Browse Source

Update kubernetes dashboard to v1.8.3

Add the RBAC enabled kubernetes-dashboard with
version v1.8.3.

Related-Bug: #1680900
Change-Id: I68a17d22dda9661c81f40bcc9db06f7456790958
changes/65/507465/17
Spyros Trigazis 4 years ago
committed by Feilong Wang
parent
commit
30785acd3c
  1. 8
      doc/source/user/index.rst
  2. 2
      magnum/drivers/common/image/heat-container-agent/Dockerfile
  3. 460
      magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh
  4. 1
      magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
  5. 3
      magnum/drivers/heat/k8s_template_def.py
  6. 6
      magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
  7. 5
      magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml
  8. 8
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
  9. 26
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
  10. 6
      magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
  11. 5
      magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
  12. 11
      magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
  13. 8
      magnum/tests/unit/drivers/test_template_definition.py
  14. 8
      releasenotes/notes/update-kubernetes-dashboard-5196831c32d55aee.yaml

8
doc/source/user/index.rst

@ -345,6 +345,9 @@ the table are linked to more details elsewhere in the user guide.
| `kube_dashboard_enabled`_ | - true | true |
| | - false | |
+---------------------------------------+--------------------+---------------+
| `influx_grafana_dashboard_enabled`_ | - true | false |
| | - false | |
+---------------------------------------+--------------------+---------------+
| `docker_volume_type`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `etcd_volume_size`_ | etcd storage | 0 |
@ -1184,6 +1187,11 @@ _`kubescheduler_options`
<https://kubernetes.io/docs/admin/kube-scheduler//>`_.
By default no additional options are passed.
_`influx_grafana_dashboard_enabled`
The kubernetes dashboard comes with heapster enabled. If this
label is set, an influxdb and grafana instance will be deployed,
heapster will push data to influx and grafana will project them.
External load balancer for services
-----------------------------------

2
magnum/drivers/common/image/heat-container-agent/Dockerfile

@ -15,7 +15,7 @@ RUN dnf -y --setopt=tsflags=nodocs install \
findutils os-collect-config os-apply-config \
os-refresh-config dib-utils python-pip python-docker-py \
python-yaml python-zaqarclient python2-oslo-log \
python-psutil && dnf clean all
python-psutil kubernetes-client && dnf clean all
# pip installing dpath as python-dpath is an older version of dpath
# install docker-compose

