diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh index ac7ffeab39..3a97b355c4 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh @@ -68,6 +68,15 @@ else KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt" KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key" KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key --kubelet-https=true" + # Allow for metrics-server/aggregator communication + KUBE_API_ARGS="${KUBE_API_ARGS} \ + --proxy-client-cert-file=${CERT_DIR}/server.crt \ + --proxy-client-key-file=${CERT_DIR}/server.key \ + --requestheader-allowed-names=front-proxy-client,kube,kubernetes \ + --requestheader-client-ca-file=${CERT_DIR}/ca.crt \ + --requestheader-extra-headers-prefix=X-Remote-Extra- \ + --requestheader-group-headers=X-Remote-Group \ + --requestheader-username-headers=X-Remote-User" fi KUBE_ADMISSION_CONTROL="" diff --git a/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh new file mode 100644 index 0000000000..20d11c8d13 --- /dev/null +++ b/magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +step="install-helm-modules.sh" +printf "Starting to run ${step}\n" + +. /etc/sysconfig/heat-params + +set -ex + +echo "Waiting for Kubernetes API..." +until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ] +do + sleep 5 +done + +if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ]; then + echo "Use --labels tiller_enabled=True to allow for tiller dependent resources to be installed" +else + HELM_MODULES_PATH="/srv/magnum/kubernetes/helm" + chmod +x ${HELM_MODULES_PATH}/* + helm_modules=(${HELM_MODULES_PATH}/*) + + for module in "${helm_modules[@]}"; do + echo "" + kubectl apply -f ${module} + done +fi + +printf "Finished running ${step}\n" diff --git a/magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh b/magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh new file mode 100755 index 0000000000..bcd5b368a0 --- /dev/null +++ b/magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +set -ex + +CHART_NAME="metrics-server" +CHART_VERSION="2.1.0" + +HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml" +[ -f ${HELM_MODULE_CONFIG_FILE} ] || { + echo "Writing File: ${HELM_MODULE_CONFIG_FILE}" + mkdir -p $(dirname ${HELM_MODULE_CONFIG_FILE}) + cat << EOF > ${HELM_MODULE_CONFIG_FILE} +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: ${CHART_NAME}-config + namespace: magnum-tiller + labels: + app: helm +data: + install-${CHART_NAME}.sh: | + #!/bin/bash + set -e + set -x + mkdir -p \${HELM_HOME} + cp /etc/helm/* \${HELM_HOME} + + # HACK - Force wait because of bug https://github.com/helm/helm/issues/5170 + until helm init --client-only --wait + do + sleep 5s + done + helm repo update + + if [[ \$(helm history metrics-server | grep metrics-server) ]]; then + echo "${CHART_NAME} already installed on server. Continue..." + exit 0 + else + helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version v${CHART_VERSION} + fi + +--- + +apiVersion: batch/v1 +kind: Job +metadata: + name: install-${CHART_NAME}-job + namespace: magnum-tiller +spec: + backoffLimit: 5 + template: + spec: + serviceAccountName: tiller + containers: + - name: config-helm + image: docker.io/openstackmagnum/helm-client:dev + command: + - bash + args: + - /opt/magnum/install-${CHART_NAME}.sh + env: + - name: HELM_HOME + value: /helm_home + - name: TILLER_NAMESPACE + value: magnum-tiller + - name: HELM_TLS_ENABLE + value: "true" + volumeMounts: + - name: install-${CHART_NAME}-config + mountPath: /opt/magnum/ + - mountPath: /etc/helm + name: helm-client-certs + restartPolicy: Never + volumes: + - name: install-${CHART_NAME}-config + configMap: + name: ${CHART_NAME}-config + - name: helm-client-certs + secret: + secretName: helm-client-secret +EOF +} diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index 97a4d35f2f..cd3ad8f3f0 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -808,6 +808,8 @@ resources: - get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh - get_file: ../../common/templates/kubernetes/fragments/calico-service.sh - get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh + - get_file: ../../common/templates/kubernetes/helm/metrics-server.sh + - get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh - str_replace: template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh} params: diff --git a/releasenotes/notes/helm-install-metrics-service-cd18be76c4ed0e5f.yaml b/releasenotes/notes/helm-install-metrics-service-cd18be76c4ed0e5f.yaml new file mode 100644 index 0000000000..892cac1e18 --- /dev/null +++ b/releasenotes/notes/helm-install-metrics-service-cd18be76c4ed0e5f.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Installs the metrics-server service that is replacing kubernetes deprecated + heapster as a cluster wide metrics reporting service used by schedulling, + HPA and others. This service is installed and configured using helm and so + tiller_enabled flag must be True. Heapster service is maintained active to + allow compatibility.