Add kube dashboard and remove kube ui

kube-ui [2] is deprecated and not actively maintained since long time.
Instead kubernetes dashboard [1] has lot of features and is actively
managed.
With this patch kube-ui is removed and kubernetes dashboard is added
and enabled in k8s cluster by default.

The kubernetes dashboard is enabled by default. To disable it, set the
label 'kube_dashboard_enabled' to False

Reference:
[1] https://github.com/kubernetes/dashboard
[2] https://github.com/kubernetes/kube-ui

(cherry-pick from 44d102a65e)

Change-Id: Ib4a6fcd08606dea70aae5b018c5e3c2dedcd2c6e
This commit is contained in:
yatinkarel 2017-03-03 10:39:40 +05:30 committed by tianqing
parent 8cb0e1f570
commit a422f53410
12 changed files with 218 additions and 139 deletions

View File

@ -0,0 +1,149 @@
#!/bin/sh
# this service is required because docker will start only after cloud init was finished
# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
. /etc/sysconfig/heat-params
if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "false" ]; then
exit 0
fi
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
KUBE_DASH_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/kubernetes-dashboard-amd64:${KUBE_DASHBOARD_VERSION}"
else
KUBE_DASH_IMAGE="gcr.io/google_containers/kubernetes-dashboard-amd64:${KUBE_DASHBOARD_VERSION}"
fi
KUBE_DASH_DEPLOY=/srv/kubernetes/manifests/kube-dash-deploy.yaml
[ -f ${KUBE_DASH_DEPLOY} ] || {
echo "Writing File: $KUBE_DASH_DEPLOY"
mkdir -p $(dirname ${KUBE_DASH_DEPLOY})
cat << EOF > ${KUBE_DASH_DEPLOY}
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
# Comment the following annotation if Dashboard must not be deployed on master
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
containers:
- name: kubernetes-dashboard
image: ${KUBE_DASH_IMAGE}
imagePullPolicy: Always
ports:
- containerPort: 9090
protocol: TCP
args:
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
EOF
}
KUBE_DASH_SVC=/srv/kubernetes/manifests/kube-dash-svc.yaml
[ -f ${KUBE_DASH_SVC} ] || {
echo "Writing File: $KUBE_DASH_SVC"
mkdir -p $(dirname ${KUBE_DASH_SVC})
cat << EOF > ${KUBE_DASH_SVC}
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
EOF
}
KUBE_DASH_BIN=/usr/local/bin/kube-dash
[ -f ${KUBE_DASH_BIN} ] || {
echo "Writing File: $KUBE_DASH_BIN"
mkdir -p $(dirname ${KUBE_DASH_BIN})
cat << EOF > ${KUBE_DASH_BIN}
#!/bin/sh
until curl -sf "http://127.0.0.1:8080/healthz"
do
echo "Waiting for Kubernetes API..."
sleep 5
done
#echo check for existence of kubernetes-dashboard deployment
/usr/bin/kubectl get deployment kube-dashboard --namespace=kube-system
if [ "\$?" != "0" ]; then
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-deploy.yaml --namespace=kube-system
fi
#echo check for existence of kubernetes-dashboard service
/usr/bin/kubectl get service kubernetes-dashboard --namespace=kube-system
if [ "\$?" != "0" ]; then
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-svc.yaml --namespace=kube-system
fi
EOF
}
KUBE_DASH_SERVICE=/etc/systemd/system/kube-dash.service
[ -f ${KUBE_DASH_SERVICE} ] || {
echo "Writing File: $KUBE_DASH_SERVICE"
mkdir -p $(dirname ${KUBE_DASH_SERVICE})
cat << EOF > ${KUBE_DASH_SERVICE}
[Unit]
After=kube-system-namespace.service
Requires=kubelet.service
Wants=kube-system-namespace.service
[Service]
Type=oneshot
Environment=HOME=/root
EnvironmentFile=-/etc/kubernetes/config
ExecStart=${KUBE_DASH_BIN}
[Install]
WantedBy=multi-user.target
EOF
}
chown root:root ${KUBE_DASH_BIN}
chmod 0755 ${KUBE_DASH_BIN}
chown root:root ${KUBE_DASH_SERVICE}
chmod 0644 ${KUBE_DASH_SERVICE}
systemctl enable kube-dash
systemctl start --no-block kube-dash

