Apr 11 16:38 kubernetes-dashboard-amd64.tar -rw-r--r-- 1 root root 76966400 Apr 11 14:34 kube-scheduler-amd64.tar -rw-r--r-- 1 root root765440 Apr 11 14:35 pause.tar [[email protected] k8s_images]# for a in $(ls); do docker load -i $a; done Loaded image: gcr.io/google_containers/etcd-amd64:3.0.17 Loaded image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.1 Loaded image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.1 Loaded image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.1 Loaded image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.1 Loaded image: gcr.io/google_containers/kube-controller-manager-amd64:v1.6.1 Loaded image: gcr.io/google_containers/kube-proxy-amd64:v1.6.1 Loaded image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.0 Loaded image: gcr.io/google_containers/kube-scheduler-amd64:v1.6.1 Loaded image: gcr.io/google_containers/pause-amd64:3.0
kubeadmin 安装
kubeadm init --kubernetes-version=v1.6.1 --apiserver-advertise-address=10.72.243.137
复制admin.conf 至根目录
sudo cp /etc/kubernetes/admin.conf $HOME/ sudo chown $(id -u):$(id -g) $HOME/admin.conf echo “KUBECONFIG=$HOME/admin.conf” >> /etc/profile source /etc/profile
配置weave 网络
[[email protected] k8s]# more weave-daemonset-k8s-1.6.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: weave-net
rules:
- apiGroups:
- ""
resources:
- pods
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: weave-net
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: weave-net
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
namespace: kube-system
spec:
template:
metadata:
labels:
name: weave-net
spec:
hostNetwork: true
hostPID: true
containers:
- name: weave
image: weaveworks/weave-kube:1.9.4
command:
- /home/weave/launch.sh
livenessProbe:
initialDelaySeconds: 30
httpGet:
host: 127.0.0.1
path: /status
port: 6784
securityContext:
privileged: true
volumeMounts:
- name: weavedb
mountPath: /weavedb
- name: cni-bin
mountPath: /host/opt
- name: cni-bin2
mountPath: /host/home
- name: cni-conf
mountPath: /host/etc
- name: dbus
mountPath: /host/var/lib/dbus
- name: lib-modules
mountPath: /lib/modules
resources:
requests:
cpu: 10m
- name: weave-npc
image: weaveworks/weave-npc:1.9.4
resources:
requests:
cpu: 10m
securityContext:
privileged: true
restartPolicy: Always
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
serviceAccountName: weave-net
securityContext:
seLinuxOptions:
type: spc_t
volumes:
- name: weavedb
emptyDir: {}
- name: cni-bin
hostPath:
path: /opt
- name: cni-bin2
hostPath:
path: /home
- name: cni-conf
hostPath:
path: /etc
- name: dbus
hostPath:
path: /var/lib/dbus
- name: lib-modules
hostPath:
path: /lib/modules
[[email protected] k8s]# kubectl apply -f weave-daemonset-k8s-1.6.yaml
安装完毕后,会有命令提示加入node 节点
kubeadm join --token 054650.0ecaaf64fb14da94 10.72.243.137:6443
参考https://kubernetes.io/docs/getting-started-guides/kubeadm/
部署K8s_dashboard
[[email protected] k8s]# more kube-dashboard-rbac.yml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: kube-system
[[email protected] k8s]# more kubernetes-dashboard.yaml
# Copyright 2015 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Configuration to deploy release version of the Dashboard UI.
#
# Example usage: kubectl create -f <this_file>
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
# Comment the following annotation if Dashboard must not be deployed on master
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
containers:
- name: kubernetes-dashboard
image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.0
ports:
- containerPort: 9090
protocol: TCP
args:
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
---
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
[[email protected] k8s]# kubectl create -f kube-dashboard-rbac.yml
[[email protected] k8s]# kubectl create -f kubernetes-dashboard.yaml
Note: 因k8s 1.6 dashboard 没有权限访问default namespace,具体参考https://github.com/kubernetes/dashboard/issues/1803
部署weavescope
[[email protected] k8s]# more weavescope.yaml
apiVersion: v1
kind: List
items:
- metadata:
labels:
name: weave-scope
name: weave-scope
annotations:
cloud.weave.works/launcher-info: |-
{
"server-version": "master-4b19761",
"original-request": {
"url": "/k8s/v1.5/scope.yaml?/launch/k8s/weavescope.yaml",
"date": "Tue Apr 11 2017 08:43:10 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
apiVersion: v1
kind: ServiceAccount
- metadata:
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"server-version": "master-4b19761",
"original-request": {
"url": "/k8s/v1.5/scope.yaml?/launch/k8s/weavescope.yaml",
"date": "Tue Apr 11 2017 08:43:10 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
spec:
template:
metadata:
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
spec:
containers:
- name: app
image: ‘weaveworks/scope:1.3.0‘
imagePullPolicy: IfNotPresent
args:
- ‘--no-probe‘
ports:
- containerPort: 4040
protocol: TCP
replicas: 1
apiVersion: extensions/v1beta1
kind: Deployment
- metadata:
labels:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
name: weave-scope-app
annotations:
cloud.weave.works/launcher-info: |-
{
"server-version": "master-4b19761",
"original-request": {
"url": "/k8s/v1.5/scope.yaml?/launch/k8s/weavescope.yaml",
"date": "Tue Apr 11 2017 08:43:10 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
spec:
ports:
- name: app
port: 80
targetPort: 4040
protocol: TCP
selector:
name: weave-scope-app
app: weave-scope
weave-cloud-component: scope
weave-scope-component: app
apiVersion: v1
kind: Service
- metadata:
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
name: weave-scope-agent
annotations:
cloud.weave.works/launcher-info: |-
{
"server-version": "master-4b19761",
"original-request": {
"url": "/k8s/v1.5/scope.yaml?/launch/k8s/weavescope.yaml",
"date": "Tue Apr 11 2017 08:43:10 GMT+0000 (UTC)"
},
"email-address": "[email protected]"
}
spec:
template:
metadata:
labels:
name: weave-scope-agent
app: weave-scope
weave-cloud-component: scope
weave-scope-component: agent
annotations:
scheduler.alpha.kubernetes.io/tolerations: >-
[{"key":"dedicated","operator":"Equal","value":"master","effect":"NoSchedule"}]
spec:
containers:
- name: agent
image: ‘weaveworks/scope:1.3.0‘
imagePullPolicy: IfNotPresent
args:
- ‘--no-app‘
- ‘--probe.docker.bridge=docker0‘
- ‘--probe.docker=true‘
- ‘--probe.kubernetes=true‘
- >-
$(WEAVE_SCOPE_APP_SERVICE_HOST):$(WEAVE_SCOPE_APP_SERVICE_PORT)
securityContext:
privileged: true
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
- name: scope-plugins
mountPath: /var/run/scope/plugins
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- name: scope-plugins
hostPath:
path: /var/run/scope/plugins
hostPID: true
hostNetwork: true
serviceAccountName: weave-scope
apiVersion: extensions/v1beta1
kind: DaemonSet
[[email protected] k8s]# kubectl apply -f weavescope.yaml --namespace="kube-system"
参考https://www.weave.works/docs/scope/latest/installing/#k8s-standalone
时间: 2024-11-07 15:50:46