summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoryatinkarel <ykarel@redhat.com>2017-03-03 10:39:40 +0530
committertianqing <tianqing@unitedstack.com>2017-08-22 02:14:08 +0000
commita422f534101ff9f733dd65d9c1a6e7f8a2003693 (patch)
treefffac42f56e7e7f51230af05ca978baed9e21437
parent8cb0e1f57033f697ec43819952ef07b43582b3d1 (diff)
Add kube dashboard and remove kube ui
kube-ui [2] is deprecated and not actively maintained since long time. Instead kubernetes dashboard [1] has lot of features and is actively managed. With this patch kube-ui is removed and kubernetes dashboard is added and enabled in k8s cluster by default. The kubernetes dashboard is enabled by default. To disable it, set the label 'kube_dashboard_enabled' to False Reference: [1] https://github.com/kubernetes/dashboard [2] https://github.com/kubernetes/kube-ui (cherry-pick from 44d102a65efa934ed7867673775163e7f67482eb) Change-Id: Ib4a6fcd08606dea70aae5b018c5e3c2dedcd2c6e
Notes
Notes (review): Code-Review+2: Spyros Trigazis (strigazi) <strigazi@gmail.com> Code-Review+2: yatin <ykarel@redhat.com> Workflow+1: yatin <ykarel@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 22 Aug 2017 08:50:32 +0000 Reviewed-on: https://review.openstack.org/496064 Project: openstack/magnum Branch: refs/heads/stable/ocata
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh149
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/kube-ui-service.sh133
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml2
-rw-r--r--magnum/drivers/heat/k8s_template_def.py3
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml12
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml12
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml12
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml12
-rw-r--r--magnum/tests/functional/k8s/test_k8s_python_client.py1
-rw-r--r--magnum/tests/functional/k8s_ironic/test_k8s_python_client.py3
-rw-r--r--magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py12
-rw-r--r--magnum/tests/unit/drivers/test_template_definition.py6
12 files changed, 218 insertions, 139 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh b/magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh
new file mode 100644
index 0000000..b357c77
--- /dev/null
+++ b/magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh
@@ -0,0 +1,149 @@
1#!/bin/sh
2
3# this service is required because docker will start only after cloud init was finished
4# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
5
6
7. /etc/sysconfig/heat-params
8
9if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "false" ]; then
10 exit 0
11fi
12
13if [ -n "${INSECURE_REGISTRY_URL}" ]; then
14 KUBE_DASH_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/kubernetes-dashboard-amd64:${KUBE_DASHBOARD_VERSION}"
15else
16 KUBE_DASH_IMAGE="gcr.io/google_containers/kubernetes-dashboard-amd64:${KUBE_DASHBOARD_VERSION}"
17fi
18
19KUBE_DASH_DEPLOY=/srv/kubernetes/manifests/kube-dash-deploy.yaml
20
21[ -f ${KUBE_DASH_DEPLOY} ] || {
22 echo "Writing File: $KUBE_DASH_DEPLOY"
23 mkdir -p $(dirname ${KUBE_DASH_DEPLOY})
24 cat << EOF > ${KUBE_DASH_DEPLOY}
25kind: Deployment
26apiVersion: extensions/v1beta1
27metadata:
28 labels:
29 app: kubernetes-dashboard
30 name: kubernetes-dashboard
31 namespace: kube-system
32spec:
33 replicas: 1
34 revisionHistoryLimit: 10
35 selector:
36 matchLabels:
37 app: kubernetes-dashboard
38 template:
39 metadata:
40 labels:
41 app: kubernetes-dashboard
42 # Comment the following annotation if Dashboard must not be deployed on master
43 annotations:
44 scheduler.alpha.kubernetes.io/tolerations: |
45 [
46 {
47 "key": "dedicated",
48 "operator": "Equal",
49 "value": "master",
50 "effect": "NoSchedule"
51 }
52 ]
53 spec:
54 containers:
55 - name: kubernetes-dashboard
56 image: ${KUBE_DASH_IMAGE}
57 imagePullPolicy: Always
58 ports:
59 - containerPort: 9090
60 protocol: TCP
61 args:
62 livenessProbe:
63 httpGet:
64 path: /
65 port: 9090
66 initialDelaySeconds: 30
67 timeoutSeconds: 30
68EOF
69}
70
71KUBE_DASH_SVC=/srv/kubernetes/manifests/kube-dash-svc.yaml
72[ -f ${KUBE_DASH_SVC} ] || {
73 echo "Writing File: $KUBE_DASH_SVC"
74 mkdir -p $(dirname ${KUBE_DASH_SVC})
75 cat << EOF > ${KUBE_DASH_SVC}
76kind: Service
77apiVersion: v1
78metadata:
79 labels:
80 app: kubernetes-dashboard
81 name: kubernetes-dashboard
82 namespace: kube-system
83spec:
84 type: NodePort
85 ports:
86 - port: 80
87 targetPort: 9090
88 selector:
89 app: kubernetes-dashboard
90EOF
91}
92
93KUBE_DASH_BIN=/usr/local/bin/kube-dash
94[ -f ${KUBE_DASH_BIN} ] || {
95 echo "Writing File: $KUBE_DASH_BIN"
96 mkdir -p $(dirname ${KUBE_DASH_BIN})
97 cat << EOF > ${KUBE_DASH_BIN}
98#!/bin/sh
99until curl -sf "http://127.0.0.1:8080/healthz"
100do
101 echo "Waiting for Kubernetes API..."
