diff --git a/README.md b/README.md index caced34..e2b78be 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,5 @@ This repo is deploy weave scope with ansible. -source: https://github.com/weaveworks/scope/tree/master/examples/k8s +source scope: https://github.com/weaveworks/scope/tree/master/examples/k8s +source net: https://github.com/weaveworks/weave/tree/master/prog/weave-kube \ No newline at end of file diff --git a/files/net/weave-net-ClusterRole.yaml b/files/net/weave-net-ClusterRole.yaml new file mode 100644 index 0000000..af79068 --- /dev/null +++ b/files/net/weave-net-ClusterRole.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: weave-net + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/v1.16/net.yaml", + "date": "Mon Apr 27 2020 21:31:25 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-net +rules: + - apiGroups: + - '' + resources: + - pods + - namespaces + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - nodes/status + verbs: + - patch + - update diff --git a/files/net/weave-net-ClusterRoleBinding.yaml b/files/net/weave-net-ClusterRoleBinding.yaml new file mode 100644 index 0000000..4847093 --- /dev/null +++ b/files/net/weave-net-ClusterRoleBinding.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: weave-net + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/v1.16/net.yaml", + "date": "Mon Apr 27 2020 21:31:25 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-net +roleRef: + kind: ClusterRole + name: weave-net + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: weave-net + namespace: kube-system diff --git a/files/net/weave-net-DaemonSet.yaml b/files/net/weave-net-DaemonSet.yaml new file mode 100644 index 0000000..2866a14 --- /dev/null +++ b/files/net/weave-net-DaemonSet.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: weave-net + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/v1.16/net.yaml", + "date": "Mon Apr 27 2020 21:31:25 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-net + namespace: kube-system +spec: + minReadySeconds: 5 + selector: + matchLabels: + name: weave-net + template: + metadata: + labels: + name: weave-net + spec: + containers: + - name: weave + command: + - /home/weave/launch.sh + env: + - name: HOSTNAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: 'docker.io/weaveworks/weave-kube:2.6.2' + readinessProbe: + httpGet: + host: 127.0.0.1 + path: /status + port: 6784 + resources: + requests: + cpu: 10m + securityContext: + privileged: true + volumeMounts: + - name: weavedb + mountPath: /weavedb + - name: cni-bin + mountPath: /host/opt + - name: cni-bin2 + mountPath: /host/home + - name: cni-conf + mountPath: /host/etc + - name: dbus + mountPath: /host/var/lib/dbus + - name: lib-modules + mountPath: /lib/modules + - name: xtables-lock + mountPath: /run/xtables.lock + - name: weave-npc + env: + - name: HOSTNAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: 'docker.io/weaveworks/weave-npc:2.6.2' + resources: + requests: + cpu: 10m + securityContext: + privileged: true + volumeMounts: + - name: xtables-lock + mountPath: /run/xtables.lock + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: true + priorityClassName: system-node-critical + restartPolicy: Always + securityContext: + seLinuxOptions: {} + serviceAccountName: weave-net + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: weavedb + hostPath: + path: /var/lib/weave + - name: cni-bin + hostPath: + path: /opt + - name: cni-bin2 + hostPath: + path: /home + - name: cni-conf + hostPath: + path: /etc + - name: dbus + hostPath: + path: /var/lib/dbus + - name: lib-modules + hostPath: + path: /lib/modules + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + updateStrategy: + type: RollingUpdate diff --git a/files/net/weave-net-Role.yaml b/files/net/weave-net-Role.yaml new file mode 100644 index 0000000..473da68 --- /dev/null +++ b/files/net/weave-net-Role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: weave-net + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/v1.16/net.yaml", + "date": "Mon Apr 27 2020 21:31:25 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-net + namespace: kube-system +rules: + - apiGroups: + - '' + resourceNames: + - weave-net + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - '' + resources: + - configmaps + verbs: + - create diff --git a/files/net/weave-net-RoleBinding.yaml b/files/net/weave-net-RoleBinding.yaml new file mode 100644 index 0000000..82999df --- /dev/null +++ b/files/net/weave-net-RoleBinding.