We try to support the various authentication strategies supported by kubectl, in order to provide seamless integration with your local setup. Here are the different authentication strategies we support, depending on how you’re using Kubebox:
If the mode you’re using isn’t supported, you can refresh the authentication token/certs manually and update your kubeconfig file accordingly.
1.7 cAdvisor
Kubebox relies on cAdvisor to retrieve the resource usage metrics. Before version 0.8.0, Kubebox used to access the cAdvisor endpoints, that are embedded in the Kubelet. However, these endpoints are being deprecated, and will eventually be removed, as discussed in kubernetes#68522.
Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. This can be achieved with:
It’s recommended to use the provided cadvisor.yaml file, that’s tested to work with Kubebox. However, the DaemonSet example, from the cAdvisor project, should also work just fine. Note that the cAdvisor containers must run with a privileged security context, so that they can access the container runtime on each node.
You can change the default --storage_duration and --housekeeping_interval options, added to the cAdvisor container arguments declared in the cadvisor.yaml file, to adjust the duration of the storage moving window (default to 5m0s), and the sampling period (default to 10s) respectively. You may also have to provide the path of your cluster container runtime socket, in case it’s not following the usual convention.
1.8 FAQ
Resources usage metrics are unavailable!
Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. See the cAdvisor section for more details;
The metrics are retrieved from the REST API, of the cAdvisor pod running on the same node as the container for which the metrics are being requested. That REST API is accessed via the API server proxy, which requires proper RBAC permission, e.g.:
The following environment variables are supported:AUTHORIZE_URL
Optional OAuth 2 authorization endpoint URL for protecting the UI.ACCESS_TOKEN_URL
Optional token endpoint URL for the OAuth 2 Authorization Code Grant flow.SCOPE
Optional scope specifies level of access that the application is requesting.CLUSTERS
Comma separated list of Kubernetes API server URLs. It defaults to http://localhost:8001/ (default endpoint of kubectl proxy).CLUSTER_REGISTRY_URL
URL to cluster registry returning list of Kubernetes clusters.CREDENTIALS_DIR
Directory to read (OAuth) credentials from --- these credentials are only used for non-localhost cluster URLs.DEBUG
Set to "true" for local development to reload code changes.KUBECONFIG_PATH
Path to kubeconfig file to use for cluster access.KUBECONFIG_CONTEXTS
Comma separated list of contexts to use when reading the kubeconfig file from KUBECONFIG_PATH.MOCK
Set to "true" to mock Kubernetes cluster data.QUERY_INTERVAL
Interval in seconds for querying clusters (default: 5). Each cluster will at most queried once per configured interval.REDIS_URL
Optional Redis server to use for pub/sub events and job locking when running more than one replica. Example: redis://my-redis:6379SERVER_PORT
HTTP port to listen on. It defaults to 8080.NODE_LINK_URL_TEMPLATE
Template to make Nodes clickable, e.g. can point to kube-web-view. {cluster} (cluster ID) and {name} (Node name) will be replaced in the URL template.POD_LINK_URL_TEMPLATE
Template to make Pods clickable, e.g. can point to kube-web-view. {cluster} (cluster ID), {namespace} (Pod's namespace), and {name} (Pod name) will be replaced in the URL template.ROUTE_PREFIX
The URL prefix under which kube-ops-view is externally reachable (for example, if kube-ops-view is served via a reverse proxy). Used for generating relative and absolute links back to kube-ops-view itself. If the URL has a path portion, it will be used to prefix all HTTP endpoints served by kube-ops-view. If omitted, relevant URL components will be derived automatically.
2.6 Supported Browsers
The UI uses WebGL, ECMAScript 6, and EventSource features. The following browsers are known to work:
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
Weave Scope automatically generates a map of your application, enabling you to intuitively understand, monitor, and control your containerized, microservices-based application.
Ensure your computer is behind a firewall that blocks.
Understand your Docker containers in real time
Choose an overview of your container infrastructure, or focus on a specific microservice. Easily identify and correct issues to ensure the stability and performance of your containerized applications.
Contextual details and deep linking
View contextual metrics, tags, and metadata for your containers. Effortlessly navigate between processes inside your container to hosts your containers run on, arranged in expandable, sortable tables. Easily find the container using the most CPU or memory for a given host or service.
Interact with and manage containers
Interact with your containers directly: pause, restart, and stop containers. Launch a command line. All without leaving the scope browser window.