102 sleep 5
103done
104
105#echo check for existence of kubernetes-dashboard deployment
106/usr/bin/kubectl get deployment kube-dashboard --namespace=kube-system
107
108if [ "\$?" != "0" ]; then
109 /usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-deploy.yaml --namespace=kube-system
110fi
111
112#echo check for existence of kubernetes-dashboard service
113/usr/bin/kubectl get service kubernetes-dashboard --namespace=kube-system
114
115if [ "\$?" != "0" ]; then
116 /usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-svc.yaml --namespace=kube-system
117fi
118EOF
119}
120
121KUBE_DASH_SERVICE=/etc/systemd/system/kube-dash.service
122[ -f ${KUBE_DASH_SERVICE} ] || {
123 echo "Writing File: $KUBE_DASH_SERVICE"
124 mkdir -p $(dirname ${KUBE_DASH_SERVICE})
125 cat << EOF > ${KUBE_DASH_SERVICE}
126[Unit]
127After=kube-system-namespace.service
128Requires=kubelet.service
129Wants=kube-system-namespace.service
130
131[Service]
132Type=oneshot
133Environment=HOME=/root
134EnvironmentFile=-/etc/kubernetes/config
135ExecStart=${KUBE_DASH_BIN}
136
137[Install]
138WantedBy=multi-user.target
139EOF
140}
141
142chown root:root ${KUBE_DASH_BIN}
143chmod 0755 ${KUBE_DASH_BIN}
144
145chown root:root ${KUBE_DASH_SERVICE}
146chmod 0644 ${KUBE_DASH_SERVICE}
147
148systemctl enable kube-dash
149systemctl start --no-block kube-dash
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/kube-ui-service.sh b/magnum/drivers/common/templates/kubernetes/fragments/kube-ui-service.sh
deleted file mode 100644
index 0ed2d8a..0000000
--- a/magnum/drivers/common/templates/kubernetes/fragments/kube-ui-service.sh
+++ /dev/null
@@ -1,133 +0,0 @@
1#!/bin/sh
2
3# this service is required because docker will start only after cloud init was finished
4# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
5
6
7. /etc/sysconfig/heat-params
8
9if [ -n "${INSECURE_REGISTRY_URL}" ]; then
10 KUBEUI_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/kube-ui:v4"
11else
12 KUBEUI_IMAGE="gcr.io/google_containers/kube-ui:v4"
13fi
14
15KUBE_UI_RC=/srv/kubernetes/manifests/kube-ui-rc.yaml
16
17[ -f ${KUBE_UI_RC} ] || {
18 echo "Writing File: $KUBE_UI_RC"
19 mkdir -p $(dirname ${KUBE_UI_RC})
20 cat << EOF > ${KUBE_UI_RC}
21apiVersion: v1
22kind: ReplicationController
23metadata:
24 name: kube-ui-v4
25 namespace: kube-system
26 labels:
27 k8s-app: kube-ui
28 version: v4
29 kubernetes.io/cluster-service: "true"
30spec:
31 replicas: 1
32 selector:
33 k8s-app: kube-ui
34 version: v4
35 template:
36 metadata:
37 labels:
38 k8s-app: kube-ui
39 version: v4
40 kubernetes.io/cluster-service: "true"
41 spec:
42 containers:
43 - name: kube-ui
44 image: ${KUBEUI_IMAGE}
45 resources:
46 limits:
47 cpu: 100m
48 memory: 50Mi
49 ports:
50 - containerPort: 8080
51EOF
52}
53
54KUBE_UI_SVC=/srv/kubernetes/manifests/kube-ui-svc.yaml
55[ -f ${KUBE_UI_SVC} ] || {
56 echo "Writing File: $KUBE_UI_SVC"
57 mkdir -p $(dirname ${KUBE_UI_SVC})
58 cat << EOF > ${KUBE_UI_SVC}
59apiVersion: v1
60kind: Service
61metadata:
62 name: kube-ui
63 namespace: kube-system
64 labels:
65 k8s-app: kube-ui
66 kubernetes.io/cluster-service: "true"
67 kubernetes.io/name: "KubeUI"
68spec:
69 selector:
70 k8s-app: kube-ui
71 ports:
72 - port: 80
73 targetPort: 8080
74EOF
75}
76
77KUBE_UI_BIN=/usr/local/bin/kube-ui
78[ -f ${KUBE_UI_BIN} ] || {
79 echo "Writing File: $KUBE_UI_BIN"
80 mkdir -p $(dirname ${KUBE_UI_BIN})
81 cat << EOF > ${KUBE_UI_BIN}
82#!/bin/sh
83until curl -sf "http://127.0.0.1:8080/healthz"
84do
85 echo "Waiting for Kubernetes API..."
86 sleep 5
87done
88
89#echo check for existence of kube-ui-v4 replication controller