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: weave-net + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/v1.16/net.yaml", + "date": "Mon Apr 27 2020 21:31:25 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-net + namespace: kube-system +roleRef: + kind: Role + name: weave-net + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: weave-net + namespace: kube-system diff --git a/files/net/weave-net-ServiceAccount.yaml b/files/net/weave-net-ServiceAccount.yaml new file mode 100644 index 0000000..92a2f81 --- /dev/null +++ b/files/net/weave-net-ServiceAccount.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: weave-net + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/v1.16/net.yaml", + "date": "Mon Apr 27 2020 21:31:25 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-net + namespace: kube-system diff --git a/files/scope/weave-Namespace.yaml b/files/scope/weave-Namespace.yaml new file mode 100644 index 0000000..6fe4bbf --- /dev/null +++ b/files/scope/weave-Namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: weave + annotations: + cloud.weave.works/version: v1.0.0-269-gffdc830 diff --git a/files/scope/weave-scope-ClusterRole.yaml b/files/scope/weave-scope-ClusterRole.yaml new file mode 100644 index 0000000..a4a363a --- /dev/null +++ b/files/scope/weave-scope-ClusterRole.yaml @@ -0,0 +1,96 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: weave-scope + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/1.13.0/scope.yaml", + "date": "Mon Apr 27 2020 20:49:06 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-scope +rules: + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - list + - watch + - delete + - apiGroups: + - '' + resources: + - pods/log + - services + - nodes + - namespaces + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - deployments + - daemonsets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - get + - update + - apiGroups: + - extensions + resources: + - deployments/scale + verbs: + - get + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - volumesnapshot.external-storage.k8s.io + resources: + - volumesnapshots + - volumesnapshotdatas + verbs: + - list + - watch diff --git a/files/scope/weave-scope-ClusterRoleBinding.yaml b/files/scope/weave-scope-ClusterRoleBinding.yaml new file mode 100644 index 0000000..9e4a149 --- /dev/null +++ b/files/scope/weave-scope-ClusterRoleBinding.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: weave-scope + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/1.13.0/scope.yaml", + "date": "Mon Apr 27 2020 20:49:06 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-scope +roleRef: + kind: ClusterRole + name: weave-scope + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: weave-scope + namespace: weave diff --git a/files/scope/weave-scope-ServiceAccount.yaml b/files/scope/weave-scope-ServiceAccount.yaml new file mode 100644 index 0000000..f6aa126 --- /dev/null +++ b/files/scope/weave-scope-ServiceAccount.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: weave-scope + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/1.13.0/scope.yaml", + "date": "Mon Apr 27 2020 20:49:06 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-scope + namespace: weave diff --git a/files/scope/weave-scope-agent-DaemonSet.yaml b/files/scope/weave-scope-agent-DaemonSet.yaml new file mode 100644 index 0000000..d8e56be --- /dev/null +++ b/files/scope/weave-scope-agent-DaemonSet.