Add Kubernetes UI

All services (except kublet) in Kubernetes can be run in container
(http://kubernetes.io/v1.0/docs/user-guide/ui.html)

Partially-Implements: blueprint run-kube-as-container
Change-Id: Idb499e6d5b9c2805b192bc23425238cf8a55e86e

doc/source/dev/dev-tls.rst

@@ -240,6 +240,20 @@ Now you can use kubectl commands without extra flags::
     NAME           READY     STATUS    RESTARTS   AGE
     redis-master   2/2       Running   0          1m
 
+Access to Kubernetes User Interface::
+
+    curl -L ${KUBERNETES_URL}/ui --cacert ca.crt --key client.key \
+        --cert client.crt
+
+    You may also set up kubectl proxy which will use your client certificate to allow you to
+    browse to a local address to use the UI without installing a certificate in your browser.
+
+    kubectl proxy --api-prefix=/ --certificate-authority=ca.crt --client-key=client.key \
+                  --client-certificate=client.crt -s $KUBERNETES_URL
+
+    Open http://localhost:8001/ui in your browser
+
+
 Once you have all of these pieces, you can configure your native client. Below
 is an example for Docker.
 

magnum/templates/kubernetes/fragments/configure-kubernetes-minion.sh

@@ -20,11 +20,12 @@ sed -i '
   /^KUBE_MASTER=/ s|=.*|="--master='"$KUBE_MASTER_URI"'"|
 ' /etc/kubernetes/config
 
+KUBELET_ARGS="--cadvisor-port=4194 $KUBE_CONFIG"
 sed -i '
   /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
   /^KUBELET_HOSTNAME=/ s/=.*/=""/
   /^KUBELET_API_SERVER=/ s|=.*|="--api_servers='"$KUBE_MASTER_URI"'"|
-  /^KUBELET_ARGS=/ s|=.*|='"$KUBE_CONFIG"'|
+  /^KUBELET_ARGS=/ s|=.*|='"$KUBELET_ARGS"'|
 ' /etc/kubernetes/kubelet
 
 sed -i '

magnum/templates/kubernetes/fragments/kube-ui-service.sh

@@ -0,0 +1,114 @@
+#!/bin/sh
+
+# this service is required because docker will start only after cloud init was finished
+# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
+
+
+. /etc/sysconfig/heat-params
+
+KUBE_UI_RC=/srv/kubernetes/manifests/kube-ui-rc.yaml
+[ -f ${KUBE_UI_RC} ] || {
+    echo "Writing File: $KUBE_UI_RC"
+    mkdir -p $(dirname ${KUBE_UI_RC})
+    cat << EOF > ${KUBE_UI_RC}
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: kube-ui-v1
+  namespace: kube-system
+  labels:
+    k8s-app: kube-ui
+    version: v1
+    kubernetes.io/cluster-service: "true"
+spec:
+  replicas: 1
+  selector:
+    k8s-app: kube-ui
+    version: v1
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-ui
+        version: v1
+        kubernetes.io/cluster-service: "true"
+    spec:
+      containers:
+      - name: kube-ui
+        image: gcr.io/google_containers/kube-ui:v1.1
+        resources:
+          limits:
+            cpu: 100m
+            memory: 50Mi
+        ports:
+        - containerPort: 8080
+EOF
+}
+
+KUBE_UI_SVC=/srv/kubernetes/manifests/kube-ui-svc.yaml
+[ -f ${KUBE_UI_SVC} ] || {
+    echo "Writing File: $KUBE_UI_SVC"
+    mkdir -p $(dirname ${KUBE_UI_SVC})
+    cat << EOF > ${KUBE_UI_SVC}
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-ui
+  namespace: kube-system
+  labels:
+    k8s-app: kube-ui
+    kubernetes.io/cluster-service: "true"
+    kubernetes.io/name: "KubeUI"
+spec:
+  selector:
+    k8s-app: kube-ui
+  ports:
+  - port: 80
+    targetPort: 8080
+EOF
+}
+
+KUBE_UI_BIN=/usr/local/bin/kube-ui
+[ -f ${KUBE_UI_BIN} ] || {
+    echo "Writing File: $KUBE_UI_BIN"
+    mkdir -p $(dirname ${KUBE_UI_BIN})
+    cat << EOF > ${KUBE_UI_BIN}
+#!/bin/sh
+until curl -sf "http://127.0.0.1:8080/healthz"
+do
+    echo "Waiting for Kubernetes API..."
+    sleep 5
+done
+
+/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-rc.yaml --namespace=kube-system
+/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-svc.yaml --namespace=kube-system
+EOF
+}
+
+KUBE_UI_SERVICE=/etc/systemd/system/kube-ui.service
+[ -f ${KUBE_UI_SERVICE} ] || {
+    echo "Writing File: $KUBE_UI_SERVICE"
+    mkdir -p $(dirname ${KUBE_UI_SERVICE})
+    cat << EOF > ${KUBE_UI_SERVICE}
+[Unit]
+After=kube-system-namespace
+Requires=kubelet.service
+Requires=kube-system-namespace.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=-/etc/kubernetes/config
+ExecStart=${KUBE_UI_BIN}
+
+[Install]
+WantedBy=multi-user.target
+EOF
+}
+
+chown root:root ${KUBE_UI_BIN}
+chmod 0755 ${KUBE_UI_BIN}
+
+chown root:root ${KUBE_UI_SERVICE}
+chmod 0644 ${KUBE_UI_SERVICE}
+
+systemctl enable kube-ui
+systemctl start --no-block kube-ui

magnum/templates/kubernetes/kubemaster.yaml

@@ -269,6 +269,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/kube-system-namespace-service.sh}
 
+  kube_ui_service:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/kube-ui-service.sh}
+
   master_wc_notify:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -311,6 +317,7 @@ resources:
         - config: {get_resource: network_service}
         - config: {get_resource: kube_system_namespace_service}
         - config: {get_resource: enable_kube_podmaster}
+        - config: {get_resource: kube_ui_service}
         - config: {get_resource: kube_examples}
         - config: {get_resource: master_wc_notify}