90/usr/bin/kubectl get rc kube-ui-v4 --namespace=kube-system
91
92if [ "\$?" != "0" ]; then
93 /usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-rc.yaml --namespace=kube-system
94fi
95
96#echo check for existence of kube-ui service
97/usr/bin/kubectl get service kube-ui --namespace=kube-system
98
99if [ "\$?" != "0" ]; then
100 /usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-svc.yaml --namespace=kube-system
101fi
102EOF
103}
104
105KUBE_UI_SERVICE=/etc/systemd/system/kube-ui.service
106[ -f ${KUBE_UI_SERVICE} ] || {
107 echo "Writing File: $KUBE_UI_SERVICE"
108 mkdir -p $(dirname ${KUBE_UI_SERVICE})
109 cat << EOF > ${KUBE_UI_SERVICE}
110[Unit]
111After=kube-system-namespace.service
112Requires=kubelet.service
113Wants=kube-system-namespace.service
114
115[Service]
116Type=oneshot
117Environment=HOME=/root
118EnvironmentFile=-/etc/kubernetes/config
119ExecStart=${KUBE_UI_BIN}
120
121[Install]
122WantedBy=multi-user.target
123EOF
124}
125
126chown root:root ${KUBE_UI_BIN}
127chmod 0755 ${KUBE_UI_BIN}
128
129chown root:root ${KUBE_UI_SERVICE}
130chmod 0644 ${KUBE_UI_SERVICE}
131
132systemctl enable kube-ui
133systemctl start --no-block kube-ui
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
index 5f0bb5c..4e50ca0 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
@@ -27,6 +27,7 @@ write_files:
27 TENANT_NAME="$TENANT_NAME" 27 TENANT_NAME="$TENANT_NAME"
28 CLUSTER_SUBNET="$CLUSTER_SUBNET" 28 CLUSTER_SUBNET="$CLUSTER_SUBNET"
29 TLS_DISABLED="$TLS_DISABLED" 29 TLS_DISABLED="$TLS_DISABLED"
30 KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
30 CLUSTER_UUID="$CLUSTER_UUID" 31 CLUSTER_UUID="$CLUSTER_UUID"
31 MAGNUM_URL="$MAGNUM_URL" 32 MAGNUM_URL="$MAGNUM_URL"
32 VOLUME_DRIVER="$VOLUME_DRIVER" 33 VOLUME_DRIVER="$VOLUME_DRIVER"
@@ -35,6 +36,7 @@ write_files:
35 NO_PROXY="$NO_PROXY" 36 NO_PROXY="$NO_PROXY"
36 WAIT_CURL="$WAIT_CURL" 37 WAIT_CURL="$WAIT_CURL"
37 KUBE_VERSION="$KUBE_VERSION" 38 KUBE_VERSION="$KUBE_VERSION"
39 KUBE_DASHBOARD_VERSION="$KUBE_DASHBOARD_VERSION"
38 TRUSTEE_USER_ID="$TRUSTEE_USER_ID" 40 TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
39 TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD" 41 TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
40 TRUST_ID="$TRUST_ID" 42 TRUST_ID="$TRUST_ID"
diff --git a/magnum/drivers/heat/k8s_template_def.py b/magnum/drivers/heat/k8s_template_def.py
index a0a807f..7b3c956 100644
--- a/magnum/drivers/heat/k8s_template_def.py
+++ b/magnum/drivers/heat/k8s_template_def.py
@@ -109,7 +109,8 @@ class K8sTemplateDefinition(template_def.BaseTemplateDefinition):
109 'flannel_network_subnetlen', 109 'flannel_network_subnetlen',
110 'system_pods_initial_delay', 110 'system_pods_initial_delay',
111 'system_pods_timeout', 111 'system_pods_timeout',
112 'admission_control_list'] 112 'admission_control_list',
113 'kube_dashboard_enabled']
113 114
114 for label in label_list: 115 for label in label_list:
115 extra_params[label] = cluster_template.labels.get(label) 116 extra_params[label] = cluster_template.labels.get(label)
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
index 2836490..58514f1 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -227,6 +227,11 @@ parameters:
227 description: whether or not to disable TLS 227 description: whether or not to disable TLS
228 default: False 228 default: False
229 229
230 kube_dashboard_enabled:
231 type: boolean
232 description: whether or not to enable kubernetes dashboard
233 default: True
234
230 kubernetes_port: 235 kubernetes_port:
231 type: number 236 type: number
232 description: > 237 description: >
@@ -288,6 +293,11 @@ parameters:
