|
|
|
@ -1,8 +1,4 @@
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# this service is required because docker will start only after cloud init was finished
|
|
|
|
|
# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
|
|
|
|
|
|
|
|
|
|
#!/bin/bash -x
|
|
|
|
|
|
|
|
|
|
. /etc/sysconfig/heat-params
|
|
|
|
|
|
|
|
|
@ -11,18 +7,115 @@ if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "false" ]
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
KUBE_DASH_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}kubernetes-dashboard-amd64:${KUBE_DASHBOARD_VERSION}"
|
|
|
|
|
HEAPSTER_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-amd64:v1.4.2"
|
|
|
|
|
|
|
|
|
|
KUBE_DASH_DEPLOY=/srv/kubernetes/manifests/kube-dash-deploy.yaml
|
|
|
|
|
KUBE_DASH_DEPLOY=/srv/magnum/kubernetes/kubernetes-dashboard.yaml
|
|
|
|
|
|
|
|
|
|
[ -f ${KUBE_DASH_DEPLOY} ] || {
|
|
|
|
|
echo "Writing File: $KUBE_DASH_DEPLOY"
|
|
|
|
|
mkdir -p $(dirname ${KUBE_DASH_DEPLOY})
|
|
|
|
|
cat << EOF > ${KUBE_DASH_DEPLOY}
|
|
|
|
|
# Copyright 2017 The Kubernetes Authors.
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
|
|
# Configuration to deploy release version of the Dashboard UI compatible with
|
|
|
|
|
# Kubernetes 1.8.
|
|
|
|
|
#
|
|
|
|
|
# Example usage: kubectl create -f <this_file>
|
|
|
|
|
|
|
|
|
|
# ------------------- Dashboard Secret ------------------- #
|
|
|
|
|
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Secret
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
name: kubernetes-dashboard-certs
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
type: Opaque
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
# ------------------- Dashboard Service Account ------------------- #
|
|
|
|
|
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: ServiceAccount
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
name: kubernetes-dashboard
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
# ------------------- Dashboard Role & Role Binding ------------------- #
|
|
|
|
|
|
|
|
|
|
kind: Role
|
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
|
metadata:
|
|
|
|
|
name: kubernetes-dashboard-minimal
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
rules:
|
|
|
|
|
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
|
|
|
|
|
- apiGroups: [""]
|
|
|
|
|
resources: ["secrets"]
|
|
|
|
|
verbs: ["create"]
|
|
|
|
|
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
|
|
|
|
|
- apiGroups: [""]
|
|
|
|
|
resources: ["configmaps"]
|
|
|
|
|
verbs: ["create"]
|
|
|
|
|
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
|
|
|
|
|
- apiGroups: [""]
|
|
|
|
|
resources: ["secrets"]
|
|
|
|
|
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
|
|
|
|
|
verbs: ["get", "update", "delete"]
|
|
|
|
|
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
|
|
|
|
|
- apiGroups: [""]
|
|
|
|
|
resources: ["configmaps"]
|
|
|
|
|
resourceNames: ["kubernetes-dashboard-settings"]
|
|
|
|
|
verbs: ["get", "update"]