460
magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh

@ -1,8 +1,4 @@
#!/bin/sh
# this service is required because docker will start only after cloud init was finished
# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
#!/bin/bash -x
. /etc/sysconfig/heat-params
@ -11,18 +7,115 @@ if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "false" ]
fi
KUBE_DASH_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}kubernetes-dashboard-amd64:${KUBE_DASHBOARD_VERSION}"
HEAPSTER_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-amd64:v1.4.2"
KUBE_DASH_DEPLOY=/srv/kubernetes/manifests/kube-dash-deploy.yaml
KUBE_DASH_DEPLOY=/srv/magnum/kubernetes/kubernetes-dashboard.yaml
[ -f ${KUBE_DASH_DEPLOY} ] || {
echo "Writing File: $KUBE_DASH_DEPLOY"
mkdir -p $(dirname ${KUBE_DASH_DEPLOY})
cat << EOF > ${KUBE_DASH_DEPLOY}
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Configuration to deploy release version of the Dashboard UI compatible with
# Kubernetes 1.8.
#
# Example usage: kubectl create -f <this_file>
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: extensions/v1beta1
apiVersion: apps/v1beta2
metadata:
labels:
app: kubernetes-dashboard
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
@ -30,114 +123,319 @@ spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: kubernetes-dashboard
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
# Comment the following annotation if Dashboard must not be deployed on master
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: ${KUBE_DASH_IMAGE}
imagePullPolicy: Always
ports:
- containerPort: 9090
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --heapster-host=heapster:80
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 9090
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
EOF
}
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
KUBE_DASH_SVC=/srv/kubernetes/manifests/kube-dash-svc.yaml
[ -f ${KUBE_DASH_SVC} ] || {
echo "Writing File: $KUBE_DASH_SVC"
mkdir -p $(dirname ${KUBE_DASH_SVC})
cat << EOF > ${KUBE_DASH_SVC}
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
- port: 443
targetPort: 8443
selector:
app: kubernetes-dashboard
k8s-app: kubernetes-dashboard
---
# Grant admin privileges to the dashboard serviceacount
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
EOF
}
KUBE_DASH_BIN=/usr/local/bin/kube-dash
[ -f ${KUBE_DASH_BIN} ] || {
echo "Writing File: $KUBE_DASH_BIN"
mkdir -p $(dirname ${KUBE_DASH_BIN})
cat << EOF > ${KUBE_DASH_BIN}
#!/bin/sh
until curl -sf "http://127.0.0.1:8080/healthz"
do
echo "Waiting for Kubernetes API..."
sleep 5
done
INFLUX_SINK=""
# Deploy INFLUX AND GRAFANA
if [ "$(echo $INFLUX_GRAFANA_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then
INFLUX_SINK=" - --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086"
INFLUX_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-influxdb-amd64:v1.3.3"
GRAFANA_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-grafana-amd64:v4.4.3"
#echo check for existence of kubernetes-dashboard deployment
/usr/bin/kubectl get deployment kubernetes-dashboard --namespace=kube-system
INFLUX_DEPLOY=/srv/magnum/kubernetes/influxdb.yaml
GRAFANA_DEPLOY=/srv/magnum/kubernetes/grafana.yaml
if [ "\$?" != "0" ]; then
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-deploy.yaml --namespace=kube-system
fi
[ -f ${INFLUX_DEPLOY} ] || {
echo "Writing File: $INFLUX_DEPLOY"
mkdir -p $(dirname ${INFLUX_DEPLOY})
cat << EOF > ${INFLUX_DEPLOY}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: monitoring-influxdb
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
task: monitoring
k8s-app: influxdb
spec:
containers:
- name: influxdb
image: ${INFLUX_IMAGE}
volumeMounts:
- mountPath: /data
name: influxdb-storage
volumes:
- name: influxdb-storage
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
task: monitoring
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
# If you are NOT using this as an addon, you should comment out this line.
# kubernetes.io/cluster-service: 'true'
kubernetes.io/name: monitoring-influxdb
name: monitoring-influxdb
namespace: kube-system
spec:
ports:
- port: 8086
targetPort: 8086
selector:
k8s-app: influxdb
EOF
}
[ -f ${GRAFANA_DEPLOY} ] || {
echo "Writing File: $GRAFANA_DEPLOY"
mkdir -p $(dirname ${GRAFANA_DEPLOY})
cat << EOF > ${GRAFANA_DEPLOY}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: monitoring-grafana
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
task: monitoring
k8s-app: grafana
spec:
containers:
- name: grafana
image: ${GRAFANA_IMAGE}
ports:
- containerPort: 3000
protocol: TCP
volumeMounts:
- mountPath: /etc/ssl/certs
name: ca-certificates
readOnly: true
- mountPath: /var
name: grafana-storage
env:
- name: INFLUXDB_HOST
value: monitoring-influxdb
- name: GF_SERVER_HTTP_PORT
value: "3000"
# The following env variables are required to make Grafana accessible via
# the kubernetes api-server proxy. On production clusters, we recommend
# removing these env variables, setup auth for grafana, and expose the grafana
# service using a LoadBalancer or a public IP.
- name: GF_AUTH_BASIC_ENABLED
value: "false"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "true"
- name: GF_AUTH_ANONYMOUS_ORG_ROLE
value: Admin
- name: GF_SERVER_ROOT_URL
# If you're only using the API Server proxy, set this value instead:
# value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
value: /
volumes:
- name: ca-certificates
hostPath:
path: /etc/ssl/certs
- name: grafana-storage
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
# If you are NOT using this as an addon, you should comment out this line.
# kubernetes.io/cluster-service: 'true'
kubernetes.io/name: monitoring-grafana
name: monitoring-grafana
namespace: kube-system
spec:
# In a production setup, we recommend accessing Grafana through an external Loadbalancer
# or through a public IP.
# type: LoadBalancer
# You could also use NodePort to expose the service at a randomly-generated port
# type: NodePort
ports:
- port: 80
targetPort: 3000
selector:
k8s-app: grafana
EOF
}
#echo check for existence of kubernetes-dashboard service
/usr/bin/kubectl get service kubernetes-dashboard --namespace=kube-system
echo "Waiting for Kubernetes API..."
until curl --silent "http://127.0.0.1:8080/version"
do
sleep 5
done
if [ "\$?" != "0" ]; then
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-svc.yaml --namespace=kube-system
kubectl apply --validate=false -f $INFLUX_DEPLOY
kubectl apply --validate=false -f $GRAFANA_DEPLOY
fi
EOF
}
KUBE_DASH_SERVICE=/etc/systemd/system/kube-dash.service
[ -f ${KUBE_DASH_SERVICE} ] || {
echo "Writing File: $KUBE_DASH_SERVICE"
mkdir -p $(dirname ${KUBE_DASH_SERVICE})
cat << EOF > ${KUBE_DASH_SERVICE}
[Unit]
Description=Enable kubernetes dashboard
[Service]
Type=oneshot
Environment=HOME=/root
EnvironmentFile=-/etc/kubernetes/config
ExecStart=${KUBE_DASH_BIN}
[Install]
WantedBy=multi-user.target
# Deploy Heapster
HEAPSTER_DEPLOY=/srv/magnum/kubernetes/heapster-controller.yaml
[ -f ${HEAPSTER_DEPLOY} ] || {
echo "Writing File: $HEAPSTER_DEPLOY"
mkdir -p $(dirname ${HEAPSTER_DEPLOY})
cat << EOF > ${HEAPSTER_DEPLOY}
apiVersion: v1
kind: ServiceAccount
metadata:
name: heapster
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: heapster
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
task: monitoring
k8s-app: heapster
spec:
serviceAccountName: heapster
containers:
- name: heapster
image: ${HEAPSTER_IMAGE}
imagePullPolicy: IfNotPresent
command:
- /heapster
- --source=kubernetes:https://kubernetes.default
${INFLUX_SINK}
---
apiVersion: v1
kind: Service
metadata:
labels:
task: monitoring
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
# If you are NOT using this as an addon, you should comment out this line.
kubernetes.io/cluster-service: 'true'
kubernetes.io/name: Heapster
name: heapster
namespace: kube-system
spec:
ports:
- port: 80
targetPort: 8082
selector:
k8s-app: heapster
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: heapster
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:heapster
subjects:
- kind: ServiceAccount
name: heapster
namespace: kube-system
EOF
}
chown root:root ${KUBE_DASH_BIN}
chmod 0755 ${KUBE_DASH_BIN}
chown root:root ${KUBE_DASH_SERVICE}
chmod 0644 ${KUBE_DASH_SERVICE}
echo "Waiting for Kubernetes API..."
until curl --silent "http://127.0.0.1:8080/version"
do
sleep 5
done
systemctl enable kube-dash
systemctl start --no-block kube-dash
kubectl apply --validate=false -f $KUBE_DASH_DEPLOY
kubectl apply --validate=false -f $HEAPSTER_DEPLOY