288 description: version of kubernetes used for kubernetes cluster 293 description: version of kubernetes used for kubernetes cluster
289 default: v1.5.3 294 default: v1.5.3
290 295
296 kube_dashboard_version:
297 type: string
298 description: version of kubernetes dashboard used for kubernetes cluster
299 default: v1.5.1
300
291 insecure_registry_url: 301 insecure_registry_url:
292 type: string 302 type: string
293 description: insecure registry url 303 description: insecure registry url
@@ -448,11 +458,13 @@ resources:
448 tenant_name: {get_param: tenant_name} 458 tenant_name: {get_param: tenant_name}
449 kubernetes_port: {get_param: kubernetes_port} 459 kubernetes_port: {get_param: kubernetes_port}
450 tls_disabled: {get_param: tls_disabled} 460 tls_disabled: {get_param: tls_disabled}
461 kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
451 secgroup_kube_master_id: {get_resource: secgroup_kube_master} 462 secgroup_kube_master_id: {get_resource: secgroup_kube_master}
452 http_proxy: {get_param: http_proxy} 463 http_proxy: {get_param: http_proxy}
453 https_proxy: {get_param: https_proxy} 464 https_proxy: {get_param: https_proxy}
454 no_proxy: {get_param: no_proxy} 465 no_proxy: {get_param: no_proxy}
455 kube_version: {get_param: kube_version} 466 kube_version: {get_param: kube_version}
467 kube_dashboard_version: {get_param: kube_dashboard_version}
456 trustee_user_id: {get_param: trustee_user_id} 468 trustee_user_id: {get_param: trustee_user_id}
457 trustee_password: {get_param: trustee_password} 469 trustee_password: {get_param: trustee_password}
458 trust_id: {get_param: trust_id} 470 trust_id: {get_param: trust_id}
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index d587d01..419e02f 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -95,6 +95,10 @@ parameters:
95 type: boolean 95 type: boolean
96 description: whether or not to enable TLS 96 description: whether or not to enable TLS
97 97
98 kube_dashboard_enabled:
99 type: boolean
100 description: whether or not to disable kubernetes dashboard
101
98 kubernetes_port: 102 kubernetes_port:
99 type: number 103 type: number
100 description: > 104 description: >
@@ -184,6 +188,10 @@ parameters:
184 type: string 188 type: string
185 description: version of kubernetes used for kubernetes cluster 189 description: version of kubernetes used for kubernetes cluster
186 190
191 kube_dashboard_version:
192 type: string
193 description: version of kubernetes dashboard used for kubernetes cluster
194
187 trustee_user_id: 195 trustee_user_id:
188 type: string 196 type: string
189 description: user id of the trustee 197 description: user id of the trustee
@@ -272,6 +280,7 @@ resources:
272 "$TENANT_NAME": {get_param: tenant_name} 280 "$TENANT_NAME": {get_param: tenant_name}
273 "$CLUSTER_SUBNET": {get_param: fixed_subnet} 281 "$CLUSTER_SUBNET": {get_param: fixed_subnet}
274 "$TLS_DISABLED": {get_param: tls_disabled} 282 "$TLS_DISABLED": {get_param: tls_disabled}
283 "$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
275 "$CLUSTER_UUID": {get_param: cluster_uuid} 284 "$CLUSTER_UUID": {get_param: cluster_uuid}
276 "$MAGNUM_URL": {get_param: magnum_url} 285 "$MAGNUM_URL": {get_param: magnum_url}
277 "$VOLUME_DRIVER": {get_param: volume_driver} 286 "$VOLUME_DRIVER": {get_param: volume_driver}
@@ -279,6 +288,7 @@ resources:
279 "$HTTPS_PROXY": {get_param: https_proxy} 288 "$HTTPS_PROXY": {get_param: https_proxy}
280 "$NO_PROXY": {get_param: no_proxy} 289 "$NO_PROXY": {get_param: no_proxy}
281 "$KUBE_VERSION": {get_param: kube_version} 290 "$KUBE_VERSION": {get_param: kube_version}
291 "$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