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: weave-scope-agent + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/1.13.0/scope.yaml", + "date": "Mon Apr 27 2020 20:49:06 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-scope-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: agent + namespace: weave +spec: + minReadySeconds: 5 + selector: + matchLabels: + name: weave-scope-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: agent + template: + metadata: + labels: + name: weave-scope-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: agent + spec: + containers: + - name: scope-agent + args: + - '--mode=probe' + - '--probe-only' + - '--probe.kubernetes.role=host' + - '--probe.publish.interval=4500ms' + - '--probe.spy.interval=2s' + - '--probe.docker.bridge=docker0' + - '--probe.docker=true' + - 'weave-scope-app.weave.svc.cluster.local:80' + command: + - /home/weave/scope + env: [] + image: 'docker.io/weaveworks/scope:1.13.0' + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 100Mi + securityContext: + privileged: true + volumeMounts: + - name: scope-plugins + mountPath: /var/run/scope/plugins + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + - name: docker-socket + mountPath: /var/run/docker.sock + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: true + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: scope-plugins + hostPath: + path: /var/run/scope/plugins + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + - name: docker-socket + hostPath: + path: /var/run/docker.sock + updateStrategy: + type: RollingUpdate diff --git a/files/scope/weave-scope-app-Deployment.yaml b/files/scope/weave-scope-app-Deployment.yaml new file mode 100644 index 0000000..47f61ca --- /dev/null +++ b/files/scope/weave-scope-app-Deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: weave-scope-app + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/1.13.0/scope.yaml", + "date": "Mon Apr 27 2020 20:49:06 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + namespace: weave +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + template: + metadata: + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + spec: + containers: + - name: app + args: + - '--mode=app' + command: + - /home/weave/scope + env: [] + image: 'docker.io/weaveworks/scope:1.13.0' + imagePullPolicy: IfNotPresent + ports: + - containerPort: 4040 + protocol: TCP diff --git a/files/scope/weave-scope-app-Service.yaml b/files/scope/weave-scope-app-Service.yaml new file mode 100644 index 0000000..ca35350 --- /dev/null +++ b/files/scope/weave-scope-app-Service.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: weave-scope-app + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/1.13.0/scope.yaml", + "date": "Mon Apr 27 2020 20:49:06 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app + namespace: weave +spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: 4040 + selector: + name: weave-scope-app + app: weave-scope + weave-cloud-component: scope + weave-scope-component: app diff --git a/files/scope/weave-scope-cluster-agent-Deployment.yaml b/files/scope/weave-scope-cluster-agent-Deployment.yaml new file mode 100644 index 0000000..85bc8e2 --- /dev/null +++ b/files/scope/weave-scope-cluster-agent-Deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: weave-scope-cluster-agent + annotations: + cloud.weave.works/launcher-info: |- + { + "original-request": { + "url": "/k8s/1.13.0/scope.yaml", + "date": "Mon Apr 27 2020 20:49:06 GMT+0000 (UTC)" + }, + "email-address": "support@weave.works" + } + labels: + name: weave-scope-cluster-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: cluster-agent + namespace: weave +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + name: weave-scope-cluster-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: cluster-agent + template: + metadata: + labels: + name: weave-scope-cluster-agent + app: weave-scope + weave-cloud-component: scope + weave-scope-component: cluster-agent + spec: + containers: + - name: scope-cluster-agent + args: + - '--mode=probe' + - '--probe-only' + - '--probe.kubernetes.role=cluster' + - '--probe.http.listen=:4041' + - '--probe.publish.interval=4500ms' + - '--probe.spy.interval=2s' + - 'weave-scope-app.weave.svc.cluster.local:80' + command: + - /home/weave/scope + env: [] + image: 'docker.io/weaveworks/scope:1.13.0' + imagePullPolicy: IfNotPresent + ports: + - containerPort: 4041 + protocol: TCP + resources: + requests: + cpu: 25m + memory: 80Mi + serviceAccountName: weave-scope diff --git a/scripts/update.sh b/scripts/update.sh index f7353e7..62156b1 100755 --- a/scripts/update.sh +++ b/scripts/update.sh @@ -1,3 +1,27 @@ #!