[k8s] helm install metrics service

* Add Folder specific for helm managed resources
* Add first use case of helm install script
* Install metrics-server with helm (parallel to heapster to allow back compatibility)
* Added extra ARGS to kube-apiserver to enable communication with metrics-server

Known Issues:
  * Tiller pod sometimes is presented as not active due to (possibly) Heartbeat/Healthz

story: 2004816
task: 28980
depends_on: I99d3a78085ba10030200f12bbfe58a72964e2326
Change-Id: I1b2432bc09ccde02e43124ed010120b99d853d65
Signed-off-by: Diogo Guerra <dy090.guerra@gmail.com>

magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

@@ -68,6 +68,15 @@ else
     KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
     KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key"
     KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key --kubelet-https=true"
+    # Allow for metrics-server/aggregator communication
+    KUBE_API_ARGS="${KUBE_API_ARGS} \
+        --proxy-client-cert-file=${CERT_DIR}/server.crt \
+        --proxy-client-key-file=${CERT_DIR}/server.key \
+        --requestheader-allowed-names=front-proxy-client,kube,kubernetes \
+        --requestheader-client-ca-file=${CERT_DIR}/ca.crt \
+        --requestheader-extra-headers-prefix=X-Remote-Extra- \
+        --requestheader-group-headers=X-Remote-Group \
+        --requestheader-username-headers=X-Remote-User"
 fi
 
 KUBE_ADMISSION_CONTROL=""

magnum/drivers/common/templates/kubernetes/fragments/install-helm-modules.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+step="install-helm-modules.sh"
+printf "Starting to run ${step}\n"
+
+. /etc/sysconfig/heat-params
+
+set -ex
+
+echo "Waiting for Kubernetes API..."
+until  [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
+do
+    sleep 5
+done
+
+if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ]; then
+    echo "Use --labels tiller_enabled=True to allow for tiller dependent resources to be installed"
+else
+    HELM_MODULES_PATH="/srv/magnum/kubernetes/helm"
+    chmod +x ${HELM_MODULES_PATH}/*
+    helm_modules=(${HELM_MODULES_PATH}/*)
+
+    for module in "${helm_modules[@]}"; do
+        echo ""
+        kubectl apply -f ${module}
+    done
+fi
+
+printf "Finished running ${step}\n"

magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+
+set -ex
+
+CHART_NAME="metrics-server"
+CHART_VERSION="2.1.0"
+
+HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml"
+[ -f ${HELM_MODULE_CONFIG_FILE} ] || {
+    echo "Writing File: ${HELM_MODULE_CONFIG_FILE}"
+    mkdir -p $(dirname ${HELM_MODULE_CONFIG_FILE})
+    cat << EOF > ${HELM_MODULE_CONFIG_FILE}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: ${CHART_NAME}-config
+  namespace: magnum-tiller
+  labels:
+    app: helm
+data:
+  install-${CHART_NAME}.sh: |
+    #!/bin/bash
+    set -e
+    set -x
+    mkdir -p \${HELM_HOME}
+    cp /etc/helm/* \${HELM_HOME}
+
+    # HACK - Force wait because of bug https://github.com/helm/helm/issues/5170
+    until helm init --client-only --wait
+    do
+        sleep 5s
+    done
+    helm repo update
+
+    if [[ \$(helm history metrics-server | grep metrics-server) ]]; then
+        echo "${CHART_NAME} already installed on server. Continue..."
+        exit 0
+    else
+        helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version v${CHART_VERSION}
+    fi
+
+---
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: install-${CHART_NAME}-job
+  namespace: magnum-tiller
+spec:
+  backoffLimit: 5
+  template:
+    spec:
+      serviceAccountName: tiller
+      containers:
+      - name: config-helm
+        image: docker.io/openstackmagnum/helm-client:dev
+        command:
+        - bash
+        args:
+        - /opt/magnum/install-${CHART_NAME}.sh
+        env:
+        - name: HELM_HOME
+          value: /helm_home
+        - name: TILLER_NAMESPACE
+          value: magnum-tiller
+        - name: HELM_TLS_ENABLE
+          value: "true"
+        volumeMounts:
+        - name: install-${CHART_NAME}-config
+          mountPath: /opt/magnum/
+        - mountPath: /etc/helm
+          name: helm-client-certs
+      restartPolicy: Never
+      volumes:
+      - name: install-${CHART_NAME}-config
+        configMap:
+          name: ${CHART_NAME}-config
+      - name: helm-client-certs
+        secret:
+          secretName: helm-client-secret
+EOF
+}

magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

@@ -808,6 +808,8 @@ resources:
             - get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
             - get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
             - get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh
+            - get_file: ../../common/templates/kubernetes/helm/metrics-server.sh
+            - get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh
             - str_replace:
                 template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
                 params:

releasenotes/notes/helm-install-metrics-service-cd18be76c4ed0e5f.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Installs the metrics-server service that is replacing kubernetes deprecated
+    heapster as a cluster wide metrics reporting service used by schedulling,
+    HPA and others. This service is installed and configured using helm and so
+    tiller_enabled flag must be True. Heapster service is maintained active to
+    allow compatibility.