282 "$WAIT_CURL": {get_attr: [master_wait_handle, curl_cli]} 292 "$WAIT_CURL": {get_attr: [master_wait_handle, curl_cli]}
283 "$TRUSTEE_USER_ID": {get_param: trustee_user_id} 293 "$TRUSTEE_USER_ID": {get_param: trustee_user_id}
284 "$TRUSTEE_PASSWORD": {get_param: trustee_password} 294 "$TRUSTEE_PASSWORD": {get_param: trustee_password}
@@ -366,7 +376,7 @@ resources:
366 type: OS::Heat::SoftwareConfig 376 type: OS::Heat::SoftwareConfig
367 properties: 377 properties:
368 group: ungrouped 378 group: ungrouped
369 config: {get_file: ../../common/templates/kubernetes/fragments/kube-ui-service.sh} 379 config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
370 380
371 enable_kube_proxy: 381 enable_kube_proxy:
372 type: OS::Heat::SoftwareConfig 382 type: OS::Heat::SoftwareConfig
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
index 50e853d..33cccb9 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
@@ -225,6 +225,11 @@ parameters:
225 description: whether or not to disable TLS 225 description: whether or not to disable TLS
226 default: False 226 default: False
227 227
228 kube_dashboard_enabled:
229 type: boolean
230 description: whether or not to disable kubernetes dashboard
231 default: True
232
228 kubernetes_port: 233 kubernetes_port:
229 type: number 234 type: number
230 description: > 235 description: >
@@ -291,6 +296,11 @@ parameters:
291 description: version of kubernetes used for kubernetes cluster 296 description: version of kubernetes used for kubernetes cluster
292 default: v1.5.3 297 default: v1.5.3
293 298
299 kube_dashboard_version:
300 type: string
301 description: version of kubernetes dashboard used for kubernetes cluster
302 default: v1.5.1
303
294 insecure_registry_url: 304 insecure_registry_url:
295 type: string 305 type: string
296 description: insecure registry url 306 description: insecure registry url
@@ -434,12 +444,14 @@ resources:
434 tenant_name: {get_param: tenant_name} 444 tenant_name: {get_param: tenant_name}
435 kubernetes_port: {get_param: kubernetes_port} 445 kubernetes_port: {get_param: kubernetes_port}
436 tls_disabled: {get_param: tls_disabled} 446 tls_disabled: {get_param: tls_disabled}
447 kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
437 secgroup_base_id: {get_resource: secgroup_base} 448 secgroup_base_id: {get_resource: secgroup_base}
438 secgroup_kube_master_id: {get_resource: secgroup_kube_master} 449 secgroup_kube_master_id: {get_resource: secgroup_kube_master}
439 http_proxy: {get_param: http_proxy} 450 http_proxy: {get_param: http_proxy}
440 https_proxy: {get_param: https_proxy} 451 https_proxy: {get_param: https_proxy}
441 no_proxy: {get_param: no_proxy} 452 no_proxy: {get_param: no_proxy}
442 kube_version: {get_param: kube_version} 453 kube_version: {get_param: kube_version}
454 kube_dashboard_version: {get_param: kube_dashboard_version}
443 trustee_user_id: {get_param: trustee_user_id} 455 trustee_user_id: {get_param: trustee_user_id}
444 trustee_password: {get_param: trustee_password} 456 trustee_password: {get_param: trustee_password}
445 trust_id: {get_param: trust_id} 457 trust_id: {get_param: trust_id}
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
index 8cc1d4b..4267753 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
@@ -91,6 +91,10 @@ parameters:
91 type: boolean 91 type: boolean
92 description: whether or not to enable TLS 92 description: whether or not to enable TLS
93 93
94 kube_dashboard_enabled:
95 type: boolean
96 description: whether or not to disable kubernetes dashboard
97
94 kubernetes_port: 98 kubernetes_port:
95 type: number 99 type: number
96 description: > 100 description: >