Extend and customize via plugins
Add custom details or interactions for your hosts, containers, and/or processes by creating Scope plugins. Or, just choose from some that others have already written at the GitHub Weaveworks Scope Plugins organization.
4.1 WeaveScope Install
Manager 서버에서 쉘(nhn_cloud_weavescope.sh) 파일을 이용하여 실행 하면 Weavescope 의 웹 페이지에 접속이 가능합니다.
Scope is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.
Find more details about the licenses of vendored code in VENDORED_CODE.md.
# Kubebox 파일 다운로드 및 실행 권한
$ curl -Lo kubebox https://github.com/astefanutti/kubebox/releases/download/v0.9.0/kubebox-linux && chmod +x kubebox
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 619 100 619 0 0 2292 0 --:--:-- --:--:-- --:--:-- 2284
100 11.8M 100 11.8M 0 0 5401k 0 0:00:02 0:00:02 --:--:-- 10.1M
# /usr/local/bin 폴더로 이동
$ sudo mv kubebox /usr/local/bin/
# Resources(Memory/Cpu/Net/FS) 를 보기 위해 cadvisor.yaml 실행
$ kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/cadvisor.yaml
namespace/cadvisor created
serviceaccount/cadvisor created
podsecuritypolicy.policy/cadvisor unchanged
clusterrole.rbac.authorization.k8s.io/cadvisor unchanged
clusterrolebinding.rbac.authorization.k8s.io/cadvisor unchanged
daemonset.apps/cadvisor created
# 실행
$ kubebox
# Permission to list the cAdvisor pods (selected using the `spec.nodeName` field selector)
$ kubectl auth can-i list pods -n cadvisor
yes
# Permission to proxy the selected cAdvisor pod, to call its REST API
$ kubectl auth can-i get pod --subresource proxy -n cadvisor
yes
Kubernetes Operational View 다운로드 및 실행 방법
# Kubernetes Operational View 소스 파일 다운로드
$ git clone https://codeberg.org/hjacobs/kube-ops-view.git
Cloning into 'kube-ops-view'...
remote: Enumerating objects: 1970, done.
remote: Counting objects: 100% (1970/1970), done.
remote: Compressing objects: 100% (766/766), done.
remote: Total 1970 (delta 1340), reused 1702 (delta 1162), pack-reused 0
Receiving objects: 100% (1970/1970), 1.11 MiB | 825.00 KiB/s, done.
Resolving deltas: 100% (1340/1340), done.
# 소스 파일 다운로드
$ ls
kube-ops-view
# deploy 폴더에 yaml 파일 확인
$ cd kube-ops-view/deploy/
$ ls
deployment.yaml kustomization.yaml rbac.yaml redis-deployment.yaml redis-service.yaml service.yaml
# service.yaml 파일에 LoadBalancer IP 할당
$ vi service.yaml
type: ClusterIP ==> type: LoadBalancer
# Kubernetes Operational View Service 실행
$ kubectl apply -k .
serviceaccount/kube-ops-view created
clusterrole.rbac.authorization.k8s.io/kube-ops-view created
clusterrolebinding.rbac.authorization.k8s.io/kube-ops-view created
service/kube-ops-view-redis created
service/kube-ops-view created
deployment.apps/kube-ops-view-redis created
deployment.apps/kube-ops-view created
# Kubernetes Operational View Service 실행 확인
$ kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kube-ops-view LoadBalancer 10.254.81.99 133.186.244.48 80:31174/TCP 75s
default kube-ops-view-redis ClusterIP 10.254.60.234 <none> 6379/TCP 109s
default kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 3h18m
kube-system dashboard-metrics-scraper ClusterIP 10.254.190.192 <none> 8000/TCP 3h18m
kube-system kube-dns ClusterIP 10.254.0.10 <none> 53/UDP,53/TCP,9153/TCP 3h18m
kube-system kubernetes-dashboard ClusterIP 10.254.169.196 <none> 443/TCP 3h18m
kube-system metrics-server ClusterIP 10.254.232.10 <none> 443/TCP 3h18m
# Kubernetes Operational View Service 중지
$ kubectl delete -k .
serviceaccount "kube-ops-view" deleted
clusterrole.rbac.authorization.k8s.io "kube-ops-view" deleted
clusterrolebinding.rbac.authorization.k8s.io "kube-ops-view" deleted
service "kube-ops-view-redis" deleted
service "kube-ops-view" deleted
deployment.apps "kube-ops-view-redis" deleted
deployment.apps "kube-ops-view" deleted