|
|
|
|
|
# Allow Dashboard to get metrics from heapster.
|
|
|
|
|
- apiGroups: [""]
|
|
|
|
|
resources: ["services"]
|
|
|
|
|
resourceNames: ["heapster"]
|
|
|
|
|
verbs: ["proxy"]
|
|
|
|
|
- apiGroups: [""]
|
|
|
|
|
resources: ["services/proxy"]
|
|
|
|
|
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
|
|
|
|
|
verbs: ["get"]
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
|
kind: RoleBinding
|
|
|
|
|
metadata:
|
|
|
|
|
name: kubernetes-dashboard-minimal
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
roleRef:
|
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
|
kind: Role
|
|
|
|
|
name: kubernetes-dashboard-minimal
|
|
|
|
|
subjects:
|
|
|
|
|
- kind: ServiceAccount
|
|
|
|
|
name: kubernetes-dashboard
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
# ------------------- Dashboard Deployment ------------------- #
|
|
|
|
|
|
|
|
|
|
kind: Deployment
|
|
|
|
|
apiVersion: extensions/v1beta1
|
|
|
|
|
apiVersion: apps/v1beta2
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
app: kubernetes-dashboard
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
name: kubernetes-dashboard
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
@ -30,114 +123,319 @@ spec:
|
|
|
|
|
revisionHistoryLimit: 10
|
|
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
|
|
|
|
app: kubernetes-dashboard
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
app: kubernetes-dashboard
|
|
|
|
|
# Comment the following annotation if Dashboard must not be deployed on master
|
|
|
|
|
annotations:
|
|
|
|
|
scheduler.alpha.kubernetes.io/tolerations: |
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"key": "dedicated",
|
|
|
|
|
"operator": "Equal",
|
|
|
|
|
"value": "master",
|
|
|
|
|
"effect": "NoSchedule"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: kubernetes-dashboard
|
|
|
|
|
env:
|
|
|
|
|
- name: POD_NAME
|
|
|
|
|
valueFrom:
|
|
|
|
|
fieldRef:
|
|
|
|
|
fieldPath: metadata.name
|
|
|
|
|
- name: POD_NAMESPACE
|
|
|
|
|
valueFrom:
|
|
|
|
|
fieldRef:
|
|
|
|
|
fieldPath: metadata.namespace
|
|
|
|
|
- name: POD_IP
|
|
|
|
|
valueFrom:
|
|
|
|
|
fieldRef:
|
|
|
|
|
fieldPath: status.podIP
|
|
|
|
|
image: ${KUBE_DASH_IMAGE}
|
|
|
|
|
imagePullPolicy: Always
|
|
|
|
|
ports:
|
|
|
|
|
- containerPort: 9090
|
|
|
|
|
- containerPort: 8443
|
|
|
|
|
protocol: TCP
|
|
|
|
|
args:
|
|
|
|
|
- --auto-generate-certificates
|
|
|
|
|
- --heapster-host=heapster:80
|
|
|
|
|
# Uncomment the following line to manually specify Kubernetes API server Host
|
|
|
|
|
# If not specified, Dashboard will attempt to auto discover the API server and connect
|
|
|
|
|
# to it. Uncomment only if the default does not work.
|
|
|
|
|
# - --apiserver-host=http://my-address:port
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: kubernetes-dashboard-certs
|
|
|
|
|
mountPath: /certs
|
|
|
|
|
# Create on-disk volume to store exec logs
|
|
|
|
|
- mountPath: /tmp
|
|
|
|
|
name: tmp-volume
|
|
|
|
|
livenessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
scheme: HTTPS
|
|
|
|
|
path: /
|
|
|
|
|
port: 9090
|
|
|
|
|
port: 8443
|
|
|
|
|
initialDelaySeconds: 30
|
|
|
|
|
timeoutSeconds: 30
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
volumes:
|
|
|
|
|
- name: kubernetes-dashboard-certs
|
|
|
|
|
secret:
|
|
|
|
|
secretName: kubernetes-dashboard-certs
|
|
|
|
|
- name: tmp-volume
|
|
|
|
|
emptyDir: {}
|
|
|
|
|
serviceAccountName: kubernetes-dashboard
|
|
|
|
|