@@ -179,6 +183,10 @@ parameters:
179 type: string 183 type: string
180 description: version of kubernetes used for kubernetes cluster 184 description: version of kubernetes used for kubernetes cluster
181 185
186 kube_dashboard_version:
187 type: string
188 description: version of kubernetes dashboard used for kubernetes cluster
189
182 trustee_user_id: 190 trustee_user_id:
183 type: string 191 type: string
184 description: user id of the trustee 192 description: user id of the trustee
@@ -260,12 +268,14 @@ resources:
260 "$TENANT_NAME": {get_param: tenant_name} 268 "$TENANT_NAME": {get_param: tenant_name}
261 "$CLUSTER_SUBNET": {get_param: fixed_subnet} 269 "$CLUSTER_SUBNET": {get_param: fixed_subnet}
262 "$TLS_DISABLED": {get_param: tls_disabled} 270 "$TLS_DISABLED": {get_param: tls_disabled}
271 "$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
263 "$CLUSTER_UUID": {get_param: cluster_uuid} 272 "$CLUSTER_UUID": {get_param: cluster_uuid}
264 "$MAGNUM_URL": {get_param: magnum_url} 273 "$MAGNUM_URL": {get_param: magnum_url}
265 "$HTTP_PROXY": {get_param: http_proxy} 274 "$HTTP_PROXY": {get_param: http_proxy}
266 "$HTTPS_PROXY": {get_param: https_proxy} 275 "$HTTPS_PROXY": {get_param: https_proxy}
267 "$NO_PROXY": {get_param: no_proxy} 276 "$NO_PROXY": {get_param: no_proxy}
268 "$KUBE_VERSION": {get_param: kube_version} 277 "$KUBE_VERSION": {get_param: kube_version}
278 "$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
269 "$WAIT_CURL": {get_param: wc_curl_cli} 279 "$WAIT_CURL": {get_param: wc_curl_cli}
270 "$TRUSTEE_USER_ID": {get_param: trustee_user_id} 280 "$TRUSTEE_USER_ID": {get_param: trustee_user_id}
271 "$TRUSTEE_PASSWORD": {get_param: trustee_password} 281 "$TRUSTEE_PASSWORD": {get_param: trustee_password}
@@ -354,7 +364,7 @@ resources:
354 type: OS::Heat::SoftwareConfig 364 type: OS::Heat::SoftwareConfig
355 properties: 365 properties:
356 group: ungrouped 366 group: ungrouped
357 config: {get_file: ../../common/templates/kubernetes/fragments/kube-ui-service.sh} 367 config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
358 368
359 enable_kube_proxy: 369 enable_kube_proxy:
360 type: OS::Heat::SoftwareConfig 370 type: OS::Heat::SoftwareConfig
diff --git a/magnum/tests/functional/k8s/test_k8s_python_client.py b/magnum/tests/functional/k8s/test_k8s_python_client.py
index bd7f6f7..973f9da 100644
--- a/magnum/tests/functional/k8s/test_k8s_python_client.py
+++ b/magnum/tests/functional/k8s/test_k8s_python_client.py
@@ -23,5 +23,6 @@ class TestKubernetesAPIs(base.BaseK8sTest):
23 "system_pods_initial_delay": 3600, 23 "system_pods_initial_delay": 3600,
24 "system_pods_timeout": 600, 24 "system_pods_timeout": 600,
25 "admission_control_list": "", 25 "admission_control_list": "",
26 "kube_dashboard_enabled": False,
26 } 27 }
27 } 28 }
diff --git a/magnum/tests/functional/k8s_ironic/test_k8s_python_client.py b/magnum/tests/functional/k8s_ironic/test_k8s_python_client.py
index b926c83..c19515c 100644
--- a/magnum/tests/functional/k8s_ironic/test_k8s_python_client.py
+++ b/magnum/tests/functional/k8s_ironic/test_k8s_python_client.py
@@ -24,6 +24,7 @@ class TestFedoraKubernetesIronicAPIs(base.BaseK8sTest):
24 "docker_storage_driver": 'overlay', 24 "docker_storage_driver": 'overlay',
25 "labels": { 25 "labels": {
26 "system_pods_initial_delay": 3600, 26 "system_pods_initial_delay": 3600,
27 "system_pods_timeout": 600 27 "system_pods_timeout": 600,
28 "kube_dashboard_enabled": False
28 } 29 }
29 } 30 }
diff --git a/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
index d15deaa..62af86d 100644
--- a/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