View File

@ -1,133 +0,0 @@
#!/bin/sh
# this service is required because docker will start only after cloud init was finished
# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
. /etc/sysconfig/heat-params
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
KUBEUI_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/kube-ui:v4"
else
KUBEUI_IMAGE="gcr.io/google_containers/kube-ui:v4"
fi
KUBE_UI_RC=/srv/kubernetes/manifests/kube-ui-rc.yaml
[ -f ${KUBE_UI_RC} ] || {
echo "Writing File: $KUBE_UI_RC"
mkdir -p $(dirname ${KUBE_UI_RC})
cat << EOF > ${KUBE_UI_RC}
apiVersion: v1
kind: ReplicationController
metadata:
name: kube-ui-v4
namespace: kube-system
labels:
k8s-app: kube-ui
version: v4
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
k8s-app: kube-ui
version: v4
template:
metadata:
labels:
k8s-app: kube-ui
version: v4
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: kube-ui
image: ${KUBEUI_IMAGE}
resources:
limits:
cpu: 100m
memory: 50Mi
ports:
- containerPort: 8080
EOF
}
KUBE_UI_SVC=/srv/kubernetes/manifests/kube-ui-svc.yaml
[ -f ${KUBE_UI_SVC} ] || {
echo "Writing File: $KUBE_UI_SVC"
mkdir -p $(dirname ${KUBE_UI_SVC})
cat << EOF > ${KUBE_UI_SVC}
apiVersion: v1
kind: Service
metadata:
name: kube-ui
namespace: kube-system
labels:
k8s-app: kube-ui
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "KubeUI"
spec:
selector:
k8s-app: kube-ui
ports:
- port: 80
targetPort: 8080
EOF
}
KUBE_UI_BIN=/usr/local/bin/kube-ui
[ -f ${KUBE_UI_BIN} ] || {
echo "Writing File: $KUBE_UI_BIN"
mkdir -p $(dirname ${KUBE_UI_BIN})
cat << EOF > ${KUBE_UI_BIN}
#!/bin/sh
until curl -sf "http://127.0.0.1:8080/healthz"
do
echo "Waiting for Kubernetes API..."
sleep 5
done
#echo check for existence of kube-ui-v4 replication controller
/usr/bin/kubectl get rc kube-ui-v4 --namespace=kube-system
if [ "\$?" != "0" ]; then
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-rc.yaml --namespace=kube-system
fi
#echo check for existence of kube-ui service
/usr/bin/kubectl get service kube-ui --namespace=kube-system
if [ "\$?" != "0" ]; then
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-svc.yaml --namespace=kube-system
fi
EOF
}
KUBE_UI_SERVICE=/etc/systemd/system/kube-ui.service
[ -f ${KUBE_UI_SERVICE} ] || {
echo "Writing File: $KUBE_UI_SERVICE"
mkdir -p $(dirname ${KUBE_UI_SERVICE})
cat << EOF > ${KUBE_UI_SERVICE}
[Unit]
After=kube-system-namespace.service
Requires=kubelet.service
Wants=kube-system-namespace.service
[Service]
Type=oneshot
Environment=HOME=/root
EnvironmentFile=-/etc/kubernetes/config
ExecStart=${KUBE_UI_BIN}
[Install]
WantedBy=multi-user.target
EOF
}
chown root:root ${KUBE_UI_BIN}
chmod 0755 ${KUBE_UI_BIN}
chown root:root ${KUBE_UI_SERVICE}
chmod 0644 ${KUBE_UI_SERVICE}
systemctl enable kube-ui
systemctl start --no-block kube-ui

View File

@ -27,6 +27,7 @@ write_files:
TENANT_NAME="$TENANT_NAME"
CLUSTER_SUBNET="$CLUSTER_SUBNET"
TLS_DISABLED="$TLS_DISABLED"
KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
CLUSTER_UUID="$CLUSTER_UUID"
MAGNUM_URL="$MAGNUM_URL"
VOLUME_DRIVER="$VOLUME_DRIVER"
@ -35,6 +36,7 @@ write_files:
NO_PROXY="$NO_PROXY"
WAIT_CURL="$WAIT_CURL"
KUBE_VERSION="$KUBE_VERSION"
KUBE_DASHBOARD_VERSION="$KUBE_DASHBOARD_VERSION"
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
TRUST_ID="$TRUST_ID"