# Comment the following tolerations if Dashboard must not be deployed on master
|
|
|
|
|
tolerations:
|
|
|
|
|
- key: node-role.kubernetes.io/master
|
|
|
|
|
effect: NoSchedule
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
# ------------------- Dashboard Service ------------------- #
|
|
|
|
|
|
|
|
|
|
KUBE_DASH_SVC=/srv/kubernetes/manifests/kube-dash-svc.yaml
|
|
|
|
|
[ -f ${KUBE_DASH_SVC} ] || {
|
|
|
|
|
echo "Writing File: $KUBE_DASH_SVC"
|
|
|
|
|
mkdir -p $(dirname ${KUBE_DASH_SVC})
|
|
|
|
|
cat << EOF > ${KUBE_DASH_SVC}
|
|
|
|
|
kind: Service
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
app: kubernetes-dashboard
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
name: kubernetes-dashboard
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
type: NodePort
|
|
|
|
|
ports:
|
|
|
|
|
- port: 80
|
|
|
|
|
targetPort: 9090
|
|
|
|
|
- port: 443
|
|
|
|
|
targetPort: 8443
|
|
|
|
|
selector:
|
|
|
|
|
app: kubernetes-dashboard
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
---
|
|
|
|
|
# Grant admin privileges to the dashboard serviceacount
|
|
|
|
|
|
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
|
|
|
kind: ClusterRoleBinding
|
|
|
|
|
metadata:
|
|
|
|
|
name: kubernetes-dashboard
|
|
|
|
|
labels:
|
|
|
|
|
k8s-app: kubernetes-dashboard
|
|
|
|
|
roleRef:
|
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
|
kind: ClusterRole
|
|
|
|
|
name: cluster-admin
|
|
|
|
|
subjects:
|
|
|
|
|
- kind: ServiceAccount
|
|
|
|
|
name: kubernetes-dashboard
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
KUBE_DASH_BIN=/usr/local/bin/kube-dash
|
|
|
|
|
[ -f ${KUBE_DASH_BIN} ] || {
|
|
|
|
|
echo "Writing File: $KUBE_DASH_BIN"
|
|
|
|
|
mkdir -p $(dirname ${KUBE_DASH_BIN})
|
|
|
|
|
cat << EOF > ${KUBE_DASH_BIN}
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
until curl -sf "http://127.0.0.1:8080/healthz"
|
|
|
|
|
do
|
|
|
|
|
echo "Waiting for Kubernetes API..."
|
|
|
|
|
sleep 5
|
|
|
|
|
done
|
|
|
|
|
INFLUX_SINK=""
|
|
|
|
|
# Deploy INFLUX AND GRAFANA
|
|
|
|
|
if [ "$(echo $INFLUX_GRAFANA_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then
|
|
|
|
|
INFLUX_SINK=" - --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086"
|
|
|
|
|
INFLUX_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-influxdb-amd64:v1.3.3"
|
|
|
|
|
GRAFANA_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-grafana-amd64:v4.4.3"
|
|
|
|
|
|
|
|
|
|
#echo check for existence of kubernetes-dashboard deployment
|
|
|
|
|
/usr/bin/kubectl get deployment kubernetes-dashboard --namespace=kube-system
|
|
|
|
|
INFLUX_DEPLOY=/srv/magnum/kubernetes/influxdb.yaml
|
|
|
|
|
GRAFANA_DEPLOY=/srv/magnum/kubernetes/grafana.yaml
|
|
|
|
|
|
|
|
|
|
if [ "\$?" != "0" ]; then
|
|
|
|
|
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-deploy.yaml --namespace=kube-system
|
|
|
|
|
fi
|
|
|
|
|
[ -f ${INFLUX_DEPLOY} ] || {
|
|
|
|
|
echo "Writing File: $INFLUX_DEPLOY"
|
|
|
|
|
mkdir -p $(dirname ${INFLUX_DEPLOY})
|
|
|
|
|
cat << EOF > ${INFLUX_DEPLOY}
|
|
|
|
|
apiVersion: extensions/v1beta1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: monitoring-influxdb
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
replicas: 1
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
task: monitoring
|
|
|
|
|
k8s-app: influxdb
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: influxdb
|
|
|
|
|
image: ${INFLUX_IMAGE}
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- mountPath: /data
|
|
|
|
|
name: influxdb-storage
|
|
|
|
|
volumes:
