Frequently asked questions
Running Scope in a Kubernetes setting
This is answered in our
docs. you can
choose between two options, either clone the source of Weave Scope, or use
the YAML manifests from
Disabling Scope Write Access
Can be done by using the
probe.no-controls option and set it to false for the scope agents. This can be done in the scope deployment manifest under the
weave-scope-agent’s argument section with
RBAC and Weave Scope OSS
OSS Scope has no user concept, this is only available in Weave Cloud. To limit the access to the UI,
- setup a reverse proxy with auth and block access to non admin users,
- capture the calls with something like Chrome network console to get the endpoints to know which requests to authenticate in the proxy server.
you can use Basic HTTP Auth since Scope 1.10.0 - just use these command line arguments:
-app.basicAuth Enable basic authentication for app -app.basicAuth.password string Password for basic authentication (default "admin") -app.basicAuth.username string Username for basic authentication (default "admin") -probe.basicAuth Enable basic authentication for app -probe.basicAuth.password string Password for basic authentication (default "admin") -probe.basicAuth.username string Username for basic authentication (default "admin")
or alternatively set the environment variables to use the same authentication for Scope app and Scope probe:
ENABLE_BASIC_AUTH: set to "true" BASIC_AUTH_USERNAME: set to the desired user (default "admin") BASIC_AUTH_PASSWORD: set to the desired password (default "admin")
Note that there is no standard programmatic way of expiring a session with Basic Auth, so the users would normally stayed logged in until the authentication params have changed. See this article for more details.
- It required patches, @adivyoseph (on #scope) had done some work on this.
- #2110 says that scope’s CI builds ARM32 (but not ARM64) for test-builds at least.
- @errordeveloper says: It should be easy to add arm64 in CI, You can try and enable builds in ci on a branch.. In theory, you just need to build for
Scope doesn’t support LDAP right now.
OSS Scope reports aren’t persistent and the probe keeps the last 15 seconds of metrics in memory.
Scope exposes the following http endpoints that can be used for troubleshooting:
/admin/summary- lists the reports being used by the app, with counts of each node type (containers, processes, etc.).
Scope exposes the following endpoints that can be used by external monitoring services.
/api- Scope status and configuration
/api/probes- basic status of Scope probes
/api/report- returns a full JSON report
/api/topology- information on all topologies
/api/topology/[TOPOLOGY]- information on all nodes belonging to
/api/topology/[TOPOLOGY]/[NODE_ID]- information on specific node
NODE_IDmust be an internal Scope node ID obtained from the URL field
selectedNodeIdwhen selecting that node in the UI - see #3122 for a proposal of a better solution)
Using a different port
You can use
scope launch --app.http.address=127.0.0.1:9000 to run the
http server on another port (in this case 9000).