Last active
March 2, 2018 21:35
-
-
Save DD-ScottBeamish/7f4282cb6fcbe970f7098df35567f731 to your computer and use it in GitHub Desktop.
Setting up an OpenShift Development Environment Using MiniShift (Unrestricted)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: dd-agent-config | |
| namespace: myproject | |
| data: | |
| kubernetes: |- | |
| init_config: | |
| instances: | |
| port: 4194 | |
| tags: | |
| - platform:OpenShift | |
| node_labels_to_host_tags: | |
| role:role |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| name: dd-agent | |
| spec: | |
| selector: | |
| matchLabels: | |
| name: dd-agent | |
| template: | |
| metadata: | |
| labels: | |
| app: dd-agent | |
| name: dd-agent | |
| name: dd-agent | |
| spec: | |
| nodeSelector: | |
| label: local | |
| containers: | |
| - image: datadog/agent:latest | |
| imagePullPolicy: Always | |
| name: dd-agent | |
| ports: | |
| - containerPort: 8125 | |
| name: dogstatsdport | |
| protocol: UDP | |
| env: | |
| - name: DD_API_KEY | |
| value: <redacted> | |
| - name: KUBERNETES | |
| value: "yes" | |
| # Uncomment this variable if the agent has issues reaching kubelet | |
| # - name: KUBERNETES_KUBELET_HOST | |
| # valueFrom: | |
| # fieldRef: | |
| # fieldPath: status.hostIP # Kubernetes >= 1.7 | |
| # # or | |
| # # fieldPath: spec.nodeName # Kubernetes < 1.7 | |
| resources: | |
| requests: | |
| memory: "128Mi" | |
| cpu: "100m" | |
| limits: | |
| memory: "512Mi" | |
| cpu: "250m" | |
| volumeMounts: | |
| - name: dockersocket | |
| mountPath: /var/run/docker.sock | |
| - name: procdir | |
| mountPath: /host/proc | |
| readOnly: true | |
| - name: cgroups | |
| mountPath: /host/sys/fs/cgroup | |
| readOnly: true | |
| - name: passwd | |
| mountPath: /etc/passwd | |
| readOnly: true | |
| - name: dd-agent-config | |
| mountPath: /conf.d | |
| #livenessProbe: | |
| # exec: | |
| #command: | |
| #- ./probe.sh | |
| #initialDelaySeconds: 15 | |
| #periodSeconds: 5 | |
| volumes: | |
| - hostPath: | |
| path: /var/run/docker.sock | |
| name: dockersocket | |
| - hostPath: | |
| path: /proc | |
| name: procdir | |
| - hostPath: | |
| path: /sys/fs/cgroup | |
| name: cgroups | |
| - hostPath: | |
| path: /etc/passwd | |
| name: passwd | |
| - name: dd-agent-config | |
| configMap: | |
| name: dd-agent-config | |
| items: | |
| - key: kubernetes | |
| path: kubernetes.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please edit the object below. Lines beginning with a '#' will be ignored, | |
| # and an empty file will abort the edit. If an error occurs while saving this file will be | |
| # reopened with the relevant failures. | |
| # | |
| allowHostDirVolumePlugin: true | |
| allowHostIPC: false | |
| allowHostNetwork: false | |
| allowHostPID: false | |
| allowHostPorts: false | |
| allowPrivilegedContainer: true | |
| allowedCapabilities: [] | |
| apiVersion: v1 | |
| defaultAddCapabilities: [] | |
| fsGroup: | |
| type: RunAsAny | |
| groups: | |
| - system:authenticated | |
| kind: SecurityContextConstraints | |
| metadata: | |
| annotations: | |
| kubernetes.io/description: restricted denies access to all host features and requires | |
| pods to be run with a UID, and SELinux context that are allocated to the namespace. This | |
| is the most restrictive SCC and it is used by default for authenticated users. | |
| creationTimestamp: 2018-02-26T02:52:19Z | |
| name: restricted | |
| resourceVersion: "2751" | |
| selfLink: /api/v1/securitycontextconstraints/restricted | |
| uid: 0faa1bac-1aa0-11e8-826a-c6dce9fa5eee | |
| priority: null | |
| readOnlyRootFilesystem: false | |
| requiredDropCapabilities: | |
| - KILL | |
| - MKNOD | |
| - SETUID | |
| - SETGID | |
| runAsUser: | |
| type: RunAsAny | |
| seLinuxContext: | |
| type: RunAsAny | |
| supplementalGroups: | |
| type: RunAsAny | |
| volumes: | |
| - configMap | |
| - downwardAPI | |
| - emptyDir | |
| - hostPath | |
| - persistentVolumeClaim | |
| - projected | |
| - secret |
NOTE: Kubernetes metrics are not avaiable via Minishift.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here are the steps for setting up a MiniShift development environment.
Install Minishift per your OS.
Start MiniShift
minishift start --vm-driver=virtualbox --metricsoc login -u system:adminoc label node localhost label=localoc edit scc restrictedoc create -f config-map.yamloc create -f dd-agent-daemonset.yaml