From eb849432a168dbe2f07bd06977235e4462303c0c Mon Sep 17 00:00:00 2001 From: Tasdik Rahman Date: Wed, 2 May 2018 17:39:26 +0530 Subject: [PATCH] examples: k8s: added manifest for scope deployment - closes https://github.com/weaveworks/scope/issues/3153 --- examples/k8s/cluster-role-binding.yaml | 16 +++++++ examples/k8s/cluster-role.yaml | 44 +++++++++++++++++ examples/k8s/deploy.yaml | 32 +++++++++++++ examples/k8s/ds.yaml | 66 ++++++++++++++++++++++++++ examples/k8s/ns.yaml | 5 ++ examples/k8s/sa.yaml | 8 ++++ examples/k8s/svc.yaml | 22 +++++++++ 7 files changed, 193 insertions(+) create mode 100644 examples/k8s/cluster-role-binding.yaml create mode 100644 examples/k8s/cluster-role.yaml create mode 100644 examples/k8s/deploy.yaml create mode 100644 examples/k8s/ds.yaml create mode 100644 examples/k8s/ns.yaml create mode 100644 examples/k8s/sa.yaml create mode 100644 examples/k8s/svc.yaml diff --git a/examples/k8s/cluster-role-binding.yaml b/examples/k8s/cluster-role-binding.yaml new file mode 100644 index 000000000..d6afe0f13 --- /dev/null +++ b/examples/k8s/cluster-role-binding.yaml @@ -0,0 +1,16 @@ +# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: weave-scope + labels: + name: weave-scope + namespace: weave +roleRef: + kind: ClusterRole + name: weave-scope + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: weave-scope + namespace: weave diff --git a/examples/k8s/cluster-role.yaml b/examples/k8s/cluster-role.yaml new file mode 100644 index 000000000..d276c61c1 --- /dev/null +++ b/examples/k8s/cluster-role.yaml @@ -0,0 +1,44 @@ +# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 +# with little modificatios to reduce permissions +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + name: weave-scope + name: weave-scope + namespace: weave +rules: +- apiGroups: + - "" + resources: + - pods + - replicationcontrollers + - services + - nodes + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch diff --git a/examples/k8s/deploy.yaml b/examples/k8s/deploy.yaml new file mode 100644 index 000000000..86ba4e03e --- /dev/null +++ b/examples/k8s/deploy.yaml @@ -0,0 +1,32 @@ +# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: weave-scope-app + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + namespace: weave +spec: + replicas: 1 + revisionHistoryLimit: 2 + template: + metadata: + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + spec: + containers: + - name: app + args: + - '--no-probe' + env: [] + image: weaveworks/scope:1.9.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 4040 + protocol: TCP diff --git a/examples/k8s/ds.yaml b/examples/k8s/ds.yaml new file mode 100644 index 000000000..9b0d87948 --- /dev/null +++ b/examples/k8s/ds.yaml @@ -0,0 +1,66 @@ +# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: weave-scope-agent + labels: + name: weave-scope-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: agent + namespace: weave +spec: + minReadySeconds: 5 + template: + metadata: + labels: + name: weave-scope-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: agent + spec: + containers: + - name: scope-agent + args: + - '--no-app' + - '--probe.docker.bridge=docker0' + - '--probe.docker=true' + - '--probe.kubernetes=true' + - 'weave-scope-app.weave.svc.cluster.local:80' + env: + - name: KUBERNETES_HOSTNAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: weaveworks/scope:1.9.0 + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + volumeMounts: + - name: docker-socket + mountPath: /var/run/docker.sock + - name: scope-plugins + mountPath: /var/run/scope/plugins + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: true + serviceAccountName: weave-scope + tolerations: + - effect: NoSchedule + operator: Exists + volumes: + - name: docker-socket + hostPath: + path: /var/run/docker.sock + - name: scope-plugins + hostPath: + path: /var/run/scope/plugins + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + updateStrategy: + rollingUpdate: + maxUnavailable: 1 diff --git a/examples/k8s/ns.yaml b/examples/k8s/ns.yaml new file mode 100644 index 000000000..43d5007b0 --- /dev/null +++ b/examples/k8s/ns.yaml @@ -0,0 +1,5 @@ +# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 +apiVersion: v1 +kind: Namespace +metadata: + name: weave diff --git a/examples/k8s/sa.yaml b/examples/k8s/sa.yaml new file mode 100644 index 000000000..a68fa8e1e --- /dev/null +++ b/examples/k8s/sa.yaml @@ -0,0 +1,8 @@ +# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 +apiVersion: v1 +kind: ServiceAccount +metadata: + name: weave-scope + labels: + name: weave-scope + namespace: weave diff --git a/examples/k8s/svc.yaml b/examples/k8s/svc.yaml new file mode 100644 index 000000000..4f77c9f93 --- /dev/null +++ b/examples/k8s/svc.yaml @@ -0,0 +1,22 @@ +# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 +apiVersion: v1 +kind: Service +metadata: + name: weave-scope-app + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + namespace: weave +spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: 4040 + selector: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app