Browse Source

[k8s] helm install metrics service

* Add Folder specific for helm managed resources
* Add first use case of helm install script
* Install metrics-server with helm (parallel to heapster to allow back compatibility)
* Added extra ARGS to kube-apiserver to enable communication with metrics-server

Known Issues:
  * Tiller pod sometimes is presented as not active due to (possibly) Heartbeat/Healthz

story: 2004816
task: 28980
depends_on: I99d3a78085ba10030200f12bbfe58a72964e2326
Change-Id: I1b2432bc09ccde02e43124ed010120b99d853d65
Signed-off-by: Diogo Guerra <dy090.guerra@gmail.com>
changes/92/632392/13
Diogo Guerra 3 years ago
parent
commit
230ad3f2db
  1. 9
      magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
  2. 29
      magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh
  3. 83
      magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh
  4. 2
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
  5. 8
      releasenotes/notes/helm-install-metrics-service-cd18be76c4ed0e5f.yaml

9
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

@ -68,6 +68,15 @@ else
KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key"
KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key --kubelet-https=true"
# Allow for metrics-server/aggregator communication
KUBE_API_ARGS="${KUBE_API_ARGS} \
--proxy-client-cert-file=${CERT_DIR}/server.crt \
--proxy-client-key-file=${CERT_DIR}/server.key \
--requestheader-allowed-names=front-proxy-client,kube,kubernetes \
--requestheader-client-ca-file=${CERT_DIR}/ca.crt \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User"
fi
KUBE_ADMISSION_CONTROL=""

29
magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh

@ -0,0 +1,29 @@
#!/bin/bash
step="install-helm-modules.sh"
printf "Starting to run ${step}\n"
. /etc/sysconfig/heat-params
set -ex
echo "Waiting for Kubernetes API..."
until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
do
sleep 5
done
if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ]; then
echo "Use --labels tiller_enabled=True to allow for tiller dependent resources to be installed"
else
HELM_MODULES_PATH="/srv/magnum/kubernetes/helm"
chmod +x ${HELM_MODULES_PATH}/*
helm_modules=(${HELM_MODULES_PATH}/*)
for module in "${helm_modules[@]}"; do
echo ""
kubectl apply -f ${module}
done
fi
printf "Finished running ${step}\n"

83
magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh

@ -0,0 +1,83 @@
#!/bin/bash
set -ex
CHART_NAME="metrics-server"
CHART_VERSION="2.1.0"
HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
[ -f ${HELM_MODULE_CONFIG_FILE} ] || {
echo "Writing File: ${HELM_MODULE_CONFIG_FILE}"
mkdir -p $(dirname ${HELM_MODULE_CONFIG_FILE})
cat << EOF > ${HELM_MODULE_CONFIG_FILE}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: ${CHART_NAME}-config
namespace: magnum-tiller
labels:
app: helm
data:
install-${CHART_NAME}.sh: |
#!/bin/bash
set -e
set -x
mkdir -p \${HELM_HOME}
cp /etc/helm/* \${HELM_HOME}
# HACK - Force wait because of bug https://github.com/helm/helm/issues/5170
until helm init --client-only --wait
do
sleep 5s
done
helm repo update
if [[ \$(helm history metrics-server | grep metrics-server) ]]; then
echo "${CHART_NAME} already installed on server. Continue..."
exit 0
else
helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version v${CHART_VERSION}
fi
---
apiVersion: batch/v1
kind: Job
metadata:
name: install-${CHART_NAME}-job
namespace: magnum-tiller
spec:
backoffLimit: 5
template:
spec:
serviceAccountName: tiller
containers:
- name: config-helm
image: docker.io/openstackmagnum/helm-client:dev
command:
- bash
args:
- /opt/magnum/install-${CHART_NAME}.sh
env:
- name: HELM_HOME
value: /helm_home
- name: TILLER_NAMESPACE
value: magnum-tiller
- name: HELM_TLS_ENABLE
value: "true"
volumeMounts:
- name: install-${CHART_NAME}-config
mountPath: /opt/magnum/
- mountPath: /etc/helm
name: helm-client-certs
restartPolicy: Never
volumes:
- name: install-${CHART_NAME}-config
configMap:
name: ${CHART_NAME}-config
- name: helm-client-certs
secret:
secretName: helm-client-secret
EOF
}

2
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

@ -808,6 +808,8 @@ resources:
- get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
- get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
- get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh
- get_file: ../../common/templates/kubernetes/helm/metrics-server.sh
- get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh
- str_replace:
template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
params:

8
releasenotes/notes/helm-install-metrics-service-cd18be76c4ed0e5f.yaml

@ -0,0 +1,8 @@
---
features:
- |
Installs the metrics-server service that is replacing kubernetes deprecated
heapster as a cluster wide metrics reporting service used by schedulling,
HPA and others. This service is installed and configured using helm and so
tiller_enabled flag must be True. Heapster service is maintained active to
allow compatibility.
Loading…
Cancel
Save