From 0b3ed342cebef7e6c6bfb091446810f118f2363a Mon Sep 17 00:00:00 2001 From: Eneko Fernandez Date: Thu, 6 Oct 2022 13:56:28 +0100 Subject: [PATCH] updating weave.cloud docs --- examples/cri/cluster-role-binding.yaml | 1 - examples/cri/cluster-role.yaml | 2 - examples/cri/deploy.yaml | 1 - examples/cri/ds.yaml | 1 - examples/cri/ns.yaml | 1 - examples/cri/sa.yaml | 1 - examples/cri/svc.yaml | 1 - examples/k8s-scope.yaml | 313 +++++++++++++++++++++++++ examples/k8s/cluster-role-binding.yaml | 1 - examples/k8s/cluster-role.yaml | 2 - examples/k8s/deploy.yaml | 1 - examples/k8s/ds.yaml | 1 - examples/k8s/ns.yaml | 1 - examples/k8s/probe-deploy.yaml | 1 - examples/k8s/psp.yaml | 21 -- examples/k8s/sa.yaml | 1 - examples/k8s/svc.yaml | 1 - site/installing.md | 4 +- 18 files changed, 315 insertions(+), 40 deletions(-) create mode 100644 examples/k8s-scope.yaml delete mode 100644 examples/k8s/psp.yaml diff --git a/examples/cri/cluster-role-binding.yaml b/examples/cri/cluster-role-binding.yaml index 1956491bcb..8c84783def 100644 --- a/examples/cri/cluster-role-binding.yaml +++ b/examples/cri/cluster-role-binding.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.10.0 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/examples/cri/cluster-role.yaml b/examples/cri/cluster-role.yaml index 024382365b..06f3f5863c 100644 --- a/examples/cri/cluster-role.yaml +++ b/examples/cri/cluster-role.yaml @@ -1,5 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.10.0 -# with little modificatios to reduce permissions apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/examples/cri/deploy.yaml b/examples/cri/deploy.yaml index 56ba4d31ce..099b972460 100644 --- a/examples/cri/deploy.yaml +++ b/examples/cri/deploy.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.10.0 apiVersion: apps/v1 kind: Deployment metadata: diff --git a/examples/cri/ds.yaml b/examples/cri/ds.yaml index 06e8b4c04e..614c03e7ce 100644 --- a/examples/cri/ds.yaml +++ b/examples/cri/ds.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.10.0 apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/examples/cri/ns.yaml b/examples/cri/ns.yaml index ca8a615ced..87b5d78243 100644 --- a/examples/cri/ns.yaml +++ b/examples/cri/ns.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.10.0 apiVersion: v1 kind: Namespace metadata: diff --git a/examples/cri/sa.yaml b/examples/cri/sa.yaml index 63c12e9282..a93133d384 100644 --- a/examples/cri/sa.yaml +++ b/examples/cri/sa.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.10.0 apiVersion: v1 kind: ServiceAccount metadata: diff --git a/examples/cri/svc.yaml b/examples/cri/svc.yaml index f30fcf0e43..c91a4ae5b5 100644 --- a/examples/cri/svc.yaml +++ b/examples/cri/svc.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.10.0 apiVersion: v1 kind: Service metadata: diff --git a/examples/k8s-scope.yaml b/examples/k8s-scope.yaml new file mode 100644 index 0000000000..8b23da3c47 --- /dev/null +++ b/examples/k8s-scope.yaml @@ -0,0 +1,313 @@ +apiVersion: v1 +kind: List +items: + - apiVersion: v1 + kind: Namespace + metadata: + name: weave + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + name: weave-scope + name: weave-scope + namespace: weave + rules: + - apiGroups: + - "" + resources: + - pods + - pods/log + - replicationcontrollers + - services + - namespaces + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - delete + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - daemonsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/scale + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - deployments/scale + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - get + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - watch + - apiGroups: + - extensions + resourceNames: + - weave-scope + resources: + - podsecuritypolicies + verbs: + - use + - apiGroups: + - volumesnapshot.external-storage.k8s.io + resources: + - volumesnapshots + - volumesnapshotdatas + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: weave-scope + labels: + name: weave-scope + namespace: weave + roleRef: + kind: ClusterRole + name: weave-scope + apiGroup: rbac.authorization.k8s.io + subjects: + - kind: ServiceAccount + name: weave-scope + namespace: weave + - apiVersion: apps/v1 + kind: Deployment + metadata: + name: weave-scope-app + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + namespace: weave + spec: + replicas: 1 + selector: + matchLabels: + app: weave-scope + revisionHistoryLimit: 2 + template: + metadata: + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + spec: + containers: + - name: app + args: + - '--no-probe' + env: [ ] + image: weaveworks/scope:1.13.2 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 4040 + protocol: TCP + resources: + requests: + cpu: 200m + memory: 200Mi + - apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: weave-scope-agent + labels: + name: weave-scope-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: agent + namespace: weave + spec: + minReadySeconds: 5 + selector: + matchLabels: + app: weave-scope + template: + metadata: + labels: + name: weave-scope-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: agent + spec: + containers: + - name: scope-agent + args: + - '--mode=probe' + - '--probe-only' + - '--probe.kubernetes.role=host' + - '--probe.docker.bridge=docker0' + - '--probe.docker=true' + - 'weave-scope-app.weave.svc.cluster.local.:80' + env: + - name: SCOPE_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: weaveworks/scope:1.13.2 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 100Mi + securityContext: + privileged: true + volumeMounts: + - name: