kind で mackerel-container-agent を起動する

local で container registory を起動する。kubelet の readonly-port を設定する

code:./kind-with-registry.sh

set -o errexit

# 1. Create registry container unless it already exists

reg_name='kind-registry'

reg_port='5001'

docker run \

-d --restart=always -p "127.0.0.1:${reg_port}:5000" --network bridge --name "${reg_name}" \

registry:2

fi

# 2. Create kind cluster with containerd registry config dir enabled

# TODO: kind will eventually enable this by default and this patch will

# be unnecessary.

#

# See:

cat <<EOF | kind create cluster --config=-

kind: Cluster

apiVersion: kind.x-k8s.io/v1alpha4

containerdConfigPatches:

- |-

config_path = "/etc/containerd/certs.d"

nodes:

- role: control-plane

kubeadmConfigPatches:

- |

kind: InitConfiguration

nodeRegistration:

kubeletExtraArgs:

read-only-port: "10255"

EOF

# 3. Add the registry config to the nodes

#

# This is necessary because localhost resolves to loopback addresses that are

# network-namespace local.

# In other words: localhost in the container is not localhost on the host.

#

# We want a consistent name that works from both ends, so we tell containerd to

# alias localhost:${reg_port} to the registry container when pulling images

REGISTRY_DIR="/etc/containerd/certs.d/localhost:${reg_port}"

for node in $(kind get nodes); do

docker exec "${node}" mkdir -p "${REGISTRY_DIR}"

cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"

EOF

done

# 4. Connect the registry to the cluster network if not already connected

# This allows kind to bootstrap the network but ensures they're on the same network

docker network connect "kind" "${reg_name}"

fi

# 5. Document the local registry

cat <<EOF | kubectl apply -f -

apiVersion: v1

kind: ConfigMap

metadata:

name: local-registry-hosting

namespace: kube-public

data:

localRegistryHosting.v1: |

host: "localhost:${reg_port}"

EOF

code:example-k8s.yaml

---

apiVersion: v1

kind: ServiceAccount

metadata:

name: example-serviceaccount

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

name: mackerel-container-agent-clusterrole

rules:

- apiGroups:

- ""

resources:

- nodes/proxy

- nodes/stats

verbs:

- get

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

name: example-clusterrolebinding

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: mackerel-container-agent-clusterrole

subjects:

- kind: ServiceAccount

name: example-serviceaccount

namespace: default

---

apiVersion: v1

kind: Pod

metadata:

name: example

labels:

app: example

spec:

serviceAccountName: example-serviceaccount

containers:

- name: redis

image: redis:latest

- name: mackerel-container-agent

image: localhost:5001/mackerel-container-agent:latest

imagePullPolicy: Always

resources:

limits:

memory: 128Mi

env:

- name: MACKEREL_LOG_LEVEL

value: TRACE

- name: MACKEREL_CONTAINER_PLATFORM

value: kubernetes

- name: MACKEREL_APIKEY

value: 云々

- name: MACKEREL_ROLES

value: mackerel-container-agent:example

- name: MACKEREL_KUBERNETES_KUBELET_HOST

valueFrom:

fieldRef:

fieldPath: status.hostIP

- name: MACKEREL_KUBERNETES_NAMESPACE

valueFrom:

fieldRef:

fieldPath: metadata.namespace

- name: MACKEREL_KUBERNETES_POD_NAME

valueFrom:

fieldRef:

fieldPath: metadata.name

起動

code:sh

./kind-with-registry.sh

kubectl ctx kind/kind

cd mackerel-container-agent

make docker

docker image tag mackerel-container-agent:latest localhost:5001/mackerel-container-agent:latest

docker push localhost:5001/mackerel-container-agent:latest

kubectl apply -f example-k8s.yaml

片附け

code:sh

kubectl delete pod example

kind delete cluster