1
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml

@ -31,6 +31,7 @@ write_files:
CLUSTER_SUBNET="$CLUSTER_SUBNET"
TLS_DISABLED="$TLS_DISABLED"
KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
INFLUX_GRAFANA_DASHBOARD_ENABLED="$INFLUX_GRAFANA_DASHBOARD_ENABLED"
VERIFY_CA="$VERIFY_CA"
CLUSTER_UUID="$CLUSTER_UUID"
MAGNUM_URL="$MAGNUM_URL"

3
magnum/drivers/heat/k8s_template_def.py

@ -121,7 +121,8 @@ class K8sTemplateDefinition(template_def.BaseTemplateDefinition):
'kubeapi_options',
'kubeproxy_options',
'kubecontroller_options',
'kubescheduler_options']
'kubescheduler_options',
'influx_grafana_dashboard_enabled']
for label in label_list:
extra_params[label] = cluster.labels.get(label)

6
magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml

@ -155,6 +155,11 @@ parameters:
description: whether or not to disable kubernetes dashboard
default: True
influx_grafana_dashboard_enabled:
type: boolean
description: Enable influxdb with grafana dashboard for data from heapster
default: False
verify_ca:
type: boolean
description: whether or not to validate certificate authority
@ -459,6 +464,7 @@ resources:
kubernetes_port: {get_param: kubernetes_port}
tls_disabled: {get_param: tls_disabled}
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
verify_ca: {get_param: verify_ca}
secgroup_kube_master_id: {get_resource: secgroup_master}
http_proxy: {get_param: http_proxy}

