[k8s] helm install metrics service
* Add Folder specific for helm managed resources * Add first use case of helm install script * Install metrics-server with helm (parallel to heapster to allow back compatibility) * Added extra ARGS to kube-apiserver to enable communication with metrics-server Known Issues: * Tiller pod sometimes is presented as not active due to (possibly) Heartbeat/Healthz story: 2004816 task: 28980 depends_on: I99d3a78085ba10030200f12bbfe58a72964e2326 Change-Id: I1b2432bc09ccde02e43124ed010120b99d853d65 Signed-off-by: Diogo Guerra <dy090.guerra@gmail.com>
This commit is contained in:
Diogo Guerra
parent
61173ec6fb
commit
230ad3f2db
@ -68,6 +68,15 @@ else
|
||||
KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
|
||||
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key"
|
||||
KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key --kubelet-https=true"
|
||||
# Allow for metrics-server/aggregator communication
|
||||
KUBE_API_ARGS="${KUBE_API_ARGS} \
|
||||
--proxy-client-cert-file=${CERT_DIR}/server.crt \
|
||||
--proxy-client-key-file=${CERT_DIR}/server.key \
|
||||
--requestheader-allowed-names=front-proxy-client,kube,kubernetes \
|
||||
--requestheader-client-ca-file=${CERT_DIR}/ca.crt \
|
||||
--requestheader-extra-headers-prefix=X-Remote-Extra- \
|
||||
--requestheader-group-headers=X-Remote-Group \
|
||||
--requestheader-username-headers=X-Remote-User"
|
||||
fi
|
||||
|
||||
KUBE_ADMISSION_CONTROL=""
|
||||
|
||||
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
|
||||
step="install-helm-modules.sh"
|
||||
printf "Starting to run ${step}\n"
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
set -ex
|
||||
|
||||
echo "Waiting for Kubernetes API..."
|
||||
until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
|
||||
if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ]; then
|
||||
echo "Use --labels tiller_enabled=True to allow for tiller dependent resources to be installed"
|
||||
else
|
||||
HELM_MODULES_PATH="/srv/magnum/kubernetes/helm"
|
||||
chmod +x ${HELM_MODULES_PATH}/*
|
||||
helm_modules=(${HELM_MODULES_PATH}/*)
|
||||
|
||||
for module in "${helm_modules[@]}"; do
|
||||
echo ""
|
||||
kubectl apply -f ${module}
|
||||
done
|
||||
fi
|
||||
|
||||
printf "Finished running ${step}\n"
|
||||
83
magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh
Executable file
83
magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh
Executable file
@ -0,0 +1,83 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
CHART_NAME="metrics-server"
|
||||
CHART_VERSION="2.1.0"
|
||||
|
||||
HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
|
||||
[ -f ${HELM_MODULE_CONFIG_FILE} ] || {
|
||||
echo "Writing File: ${HELM_MODULE_CONFIG_FILE}"
|
||||
mkdir -p $(dirname ${HELM_MODULE_CONFIG_FILE})
|
||||
cat << EOF > ${HELM_MODULE_CONFIG_FILE}
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: ${CHART_NAME}-config
|
||||
namespace: magnum-tiller
|
||||
labels:
|
||||
app: helm
|
||||
data:
|
||||
install-${CHART_NAME}.sh: |
|
||||
#!/bin/bash
|
||||
set -e
|
||||
set -x
|
||||
mkdir -p \${HELM_HOME}
|
||||
cp /etc/helm/* \${HELM_HOME}
|
||||
|
||||
# HACK - Force wait because of bug https://github.com/helm/helm/issues/5170
|
||||
until helm init --client-only --wait
|
||||
do
|
||||
sleep 5s
|
||||
done
|
||||
helm repo update
|
||||
|
||||
if [[ \$(helm history metrics-server | grep metrics-server) ]]; then
|
||||
echo "${CHART_NAME} already installed on server. Continue..."
|
||||
exit 0
|
||||
else
|
||||
helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version v${CHART_VERSION}
|
||||
fi
|
||||
|
||||
---
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: install-${CHART_NAME}-job
|
||||
namespace: magnum-tiller
|
||||
spec:
|
||||
backoffLimit: 5
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: tiller
|
||||
containers:
|
||||
- name: config-helm
|
||||
image: docker.io/openstackmagnum/helm-client:dev
|
||||
command:
|
||||
- bash
|
||||
args:
|
||||
- /opt/magnum/install-${CHART_NAME}.sh
|
||||
env:
|
||||
- name: HELM_HOME
|
||||
value: /helm_home
|
||||
- name: TILLER_NAMESPACE
|
||||
value: magnum-tiller
|
||||
- name: HELM_TLS_ENABLE
|
||||
value: "true"
|
||||
volumeMounts:
|
||||
- name: install-${CHART_NAME}-config
|
||||
mountPath: /opt/magnum/
|
||||
- mountPath: /etc/helm
|
||||
name: helm-client-certs
|
||||
restartPolicy: Never
|
||||
volumes:
|
||||
- name: install-${CHART_NAME}-config
|
||||
configMap:
|
||||
name: ${CHART_NAME}-config
|
||||
- name: helm-client-certs
|
||||
secret:
|
||||
secretName: helm-client-secret
|
||||
EOF
|
||||
}
|
||||
@ -808,6 +808,8 @@ resources:
|
||||
- get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh
|
||||
- get_file: ../../common/templates/kubernetes/helm/metrics-server.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh
|
||||
- str_replace:
|
||||
template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
|
||||
params:
|
||||
|
||||
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Installs the metrics-server service that is replacing kubernetes deprecated
|
||||
heapster as a cluster wide metrics reporting service used by schedulling,
|
||||
HPA and others. This service is installed and configured using helm and so
|
||||
tiller_enabled flag must be True. Heapster service is maintained active to
|
||||
allow compatibility.
|
||||
Loading…
Reference in New Issue
Block a user