Merge "[k8s] helm install metrics service"

This commit is contained in:
Zuul 2019-02-18 17:46:42 +00:00 committed by Gerrit Code Review
commit d239051751
5 changed files with 131 additions and 0 deletions

View File

@ -68,6 +68,15 @@ else
KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key"
KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key --kubelet-https=true"
# Allow for metrics-server/aggregator communication
KUBE_API_ARGS="${KUBE_API_ARGS} \
--proxy-client-cert-file=${CERT_DIR}/server.crt \
--proxy-client-key-file=${CERT_DIR}/server.key \
--requestheader-allowed-names=front-proxy-client,kube,kubernetes \
--requestheader-client-ca-file=${CERT_DIR}/ca.crt \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User"
fi
KUBE_ADMISSION_CONTROL=""

View File

@ -0,0 +1,29 @@
#!/bin/bash
step="install-helm-modules.sh"
printf "Starting to run ${step}\n"
. /etc/sysconfig/heat-params
set -ex
echo "Waiting for Kubernetes API..."
until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
do
sleep 5
done
if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ]; then
echo "Use --labels tiller_enabled=True to allow for tiller dependent resources to be installed"
else
HELM_MODULES_PATH="/srv/magnum/kubernetes/helm"
chmod +x ${HELM_MODULES_PATH}/*
helm_modules=(${HELM_MODULES_PATH}/*)
for module in "${helm_modules[@]}"; do
echo ""
kubectl apply -f ${module}
done
fi
printf "Finished running ${step}\n"

View File

@ -0,0 +1,83 @@
#!/bin/bash
set -ex
CHART_NAME="metrics-server"
CHART_VERSION="2.1.0"
HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
[ -f ${HELM_MODULE_CONFIG_FILE} ] || {
echo "Writing File: ${HELM_MODULE_CONFIG_FILE}"
mkdir -p $(dirname ${HELM_MODULE_CONFIG_FILE})
cat << EOF > ${HELM_MODULE_CONFIG_FILE}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: ${CHART_NAME}-config
namespace: magnum-tiller
labels:
app: helm
data:
install-${CHART_NAME}.sh: |
#!/bin/bash
set -e
set -x
mkdir -p \${HELM_HOME}
cp /etc/helm/* \${HELM_HOME}
# HACK - Force wait because of bug https://github.com/helm/helm/issues/5170
until helm init --client-only --wait
do
sleep 5s
done
helm repo update
if [[ \$(helm history metrics-server | grep metrics-server) ]]; then
echo "${CHART_NAME} already installed on server. Continue..."
exit 0
else
helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version v${CHART_VERSION}
fi
---
apiVersion: batch/v1
kind: Job
metadata:
name: install-${CHART_NAME}-job
namespace: magnum-tiller
spec:
backoffLimit: 5
template:
spec:
serviceAccountName: tiller
containers:
- name: config-helm
image: docker.io/openstackmagnum/helm-client:dev
command:
- bash
args:
- /opt/magnum/install-${CHART_NAME}.sh
env:
- name: HELM_HOME
value: /helm_home
- name: TILLER_NAMESPACE
value: magnum-tiller
- name: HELM_TLS_ENABLE
value: "true"
volumeMounts:
- name: install-${CHART_NAME}-config
mountPath: /opt/magnum/
- mountPath: /etc/helm
name: helm-client-certs
restartPolicy: Never
volumes:
- name: install-${CHART_NAME}-config
configMap:
name: ${CHART_NAME}-config
- name: helm-client-certs
secret:
secretName: helm-client-secret
EOF
}

View File

@ -808,6 +808,8 @@ resources:
- get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
- get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
- get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh
- get_file: ../../common/templates/kubernetes/helm/metrics-server.sh
- get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh
- str_replace:
template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
params:

View File

@ -0,0 +1,8 @@
---
features:
- |
Installs the metrics-server service that is replacing kubernetes deprecated
heapster as a cluster wide metrics reporting service used by schedulling,
HPA and others. This service is installed and configured using helm and so
tiller_enabled flag must be True. Heapster service is maintained active to
allow compatibility.