/usr/bin/env bash +curl -L0 https://cloud.weave.works/k8s/1.13.0/scope.yaml +sed -e /^apiVersion/d -e /^kind/d -e /^items/d -e "s/^ //" -e '/^- / i---' -e 's/^[ -] //' -i scope.yaml +kubernetes-split-yaml scope.yaml > generated.log +mv generated/*.yaml scope/ +echo -e '---\nweave_scope_files:' > ../vars/scope-files.yaml +cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "scope/\2"|' >> ../vars/scope-files.yaml +rm -fr generated{,.log} scope.yaml + + + +# https://github.com/weaveworks/weave/releases/download/latest_release/weave-daemonset-k8s-1.11.yaml +curl -LO https://cloud.weave.works/k8s/2.6.2/net.yaml +sed -e /^apiVersion/d -e /^kind/d -e /^items/d -e "s/^ //" -e '/^- / i---' -e 's/^[ -] //' -i net.yaml +kubernetes-split-yaml net.yaml > generated.log +mv generated/*.yaml net/ +echo -e '---\nweave_net_files:' > ../vars/net-files.yaml +cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "net/\2"|' >> ../vars/net-files.yaml +rm -fr generated{,.log} net.yaml + +# Configuration https://www.weave.works/docs/net/latest/kubernetes/kube-addon/ +line_nb=$(cat -n net/weave-net-DaemonSet.yaml | sed -n '/ - name: weave/,/ - name: weave-npc/p' | grep env: | cut -f1) +sed -e ${line_nb}' a\ - name: IPALLOC_RANGE\n value: 10.32.0.0/12' -i net/weave-net-DaemonSet.yaml +sed -e ${line_nb}' a\ - name: WEAVE_MTU\n value: 1376' -i net/weave-net-DaemonSet.yaml +sed -e ${line_nb}' a\ - name: IPTABLES_BACKEND\n value: nft' -i net/weave-net-DaemonSet.yaml +sed -e ${line_nb}' a\ - name: WEAVE_PASSWORD\n valueFrom:\n secretKeyRef:\n name: weave-passwd\n key: weave-passwd' -i net/weave-net-DaemonSet.yaml -curl -L https://cloud.weave.works/k8s/2.6.2/net.yaml \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 823aeb7..d1a2eb8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,19 @@ -- debug: var=my_context - tags: prom +--- +- name: Weave Net setup + block: + - name: Weave Net files + k8s: + state: present + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('file', item) | from_yaml }}" + with_items: + - "{{ weave_net_files }}" + when: + - kubernetes_network == "weave-net" + tags: weave -- name: Weave setup +- name: Weave Scope setup block: - name: namespace k8s: @@ -67,14 +79,6 @@ merge_type: merge resource_definition: "{{ lookup('template', item) | from_yaml }}" with_items: - - scope/psp.yaml.j2 - - scope/cluster-role-binding.yaml.j2 - - scope/cluster-role.yaml.j2 - - scope/sa.yaml.j2 - - scope/svc.yaml.j2 - - scope/ds.yaml.j2 - - scope/probe-deploy.yaml.j2 - - scope/deploy.yaml.j2 - - scope/weave_ingress.yaml.j2 + - "{{ weave_scope_files }}" tags: weave diff --git a/vars/net-files.yaml b/vars/net-files.yaml new file mode 100644 index 0000000..993d8dd --- /dev/null +++ b/vars/net-files.yaml @@ -0,0 +1,8 @@ +--- +weave_net_files: + - "net/weave-net-ServiceAccount.yaml" + - "net/weave-net-ClusterRole.yaml" + - "net/weave-net-ClusterRoleBinding.yaml" + - "net/weave-net-Role.yaml" + - "net/weave-net-RoleBinding.yaml" + - "net/weave-net-DaemonSet.yaml" diff --git a/vars/scope-files.yaml b/vars/scope-files.yaml new file mode 100644 index 0000000..5b2810b --- /dev/null +++ b/vars/scope-files.yaml @@ -0,0 +1,10 @@ +--- +weave_scope_files: + - "scope/weave-Namespace.yaml" + - "scope/weave-scope-ServiceAccount.yaml" + - "scope/weave-scope-ClusterRole.yaml" + - "scope/weave-scope-ClusterRoleBinding.yaml" + - "scope/weave-scope-app-Deployment.yaml" + - "scope/weave-scope-app-Service.yaml" + - "scope/weave-scope-cluster-agent-Deployment.yaml" + - "scope/weave-scope-agent-DaemonSet.yaml"