heptio scanner kubernetes 集群诊断工具部署说明

heptio scanner 是一款k8s 集群状态的诊断工具，还是很方便的，但是有一点就是需要使用google 的镜像

参考地址

https://scanner.heptio.com/

部署

• kubectl 部署说明

kubectl apply -f https://scanner.heptio.com/b5a7e2f93898098672771fb7d5877576/yaml/?rbac=no

yaml 定义文件

• RBAC 模式

---
apiVersion: v1
kind: Namespace
metadata:
  name: heptio-sonobuoy
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-serviceaccount
  namespace: heptio-sonobuoy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-serviceaccount-heptio-sonobuoy
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: sonobuoy-serviceaccount
subjects:
- kind: ServiceAccount
  name: sonobuoy-serviceaccount
  namespace: heptio-sonobuoy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-serviceaccount
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
---
apiVersion: v1
data:
  config.json: |
    {
      "Description": "sonobuoy run for scanner.heptio.com",
      "Version": "v0.11.4",
      "ResultsDir": "/tmp/sonobuoy",
      "Resources": [
        "Nodes",
        "ServerVersion"
      ],
      "Filters": {
        "Namespaces": ".*",
        "LabelSelector": ""
      },
      "Server": {
        "bindaddress":"0.0.0.0",
        "bindport":8080,
        "advertiseaddress":"",
        "timeoutseconds":8000
      },
      "Plugins": [
        {
          "name":"e2e"
        }
      ],
      "WorkerImage":"gcr.io/heptio-images/sonobuoy:latest",
      "ImagePullPolicy":"Always"
    }
kind: ConfigMap
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-config-cm
  namespace: heptio-sonobuoy
---
apiVersion: v1
data:
  e2e.yaml: |
    sonobuoy-config:
      driver: Job
      plugin-name: e2e
      result-type: e2e
    spec:
      env:
      - name: E2E_FOCUS
        value: '[Conformance]'
      command: ["/run_e2e.sh"]
      image: gcr.io/heptio-images/kube-conformance:latest
      imagePullPolicy: Always
      name: e2e
      volumeMounts:
      - mountPath: /tmp/results
        name: results
        readOnly: false
kind: ConfigMap
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-plugins-cm
  namespace: heptio-sonobuoy
---
apiVersion: v1
kind: Pod
metadata:
  labels:
    component: sonobuoy
    run: sonobuoy-master
    tier: analysis
  name: sonobuoy
  namespace: heptio-sonobuoy
spec:
  containers:
  - env:
    - name: SONOBUOY_ADVERTISE_IP
      valueFrom:
        fieldRef:
          fieldPath: status.podIP
    image: gcr.io/heptio-images/sonobuoy:v0.11.4
    imagePullPolicy: Always
    name: kube-sonobuoy
    volumeMounts:
    - mountPath: /etc/sonobuoy
      name: sonobuoy-config-volume
    - mountPath: /plugins.d
      name: sonobuoy-plugins-volume
    - mountPath: /tmp/sonobuoy
      name: sonobuoy-output
  - env:
    - name: READ_RESULTS_DIR
      value: /tmp/sonobuoy
    - name: WRITE_RESULTS_DIR
      value: /tmp/forwarder
    - name: HEPTIO_TOKEN
      value: "b5a7e2f93898098672771fb7d5877576"
    - name: CLOUD_URL
      value: https://scanner.heptio.com
    image: gcr.io/heptio-images/scanner-forwarder:v0.0.4
    imagePullPolicy: Always
    name: forwarder
    volumeMounts:
    - mountPath: /tmp/sonobuoy
      name: sonobuoy-output
    - mountPath: /tmp/forwarder
      name: forwarder-output
  - env:
    - name: NAMESPACE
      valueFrom:
        fieldRef:
          fieldPath: metadata.namespace
    - name: READ_RESULTS_DIR
      value: /tmp/forwarder
    image: gcr.io/heptio-images/namespace-deleter:v0.0.1
    imagePullPolicy: Always
    name: cleanup
    volumeMounts:
    - mountPath: /tmp/forwarder
      name: forwarder-output
  restartPolicy: Never
  serviceAccountName: sonobuoy-serviceaccount
  volumes:
  - configMap:
      name: sonobuoy-config-cm
    name: sonobuoy-config-volume
  - configMap:
      name: sonobuoy-plugins-cm
    name: sonobuoy-plugins-volume
  - emptyDir: {}
    name: sonobuoy-output
  - emptyDir: {}
    name: forwarder-output
---
apiVersion: v1
kind: Service
metadata:
  labels:
    component: sonobuoy
    run: sonobuoy-master
  name: sonobuoy-master
  namespace: heptio-sonobuoy
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    run: sonobuoy-master
  type: ClusterIP