5
magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml

@ -115,6 +115,10 @@ parameters:
type: boolean
description: whether or not to disable kubernetes dashboard
influx_grafana_dashboard_enabled:
type: boolean
description: whether or not to disable kubernetes dashboard
verify_ca:
type: boolean
description: whether or not to validate certificate authority
@ -293,6 +297,7 @@ resources:
"$TLS_DISABLED": {get_param: tls_disabled}
"$VERIFY_CA": {get_param: verify_ca}
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: enable_influx_grafana_dashboard}
"$KUBE_VERSION": {get_param: kube_version}
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
"$CLUSTER_UUID": {get_param: cluster_uuid}

8
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

@ -250,6 +250,11 @@ parameters:
description: whether or not to enable kubernetes dashboard
default: True
influx_grafana_dashboard_enabled:
type: boolean
description: Enable influxdb with grafana dashboard for data from heapster
default: False
verify_ca:
type: boolean
description: whether or not to validate certificate authority
@ -333,7 +338,7 @@ parameters:
kube_dashboard_version:
type: string
description: version of kubernetes dashboard used for kubernetes cluster
default: v1.5.1
default: v1.8.3
insecure_registry_url:
type: string
@ -631,6 +636,7 @@ resources:
kubernetes_port: {get_param: kubernetes_port}
tls_disabled: {get_param: tls_disabled}
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
verify_ca: {get_param: verify_ca}
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
http_proxy: {get_param: http_proxy}

26
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml

@ -112,6 +112,10 @@ parameters:
type: boolean
description: whether or not to disable kubernetes dashboard
influx_grafana_dashboard_enabled:
type: boolean
description: Enable influxdb with grafana dashboard for data from heapster
verify_ca:
type: boolean
description: whether or not to validate certificate authority
@ -410,6 +414,7 @@ resources:
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
"$TLS_DISABLED": {get_param: tls_disabled}
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
"$VERIFY_CA": {get_param: verify_ca}
"$CLUSTER_UUID": {get_param: cluster_uuid}
"$MAGNUM_URL": {get_param: magnum_url}
@ -512,12 +517,6 @@ resources:
group: ungrouped
config: {get_file: ../../common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh}
kube_ui_service:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
core_dns_service:
type: OS::Heat::SoftwareConfig
properties:
@ -567,7 +566,6 @@ resources:
- config: {get_resource: network_config_service}
- config: {get_resource: kube_apiserver_to_kubelet_role}
- config: {get_resource: core_dns_service}
- config: {get_resource: kube_ui_service}
- config: {get_resource: master_wc_notify}
enable_prometheus_monitoring:
@ -638,6 +636,20 @@ resources:
server: {get_resource: kube-master}
actions: ['CREATE']
kubernetes_dashboard:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
kubernetes_dashboard_deployment:
type: OS::Heat::SoftwareDeployment
properties:
signal_transport: HEAT_SIGNAL
config: {get_resource: kubernetes_dashboard}
server: {get_resource: kube-master}
actions: ['CREATE']
######################################################################
#
# a single kubernetes master.

6
magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml

@ -248,6 +248,11 @@ parameters:
description: whether or not to disable kubernetes dashboard
default: True
influx_grafana_dashboard_enabled:
type: boolean
description: Enable influxdb with grafana dashboard for data from heapster
default: False
verify_ca:
type: boolean
description: whether or not to validate certificate authority
@ -510,6 +515,7 @@ resources:
kubernetes_port: {get_param: kubernetes_port}
tls_disabled: {get_param: tls_disabled}
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
verify_ca: {get_param: verify_ca}
secgroup_base_id: {get_resource: secgroup_base}
secgroup_kube_master_id: {get_resource: secgroup_kube_master}

5
magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml

@ -97,6 +97,10 @@ parameters:
type: boolean
description: whether or not to disable kubernetes dashboard
influx_grafana_dashboard_enabled:
type: boolean
description: Enable influxdb with grafana dashboard for data from heapster
verify_ca:
type: boolean
description: whether or not to validate certificate authority
@ -299,6 +303,7 @@ resources:
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
"$TLS_DISABLED": {get_param: tls_disabled}
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
"$VERIFY_CA": {get_param: verify_ca}
"$CLUSTER_UUID": {get_param: cluster_uuid}
"$MAGNUM_URL": {get_param: magnum_url}