docker-socket + mountPath: /var/run/docker.sock + - name: scope-plugins + mountPath: /var/run/scope/plugins + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: true + tolerations: + - effect: NoSchedule + operator: Exists + volumes: + - name: docker-socket + hostPath: + path: /var/run/docker.sock + - name: scope-plugins + hostPath: + path: /var/run/scope/plugins + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + - apiVersion: apps/v1 + kind: Deployment + metadata: + name: weave-scope-cluster-agent + labels: + name: weave-scope-cluster-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: cluster-agent + namespace: weave + spec: + replicas: 1 + selector: + matchLabels: + name: weave-scope-cluster-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: cluster-agent + revisionHistoryLimit: 2 + template: + metadata: + labels: + name: weave-scope-cluster-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: cluster-agent + spec: + containers: + - name: scope-cluster-agent + args: + - '--mode=probe' + - '--probe-only' + - '--probe.kubernetes.role=cluster' + - 'weave-scope-app.weave.svc.cluster.local.:80' + command: + - /home/weave/scope + image: 'docker.io/weaveworks/scope:1.13.2' + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: scope-plugins + mountPath: /var/run/scope/plugins + serviceAccountName: weave-scope + volumes: + - name: scope-plugins + hostPath: + path: /var/run/scope/plugins + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: weave-scope + labels: + name: weave-scope + namespace: weave + - apiVersion: v1 + kind: Service + metadata: + name: weave-scope-app + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + namespace: weave + spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: 4040 + selector: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app \ No newline at end of file diff --git a/examples/k8s/cluster-role-binding.yaml b/examples/k8s/cluster-role-binding.yaml index d6afe0f137..8c84783def 100644 --- a/examples/k8s/cluster-role-binding.yaml +++ b/examples/k8s/cluster-role-binding.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/examples/k8s/cluster-role.yaml b/examples/k8s/cluster-role.yaml index 79bec11bec..ce1a8ba9b7 100644 --- a/examples/k8s/cluster-role.yaml +++ b/examples/k8s/cluster-role.yaml @@ -1,5 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 -# with little modificatios to reduce permissions apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/examples/k8s/deploy.yaml b/examples/k8s/deploy.yaml index f7df6b3b82..30f26d2f42 100644 --- a/examples/k8s/deploy.yaml +++ b/examples/k8s/deploy.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 apiVersion: apps/v1 kind: Deployment metadata: diff --git a/examples/k8s/ds.yaml b/examples/k8s/ds.yaml index 4f9e66f107..bceae50917 100644 --- a/examples/k8s/ds.yaml +++ b/examples/k8s/ds.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/examples/k8s/ns.yaml b/examples/k8s/ns.yaml index 43d5007b03..87b5d78243 100644 --- a/examples/k8s/ns.yaml +++ b/examples/k8s/ns.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 apiVersion: v1 kind: Namespace metadata: diff --git a/examples/k8s/probe-deploy.yaml b/examples/k8s/probe-deploy.yaml index 754eae250c..4cab649ef7 100644 --- a/examples/k8s/probe-deploy.yaml +++ b/examples/k8s/probe-deploy.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 apiVersion: apps/v1 kind: Deployment metadata: diff --git a/examples/k8s/psp.yaml b/examples/k8s/psp.yaml deleted file mode 100644 index f7f850b9f8..0000000000 --- a/examples/k8s/psp.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: weave-scope -spec: - privileged: true - hostPID: true - hostNetwork: true - allowedCapabilities: - - 'NET_ADMIN' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - hostPath diff --git a/examples/k8s/sa.yaml b/examples/k8s/sa.yaml index a68fa8e1e3..a93133d384 100644 --- a/examples/k8s/sa.yaml +++ b/examples/k8s/sa.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 apiVersion: v1 kind: ServiceAccount metadata: diff --git a/examples/k8s/svc.yaml b/examples/k8s/svc.yaml index 4f77c9f93a..c91a4ae5b5 100644 --- a/examples/k8s/svc.yaml +++ b/examples/k8s/svc.yaml @@ -1,4 +1,3 @@ -# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3 apiVersion: v1 kind: Service metadata: diff --git a/site/installing.md b/site/installing.md index 7d550044a0..e6eb21cfe2 100644 --- a/site/installing.md +++ b/site/installing.md @@ -152,7 +152,7 @@ Version 2 of this YAML file supports networks and volumes as defined by any plug To install Weave Scope on your Kubernetes cluster, run - kubectl apply -f "https://cloud.weave.works/k8s/scope.yaml?k8s-version=$(kubectl version | base64 | tr -d '\n')" + kubectl apply -f https://github.com/weaveworks/scope/releases/download/v1.13.2/k8s-scope.yaml This downloads a recent Scope image from Dockerhub and launches a probe onto every node as well as a single Scope app. Once launched, Scope doesn’t require any other configuration. @@ -221,7 +221,7 @@ Next, create a dedicated project for Weave Scope then apply policy changes neede The installation method for Scope on OpenShift is very similar to the one described [above](#k8s) for Kubernetes, but instead of `kubectl apply ...` you need to use `oc apply ...` and install it into the namespace of the `weave` project you have just created, and not the `weave` namespace, i.e.: - oc apply -f 'https://cloud.weave.works/k8s/scope.yaml' + oc apply -f 'https://github.com/weaveworks/scope/releases/download/v1.13.2/k8s-scope.yaml' To access the Scope app from the browser, please refer to Kubernetes instructions [above](#k8s).