• 非 RBAC模式

---
apiVersion: v1
kind: Namespace
metadata:
  name: heptio-sonobuoy
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-serviceaccount
  namespace: heptio-sonobuoy
---
apiVersion: v1
data:
  config.json: |
    {
      "Description": "sonobuoy run for scanner.heptio.com",
      "Version": "v0.11.4",
      "ResultsDir": "/tmp/sonobuoy",
      "Resources": [
        "Nodes",
        "ServerVersion"
      ],
      "Filters": {
        "Namespaces": ".*",
        "LabelSelector": ""
      },
      "Server": {
        "bindaddress":"0.0.0.0",
        "bindport":8080,
        "advertiseaddress":"",
        "timeoutseconds":8000
      },
      "Plugins": [
        {
          "name":"e2e"
        }
      ],
      "WorkerImage":"gcr.io/heptio-images/sonobuoy:latest",
      "ImagePullPolicy":"Always"
    }
kind: ConfigMap
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-config-cm
  namespace: heptio-sonobuoy
---
apiVersion: v1
data:
  e2e.yaml: |
    sonobuoy-config:
      driver: Job
      plugin-name: e2e
      result-type: e2e
    spec:
      env:
      - name: E2E_FOCUS
        value: '[Conformance]'
      command: ["/run_e2e.sh"]
      image: gcr.io/heptio-images/kube-conformance:latest
      imagePullPolicy: Always
      name: e2e
      volumeMounts:
      - mountPath: /tmp/results
        name: results
        readOnly: false
kind: ConfigMap
metadata:
  labels:
    component: sonobuoy
  name: sonobuoy-plugins-cm
  namespace: heptio-sonobuoy
---
apiVersion: v1
kind: Pod
metadata:
  labels:
    component: sonobuoy
    run: sonobuoy-master
    tier: analysis
  name: sonobuoy
  namespace: heptio-sonobuoy
spec:
  containers:
  - env:
    - name: SONOBUOY_ADVERTISE_IP
      valueFrom:
        fieldRef:
          fieldPath: status.podIP
    image: gcr.io/heptio-images/sonobuoy:v0.11.4
    imagePullPolicy: Always
    name: kube-sonobuoy
    volumeMounts:
    - mountPath: /etc/sonobuoy
      name: sonobuoy-config-volume
    - mountPath: /plugins.d
      name: sonobuoy-plugins-volume
    - mountPath: /tmp/sonobuoy
      name: sonobuoy-output
  - env:
    - name: READ_RESULTS_DIR
      value: /tmp/sonobuoy
    - name: WRITE_RESULTS_DIR
      value: /tmp/forwarder
    - name: HEPTIO_TOKEN
      value: "b5a7e2f93898098672771fb7d5877576"
    - name: CLOUD_URL
      value: https://scanner.heptio.com
    image: gcr.io/heptio-images/scanner-forwarder:v0.0.4
    imagePullPolicy: Always
    name: forwarder
    volumeMounts:
    - mountPath: /tmp/sonobuoy
      name: sonobuoy-output
    - mountPath: /tmp/forwarder
      name: forwarder-output
  - env:
    - name: NAMESPACE
      valueFrom:
        fieldRef:
          fieldPath: metadata.namespace
    - name: READ_RESULTS_DIR
      value: /tmp/forwarder
    image: gcr.io/heptio-images/namespace-deleter:v0.0.1
    imagePullPolicy: Always
    name: cleanup
    volumeMounts:
    - mountPath: /tmp/forwarder
      name: forwarder-output
  restartPolicy: Never
  serviceAccountName: sonobuoy-serviceaccount
  volumes:
  - configMap:
      name: sonobuoy-config-cm
    name: sonobuoy-config-volume
  - configMap:
      name: sonobuoy-plugins-cm
    name: sonobuoy-plugins-volume
  - emptyDir: {}
    name: sonobuoy-output
  - emptyDir: {}
    name: forwarder-output
---
apiVersion: v1
kind: Service
metadata:
  labels:
    component: sonobuoy
    run: sonobuoy-master
  name: sonobuoy-master
  namespace: heptio-sonobuoy
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    run: sonobuoy-master
  type: ClusterIP

• 等待诊断结果界面

说明

部署是通过可视化界面，查看诊断结果的，提供的token 就是标识对应的k8s集群，同时运行过程中有点慢

参考资料

https://github.com/heptio/sonobuoy
https://scanner.heptio.com/