View File

@ -109,7 +109,8 @@ class K8sTemplateDefinition(template_def.BaseTemplateDefinition):
'flannel_network_subnetlen',
'system_pods_initial_delay',
'system_pods_timeout',
'admission_control_list']
'admission_control_list',
'kube_dashboard_enabled']
for label in label_list:
extra_params[label] = cluster_template.labels.get(label)

View File

@ -227,6 +227,11 @@ parameters:
description: whether or not to disable TLS
default: False
kube_dashboard_enabled:
type: boolean
description: whether or not to enable kubernetes dashboard
default: True
kubernetes_port:
type: number
description: >
@ -288,6 +293,11 @@ parameters:
description: version of kubernetes used for kubernetes cluster
default: v1.5.3
kube_dashboard_version:
type: string
description: version of kubernetes dashboard used for kubernetes cluster
default: v1.5.1
insecure_registry_url:
type: string
description: insecure registry url
@ -448,11 +458,13 @@ resources:
tenant_name: {get_param: tenant_name}
kubernetes_port: {get_param: kubernetes_port}
tls_disabled: {get_param: tls_disabled}
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
http_proxy: {get_param: http_proxy}
https_proxy: {get_param: https_proxy}
no_proxy: {get_param: no_proxy}
kube_version: {get_param: kube_version}
kube_dashboard_version: {get_param: kube_dashboard_version}
trustee_user_id: {get_param: trustee_user_id}
trustee_password: {get_param: trustee_password}
trust_id: {get_param: trust_id}

View File

@ -95,6 +95,10 @@ parameters:
type: boolean
description: whether or not to enable TLS
kube_dashboard_enabled:
type: boolean
description: whether or not to disable kubernetes dashboard
kubernetes_port:
type: number
description: >
@ -184,6 +188,10 @@ parameters:
type: string
description: version of kubernetes used for kubernetes cluster
kube_dashboard_version:
type: string
description: version of kubernetes dashboard used for kubernetes cluster
trustee_user_id:
type: string
description: user id of the trustee
@ -272,6 +280,7 @@ resources:
"$TENANT_NAME": {get_param: tenant_name}
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
"$TLS_DISABLED": {get_param: tls_disabled}
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
"$CLUSTER_UUID": {get_param: cluster_uuid}
"$MAGNUM_URL": {get_param: magnum_url}
"$VOLUME_DRIVER": {get_param: volume_driver}
@ -279,6 +288,7 @@ resources:
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
"$KUBE_VERSION": {get_param: kube_version}
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
"$WAIT_CURL": {get_attr: [master_wait_handle, curl_cli]}
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
@ -366,7 +376,7 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: ../../common/templates/kubernetes/fragments/kube-ui-service.sh}
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
enable_kube_proxy:
type: OS::Heat::SoftwareConfig

View File

@ -225,6 +225,11 @@ parameters:
description: whether or not to disable TLS
default: False
kube_dashboard_enabled:
type: boolean
description: whether or not to disable kubernetes dashboard
default: True
kubernetes_port:
type: number
description: >
@ -291,6 +296,11 @@ parameters:
description: version of kubernetes used for kubernetes cluster
default: v1.5.3
kube_dashboard_version:
type: string
description: version of kubernetes dashboard used for kubernetes cluster
default: v1.5.1
insecure_registry_url:
type: string
description: insecure registry url
@ -434,12 +444,14 @@ resources:
tenant_name: {get_param: tenant_name}
kubernetes_port: {get_param: kubernetes_port}
tls_disabled: {get_param: tls_disabled}
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
secgroup_base_id: {get_resource: secgroup_base}
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
http_proxy: {get_param: http_proxy}
https_proxy: {get_param: https_proxy}
no_proxy: {get_param: no_proxy}
kube_version: {get_param: kube_version}
kube_dashboard_version: {get_param: kube_dashboard_version}
trustee_user_id: {get_param: trustee_user_id}
trustee_password: {get_param: trustee_password}
trust_id: {get_param: trust_id}