|
|
|
|
|
- name: influxdb-storage
|
|
|
|
|
emptyDir: {}
|
|
|
|
|
---
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Service
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
task: monitoring
|
|
|
|
|
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
|
|
|
|
|
# If you are NOT using this as an addon, you should comment out this line.
|
|
|
|
|
# kubernetes.io/cluster-service: 'true'
|
|
|
|
|
kubernetes.io/name: monitoring-influxdb
|
|
|
|
|
name: monitoring-influxdb
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
ports:
|
|
|
|
|
- port: 8086
|
|
|
|
|
targetPort: 8086
|
|
|
|
|
selector:
|
|
|
|
|
k8s-app: influxdb
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[ -f ${GRAFANA_DEPLOY} ] || {
|
|
|
|
|
echo "Writing File: $GRAFANA_DEPLOY"
|
|
|
|
|
mkdir -p $(dirname ${GRAFANA_DEPLOY})
|
|
|
|
|
cat << EOF > ${GRAFANA_DEPLOY}
|
|
|
|
|
apiVersion: extensions/v1beta1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: monitoring-grafana
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
replicas: 1
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
task: monitoring
|
|
|
|
|
k8s-app: grafana
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: grafana
|
|
|
|
|
image: ${GRAFANA_IMAGE}
|
|
|
|
|
ports:
|
|
|
|
|
- containerPort: 3000
|
|
|
|
|
protocol: TCP
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- mountPath: /etc/ssl/certs
|
|
|
|
|
name: ca-certificates
|
|
|
|
|
readOnly: true
|
|
|
|
|
- mountPath: /var
|
|
|
|
|
name: grafana-storage
|
|
|
|
|
env:
|
|
|
|
|
- name: INFLUXDB_HOST
|
|
|
|
|
value: monitoring-influxdb
|
|
|
|
|
- name: GF_SERVER_HTTP_PORT
|
|
|
|
|
value: "3000"
|
|
|
|
|
# The following env variables are required to make Grafana accessible via
|
|
|
|
|
# the kubernetes api-server proxy. On production clusters, we recommend
|
|
|
|
|
# removing these env variables, setup auth for grafana, and expose the grafana
|
|
|
|
|
# service using a LoadBalancer or a public IP.
|
|
|
|
|
- name: GF_AUTH_BASIC_ENABLED
|
|
|
|
|
value: "false"
|
|
|
|
|
- name: GF_AUTH_ANONYMOUS_ENABLED
|
|
|
|
|
value: "true"
|
|
|
|
|
- name: GF_AUTH_ANONYMOUS_ORG_ROLE
|
|
|
|
|
value: Admin
|
|
|
|
|
- name: GF_SERVER_ROOT_URL
|
|
|
|
|
# If you're only using the API Server proxy, set this value instead:
|
|
|
|
|
# value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
|
|
|
|
|
value: /
|
|
|
|
|
volumes:
|
|
|
|
|
- name: ca-certificates
|
|
|
|
|
hostPath:
|
|
|
|
|
path: /etc/ssl/certs
|
|
|
|
|
- name: grafana-storage
|
|
|
|
|
emptyDir: {}
|
|
|
|
|
---
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Service
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
|
|
|
|
|
# If you are NOT using this as an addon, you should comment out this line.
|
|
|
|
|
# kubernetes.io/cluster-service: 'true'
|
|
|
|
|
kubernetes.io/name: monitoring-grafana
|
|
|
|
|
name: monitoring-grafana
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
# In a production setup, we recommend accessing Grafana through an external Loadbalancer
|
|
|
|
|
# or through a public IP.
|
|
|
|
|
# type: LoadBalancer
|
|
|
|
|
# You could also use NodePort to expose the service at a randomly-generated port
|
|
|
|
|
# type: NodePort
|
|
|
|
|
ports:
|
|
|
|
|
- port: 80
|
|
|
|
|
targetPort: 3000
|
|
|
|
|
selector:
|
|
|
|
|
k8s-app: grafana
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#echo check for existence of kubernetes-dashboard service
|
|
|
|
|
/usr/bin/kubectl get service kubernetes-dashboard --namespace=kube-system
|
|
|
|
|
echo "Waiting for Kubernetes API..."