+++ b/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
@@ -51,7 +51,8 @@ class TestClusterConductorWithK8s(base.TestCase):
51 'flannel_backend': 'vxlan', 51 'flannel_backend': 'vxlan',
52 'system_pods_initial_delay': '15', 52 'system_pods_initial_delay': '15',
53 'system_pods_timeout': '1', 53 'system_pods_timeout': '1',
54 'admission_control_list': 'fake_list'}, 54 'admission_control_list': 'fake_list',
55 'kube_dashboard_enabled': 'True'},
55 'tls_disabled': False, 56 'tls_disabled': False,
56 'server_type': 'vm', 57 'server_type': 'vm',
57 'registry_enabled': False, 58 'registry_enabled': False,
@@ -149,7 +150,8 @@ class TestClusterConductorWithK8s(base.TestCase):
149 'flannel_backend': 'vxlan', 150 'flannel_backend': 'vxlan',
150 'system_pods_initial_delay': '15', 151 'system_pods_initial_delay': '15',
151 'system_pods_timeout': '1', 152 'system_pods_timeout': '1',
152 'admission_control_list': 'fake_list'}, 153 'admission_control_list': 'fake_list',
154 'kube_dashboard_enabled': 'True'},
153 'http_proxy': 'http_proxy', 155 'http_proxy': 'http_proxy',
154 'https_proxy': 'https_proxy', 156 'https_proxy': 'https_proxy',
155 'no_proxy': 'no_proxy', 157 'no_proxy': 'no_proxy',
@@ -180,6 +182,7 @@ class TestClusterConductorWithK8s(base.TestCase):
180 'system_pods_initial_delay': '15', 182 'system_pods_initial_delay': '15',
181 'system_pods_timeout': '1', 183 'system_pods_timeout': '1',
182 'admission_control_list': 'fake_list', 184 'admission_control_list': 'fake_list',
185 'kube_dashboard_enabled': 'True',
183 'http_proxy': 'http_proxy', 186 'http_proxy': 'http_proxy',
184 'https_proxy': 'https_proxy', 187 'https_proxy': 'https_proxy',
185 'no_proxy': 'no_proxy', 188 'no_proxy': 'no_proxy',
@@ -261,6 +264,7 @@ class TestClusterConductorWithK8s(base.TestCase):
261 'system_pods_initial_delay': '15', 264 'system_pods_initial_delay': '15',
262 'system_pods_timeout': '1', 265 'system_pods_timeout': '1',
263 'admission_control_list': 'fake_list', 266 'admission_control_list': 'fake_list',
267 'kube_dashboard_enabled': 'True',
264 'http_proxy': 'http_proxy', 268 'http_proxy': 'http_proxy',
265 'https_proxy': 'https_proxy', 269 'https_proxy': 'https_proxy',
266 'magnum_url': 'http://127.0.0.1:9511/v1', 270 'magnum_url': 'http://127.0.0.1:9511/v1',
@@ -344,6 +348,7 @@ class TestClusterConductorWithK8s(base.TestCase):
344 'system_pods_initial_delay': '15', 348 'system_pods_initial_delay': '15',
345 'system_pods_timeout': '1', 349 'system_pods_timeout': '1',
346 'admission_control_list': 'fake_list', 350 'admission_control_list': 'fake_list',
351 'kube_dashboard_enabled': 'True',
347 'insecure_registry_url': '10.0.0.1:5000', 352 'insecure_registry_url': '10.0.0.1:5000',
348 'kube_version': 'fake-version', 353 'kube_version': 'fake-version',
349 'magnum_url': 'http://127.0.0.1:9511/v1', 354 'magnum_url': 'http://127.0.0.1:9511/v1',
@@ -419,6 +424,7 @@ class TestClusterConductorWithK8s(base.TestCase):
419 'system_pods_initial_delay': '15', 424 'system_pods_initial_delay': '15',
420 'system_pods_timeout': '1', 425 'system_pods_timeout': '1',
421 'admission_control_list': 'fake_list', 426 'admission_control_list': 'fake_list',
427 'kube_dashboard_enabled': 'True',
422 'tls_disabled': False, 428 'tls_disabled': False,
423 'registry_enabled': False, 429 'registry_enabled': False,
424 'trustee_domain_id': self.mock_keystone.trustee_domain_id, 430 'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@@ -486,6 +492,7 @@ class TestClusterConductorWithK8s(base.TestCase):
486 'system_pods_initial_delay': '15', 492 'system_pods_initial_delay': '15',
487 'system_pods_timeout': '1', 493 'system_pods_timeout': '1',