View File

@ -91,6 +91,10 @@ parameters:
type: boolean
description: whether or not to enable TLS
kube_dashboard_enabled:
type: boolean
description: whether or not to disable kubernetes dashboard
kubernetes_port:
type: number
description: >
@ -179,6 +183,10 @@ parameters:
type: string
description: version of kubernetes used for kubernetes cluster
kube_dashboard_version:
type: string
description: version of kubernetes dashboard used for kubernetes cluster
trustee_user_id:
type: string
description: user id of the trustee
@ -260,12 +268,14 @@ resources:
"$TENANT_NAME": {get_param: tenant_name}
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
"$TLS_DISABLED": {get_param: tls_disabled}
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
"$CLUSTER_UUID": {get_param: cluster_uuid}
"$MAGNUM_URL": {get_param: magnum_url}
"$HTTP_PROXY": {get_param: http_proxy}
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
"$KUBE_VERSION": {get_param: kube_version}
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
"$WAIT_CURL": {get_param: wc_curl_cli}
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
@ -354,7 +364,7 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: ../../common/templates/kubernetes/fragments/kube-ui-service.sh}
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
enable_kube_proxy:
type: OS::Heat::SoftwareConfig

View File

@ -23,5 +23,6 @@ class TestKubernetesAPIs(base.BaseK8sTest):
"system_pods_initial_delay": 3600,
"system_pods_timeout": 600,
"admission_control_list": "",
"kube_dashboard_enabled": False,
}
}

View File

@ -24,6 +24,7 @@ class TestFedoraKubernetesIronicAPIs(base.BaseK8sTest):
"docker_storage_driver": 'overlay',
"labels": {
"system_pods_initial_delay": 3600,
"system_pods_timeout": 600
"system_pods_timeout": 600,
"kube_dashboard_enabled": False
}
}

View File

@ -51,7 +51,8 @@ class TestClusterConductorWithK8s(base.TestCase):
'flannel_backend': 'vxlan',
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list'},
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True'},
'tls_disabled': False,
'server_type': 'vm',
'registry_enabled': False,
@ -149,7 +150,8 @@ class TestClusterConductorWithK8s(base.TestCase):
'flannel_backend': 'vxlan',
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list'},
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True'},
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
@ -180,6 +182,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True',
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
@ -261,6 +264,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True',
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'magnum_url': 'http://127.0.0.1:9511/v1',
@ -344,6 +348,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True',
'insecure_registry_url': '10.0.0.1:5000',
'kube_version': 'fake-version',
'magnum_url': 'http://127.0.0.1:9511/v1',
@ -419,6 +424,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True',
'tls_disabled': False,
'registry_enabled': False,
'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@ -486,6 +492,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True',
'tls_disabled': False,
'registry_enabled': False,
'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@ -679,6 +686,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'system_pods_initial_delay': '15',
'system_pods_timeout': '1',
'admission_control_list': 'fake_list',
'kube_dashboard_enabled': 'True',
'tenant_name': 'fake_tenant',
'username': 'fake_user',
'cluster_uuid': self.cluster_dict['uuid'],

View File

@ -260,6 +260,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'system_pods_timeout')
admission_control_list = mock_cluster_template.labels.get(
'admission_control_list')
kube_dashboard_enabled = mock_cluster_template.labels.get(
'kube_dashboard_enabled')
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
@ -275,6 +277,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'system_pods_initial_delay': system_pods_initial_delay,
'system_pods_timeout': system_pods_timeout,
'admission_control_list': admission_control_list,
'kube_dashboard_enabled': kube_dashboard_enabled,
'username': 'fake_user',
'tenant_name': 'fake_tenant',
'magnum_url': mock_osc.magnum_url.return_value,
@ -325,6 +328,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'system_pods_timeout')
admission_control_list = mock_cluster_template.labels.get(
'admission_control_list')
kube_dashboard_enabled = mock_cluster_template.labels.get(
'kube_dashboard_enabled')
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
@ -340,6 +345,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'system_pods_initial_delay': system_pods_initial_delay,
'system_pods_timeout': system_pods_timeout,
'admission_control_list': admission_control_list,
'kube_dashboard_enabled': kube_dashboard_enabled,
'username': 'fake_user',
'tenant_name': 'fake_tenant',
'magnum_url': mock_osc.magnum_url.return_value,