11
magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py

@ -56,6 +56,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'docker_volume_type': 'lvmdriver-1',
'etcd_volume_size': 0,
'availability_zone': 'az_1'},
@ -105,7 +106,8 @@ class TestClusterConductorWithK8s(base.TestCase):
'kubeapi_options': '--kubeapi',
'kubecontroller_options': '--kubecontroller',
'kubescheduler_options': '--kubescheduler',
'kubeproxy_options': '--kubeproxy'},
'kubeproxy_options': '--kubeproxy',
'influx_grafana_dashboard_enabled': 'True'},
'master_flavor_id': 'master_flavor_id',
'flavor_id': 'flavor_id',
}
@ -183,6 +185,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'docker_volume_type': 'lvmdriver-1',
'etcd_volume_size': None,
'availability_zone': 'az_1',
@ -230,6 +233,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
@ -328,6 +332,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'magnum_url': 'http://127.0.0.1:9511/v1',
@ -429,6 +434,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'docker_volume_type': 'lvmdriver-1',
'etcd_volume_size': None,
'insecure_registry_url': '10.0.0.1:5000',
@ -522,6 +528,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'tls_disabled': False,
'registry_enabled': False,
'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@ -603,6 +610,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'tls_disabled': False,
'registry_enabled': False,
'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@ -781,6 +789,7 @@ class TestClusterConductorWithK8s(base.TestCase):
'prometheus_monitoring': 'False',
'grafana_admin_passwd': 'fake_pwd',
'kube_dashboard_enabled': 'True',
'influx_grafana_dashboard_enabled': 'True',
'username': 'fake_user',
'cluster_uuid': self.cluster_dict['uuid'],
'magnum_url': self.mock_osc.magnum_url.return_value,

8
magnum/tests/unit/drivers/test_template_definition.py

@ -266,6 +266,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'grafana_admin_passwd')
kube_dashboard_enabled = mock_cluster.labels.get(
'kube_dashboard_enabled')
influx_grafana_dashboard_enabled = mock_cluster.labels.get(
'influx_grafana_dashboard_enabled')
docker_volume_type = mock_cluster.labels.get(
'docker_volume_type')
etcd_volume_size = mock_cluster.labels.get(
@ -322,6 +324,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'prometheus_monitoring': prometheus_monitoring,
'grafana_admin_passwd': grafana_admin_passwd,
'kube_dashboard_enabled': kube_dashboard_enabled,
'influx_grafana_dashboard_enabled':
influx_grafana_dashboard_enabled,
'docker_volume_type': docker_volume_type,
'etcd_volume_size': etcd_volume_size,
'kubelet_options': kubelet_options,
@ -398,6 +402,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'grafana_admin_passwd')
kube_dashboard_enabled = mock_cluster.labels.get(
'kube_dashboard_enabled')
influx_grafana_dashboard_enabled = mock_cluster.labels.get(
'influx_grafana_dashboard_enabled')
docker_volume_type = mock_cluster.labels.get(
'docker_volume_type')
etcd_volume_size = mock_cluster.labels.get(
@ -454,6 +460,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
'prometheus_monitoring': prometheus_monitoring,
'grafana_admin_passwd': grafana_admin_passwd,
'kube_dashboard_enabled': kube_dashboard_enabled,
'influx_grafana_dashboard_enabled':
influx_grafana_dashboard_enabled,
'docker_volume_type': docker_volume_type,
'etcd_volume_size': etcd_volume_size,
'kubelet_options': kubelet_options,

8
releasenotes/notes/update-kubernetes-dashboard-5196831c32d55aee.yaml

@ -0,0 +1,8 @@
---
features:
- |
Update kubernetes dashboard to `v1.8.3` which is compatible via kubectl
proxy. Addionally, heapster is deployed as standalone deployemt and the
user can enable a grafana-influx stack with the
`influx_grafana_dashboard_enabled` label. See the kubernetes dashboard
documenation for more details. https://github.com/kubernetes/dashboard/wiki
Loading…
Cancel
Save