|
|
|
|
|
until curl --silent "http://127.0.0.1:8080/version"
|
|
|
|
|
do
|
|
|
|
|
sleep 5
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ "\$?" != "0" ]; then
|
|
|
|
|
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-svc.yaml --namespace=kube-system
|
|
|
|
|
kubectl apply --validate=false -f $INFLUX_DEPLOY
|
|
|
|
|
kubectl apply --validate=false -f $GRAFANA_DEPLOY
|
|
|
|
|
fi
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
KUBE_DASH_SERVICE=/etc/systemd/system/kube-dash.service
|
|
|
|
|
[ -f ${KUBE_DASH_SERVICE} ] || {
|
|
|
|
|
echo "Writing File: $KUBE_DASH_SERVICE"
|
|
|
|
|
mkdir -p $(dirname ${KUBE_DASH_SERVICE})
|
|
|
|
|
cat << EOF > ${KUBE_DASH_SERVICE}
|
|
|
|
|
[Unit]
|
|
|
|
|
Description=Enable kubernetes dashboard
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
Type=oneshot
|
|
|
|
|
Environment=HOME=/root
|
|
|
|
|
EnvironmentFile=-/etc/kubernetes/config
|
|
|
|
|
ExecStart=${KUBE_DASH_BIN}
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
|
# Deploy Heapster
|
|
|
|
|
HEAPSTER_DEPLOY=/srv/magnum/kubernetes/heapster-controller.yaml
|
|
|
|
|
|
|
|
|
|
[ -f ${HEAPSTER_DEPLOY} ] || {
|
|
|
|
|
echo "Writing File: $HEAPSTER_DEPLOY"
|
|
|
|
|
mkdir -p $(dirname ${HEAPSTER_DEPLOY})
|
|
|
|
|
cat << EOF > ${HEAPSTER_DEPLOY}
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: ServiceAccount
|
|
|
|
|
metadata:
|
|
|
|
|
name: heapster
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
---
|
|
|
|
|
apiVersion: extensions/v1beta1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: heapster
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
replicas: 1
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
task: monitoring
|
|
|
|
|
k8s-app: heapster
|
|
|
|
|
spec:
|
|
|
|
|
serviceAccountName: heapster
|
|
|
|
|
containers:
|
|
|
|
|
- name: heapster
|
|
|
|
|
image: ${HEAPSTER_IMAGE}
|
|
|
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
|
command:
|
|
|
|
|
- /heapster
|
|
|
|
|
- --source=kubernetes:https://kubernetes.default
|
|
|
|
|
${INFLUX_SINK}
|
|
|
|
|
---
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Service
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
task: monitoring
|
|
|
|
|
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
|
|
|
|
|
# If you are NOT using this as an addon, you should comment out this line.
|
|
|
|
|
kubernetes.io/cluster-service: 'true'
|
|
|
|
|
kubernetes.io/name: Heapster
|
|
|
|
|
name: heapster
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
ports:
|
|
|
|
|
- port: 80
|
|
|
|
|
targetPort: 8082
|
|
|
|
|
selector:
|
|
|
|
|
k8s-app: heapster
|
|
|
|
|
---
|
|
|
|
|
kind: ClusterRoleBinding
|
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
|
|
|
metadata:
|
|
|
|
|
name: heapster
|
|
|
|
|
roleRef:
|
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
|
kind: ClusterRole
|
|
|
|
|
name: system:heapster
|
|
|
|
|
subjects:
|
|
|
|
|
- kind: ServiceAccount
|
|
|
|
|
name: heapster
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
chown root:root ${KUBE_DASH_BIN}
|
|
|
|
|
chmod 0755 ${KUBE_DASH_BIN}
|
|
|
|
|
|
|
|
|
|
chown root:root ${KUBE_DASH_SERVICE}
|
|
|
|
|
chmod 0644 ${KUBE_DASH_SERVICE}
|
|
|
|
|
echo "Waiting for Kubernetes API..."
|
|
|
|
|
until curl --silent "http://127.0.0.1:8080/version"
|
|
|
|
|
do
|
|
|
|
|
sleep 5
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
systemctl enable kube-dash
|
|
|
|
|
systemctl start --no-block kube-dash
|
|
|
|
|
kubectl apply --validate=false -f $KUBE_DASH_DEPLOY
|
|
|
|
|
kubectl apply --validate=false -f $HEAPSTER_DEPLOY
|
|
|
|
|