488 'admission_control_list': 'fake_list', 494 'admission_control_list': 'fake_list',
495 'kube_dashboard_enabled': 'True',
489 'tls_disabled': False, 496 'tls_disabled': False,
490 'registry_enabled': False, 497 'registry_enabled': False,
491 'trustee_domain_id': self.mock_keystone.trustee_domain_id, 498 'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@@ -679,6 +686,7 @@ class TestClusterConductorWithK8s(base.TestCase):
679 'system_pods_initial_delay': '15', 686 'system_pods_initial_delay': '15',
680 'system_pods_timeout': '1', 687 'system_pods_timeout': '1',
681 'admission_control_list': 'fake_list', 688 'admission_control_list': 'fake_list',
689 'kube_dashboard_enabled': 'True',
682 'tenant_name': 'fake_tenant', 690 'tenant_name': 'fake_tenant',
683 'username': 'fake_user', 691 'username': 'fake_user',
684 'cluster_uuid': self.cluster_dict['uuid'], 692 'cluster_uuid': self.cluster_dict['uuid'],
diff --git a/magnum/tests/unit/drivers/test_template_definition.py b/magnum/tests/unit/drivers/test_template_definition.py
index cd50d65..fdc9de1 100644
--- a/magnum/tests/unit/drivers/test_template_definition.py
+++ b/magnum/tests/unit/drivers/test_template_definition.py
@@ -260,6 +260,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
260 'system_pods_timeout') 260 'system_pods_timeout')
261 admission_control_list = mock_cluster_template.labels.get( 261 admission_control_list = mock_cluster_template.labels.get(
262 'admission_control_list') 262 'admission_control_list')
263 kube_dashboard_enabled = mock_cluster_template.labels.get(
264 'kube_dashboard_enabled')
263 265
264 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() 266 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
265 267
@@ -275,6 +277,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
275 'system_pods_initial_delay': system_pods_initial_delay, 277 'system_pods_initial_delay': system_pods_initial_delay,
276 'system_pods_timeout': system_pods_timeout, 278 'system_pods_timeout': system_pods_timeout,
277 'admission_control_list': admission_control_list, 279 'admission_control_list': admission_control_list,
280 'kube_dashboard_enabled': kube_dashboard_enabled,
278 'username': 'fake_user', 281 'username': 'fake_user',
279 'tenant_name': 'fake_tenant', 282 'tenant_name': 'fake_tenant',
280 'magnum_url': mock_osc.magnum_url.return_value, 283 'magnum_url': mock_osc.magnum_url.return_value,
@@ -325,6 +328,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
325 'system_pods_timeout') 328 'system_pods_timeout')
326 admission_control_list = mock_cluster_template.labels.get( 329 admission_control_list = mock_cluster_template.labels.get(
327 'admission_control_list') 330 'admission_control_list')
331 kube_dashboard_enabled = mock_cluster_template.labels.get(
332 'kube_dashboard_enabled')
328 333
329 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() 334 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
330 335
@@ -340,6 +345,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
340 'system_pods_initial_delay': system_pods_initial_delay, 345 'system_pods_initial_delay': system_pods_initial_delay,
341 'system_pods_timeout': system_pods_timeout, 346 'system_pods_timeout': system_pods_timeout,
342 'admission_control_list': admission_control_list, 347 'admission_control_list': admission_control_list,
348 'kube_dashboard_enabled': kube_dashboard_enabled,
343 'username': 'fake_user', 349 'username': 'fake_user',
344 'tenant_name': 'fake_tenant', 350 'tenant_name': 'fake_tenant',
345 'magnum_url': mock_osc.magnum_url.return_value, 351 'magnum_url': mock_osc.magnum_url.return_value,