[k8s] Upgrade k8s dashboard version to v2.0.0

Heapster has been deprecated for a while and the new k8s dashboard
2.0.0 version supports metrics-server now. So it's time to upgrade
the default k8s dashboard to v2.0.0.

Task: 39101
Story: 2007256

Change-Id: I02f8cb77b472142f42ecc59a339555e60f5f38d0
This commit is contained in:
Feilong Wang 2020-03-20 15:41:37 +13:00
parent ce70da25ad
commit b4965416b1
10 changed files with 266 additions and 99 deletions

View File

@ -357,6 +357,10 @@ the table are linked to more details elsewhere in the user guide.
| `kube_dashboard_enabled`_ | - true | true | | `kube_dashboard_enabled`_ | - true | true |
| | - false | | | | - false | |
+---------------------------------------+--------------------+---------------+ +---------------------------------------+--------------------+---------------+
| `kube_dashboard_version`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `metrics_scraper_tag`_ | see below | see below |
+---------------------------------------+--------------------+---------------+
| `influx_grafana_dashboard_enabled`_ | - true | false | | `influx_grafana_dashboard_enabled`_ | - true | false |
| | - false | | | | - false | |
+---------------------------------------+--------------------+---------------+ +---------------------------------------+--------------------+---------------+
@ -1524,6 +1528,15 @@ _`containerd_tarball_sha256`
sha256 of the tarball fetched with containerd_tarball_url or from sha256 of the tarball fetched with containerd_tarball_url or from
https://storage.googleapis.com/cri-containerd-release/. https://storage.googleapis.com/cri-containerd-release/.
_`kube_dashboard_version`
Default version of Kubernetes dashboard.
Train default: v1.8.3
Ussuri default: v2.0.0
_`metrics_scraper_tag`
The version of metrics-scraper used by kubernetes dashboard.
Ussuri default: v1.0.4
External load balancer for services External load balancer for services
----------------------------------- -----------------------------------

View File

@ -12,8 +12,9 @@ do
done done
if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then
KUBE_DASH_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}kubernetes-dashboard-${ARCH}:${KUBE_DASHBOARD_VERSION}" KUBE_DASH_IMAGE="${CONTAINER_INFRA_PREFIX:-kubernetesui/}dashboard:${KUBE_DASHBOARD_VERSION}"
HEAPSTER_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-${ARCH}:v1.4.2" HEAPSTER_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-${ARCH}:v1.4.2"
METRICS_SCRAPER_IMAGE="${CONTAINER_INFRA_PREFIX:-kubernetesui/}metrics-scraper:${METRICS_SCRAPER_TAG}"
KUBE_DASH_DEPLOY=/srv/magnum/kubernetes/kubernetes-dashboard.yaml KUBE_DASH_DEPLOY=/srv/magnum/kubernetes/kubernetes-dashboard.yaml
@ -35,12 +36,33 @@ if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ];
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# Configuration to deploy release version of the Dashboard UI compatible with ---
# Kubernetes 1.8.
#
# Example usage: kubectl create -f <this_file>
# ------------------- Dashboard Secret ------------------- # apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@ -52,70 +74,117 @@ metadata:
type: Opaque type: Opaque
--- ---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kube-system
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kube-system
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kube-system
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: kube-system namespace: kube-system
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
--- ---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: kubernetes-dashboard-minimal labels:
namespace: kube-system k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules: rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. # Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: [""] - apiGroups: ["metrics.k8s.io"]
resources: ["secrets"] resources: ["pods", "nodes"]
verbs: ["create"] verbs: ["get", "list", "watch"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: kubernetes-dashboard-minimal labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system namespace: kube-system
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: kube-system subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
--- ---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -136,72 +205,120 @@ spec:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
spec: spec:
containers: containers:
- name: kubernetes-dashboard - name: kubernetes-dashboard
env: image: ${KUBE_DASH_IMAGE}
- name: POD_NAME imagePullPolicy: Always
valueFrom: ports:
fieldRef: - containerPort: 8443
fieldPath: metadata.name protocol: TCP
- name: POD_NAMESPACE args:
valueFrom: - --auto-generate-certificates
fieldRef: - --namespace=kube-system
fieldPath: metadata.namespace # Uncomment the following line to manually specify Kubernetes API server Host
- name: POD_IP # If not specified, Dashboard will attempt to auto discover the API server and connect
valueFrom: # to it. Uncomment only if the default does not work.
fieldRef: # - --apiserver-host=http://my-address:port
fieldPath: status.podIP volumeMounts:
image: ${KUBE_DASH_IMAGE} - name: kubernetes-dashboard-certs
ports: mountPath: /certs
- containerPort: 8443 # Create on-disk volume to store exec logs
protocol: TCP - mountPath: /tmp
args: name: tmp-volume
- --auto-generate-certificates livenessProbe:
- --heapster-host=heapster:80 httpGet:
# Uncomment the following line to manually specify Kubernetes API server Host scheme: HTTPS
# If not specified, Dashboard will attempt to auto discover the API server and connect path: /
# to it. Uncomment only if the default does not work. port: 8443
# - --apiserver-host=http://my-address:port initialDelaySeconds: 30
volumeMounts: timeoutSeconds: 30
- name: kubernetes-dashboard-certs securityContext:
mountPath: /certs allowPrivilegeEscalation: false
# Create on-disk volume to store exec logs readOnlyRootFilesystem: true
- mountPath: /tmp runAsUser: 1001
name: tmp-volume runAsGroup: 2001
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes: volumes:
- name: kubernetes-dashboard-certs - name: kubernetes-dashboard-certs
secret: secret:
secretName: kubernetes-dashboard-certs secretName: kubernetes-dashboard-certs
- name: tmp-volume - name: tmp-volume
emptyDir: {} emptyDir: {}
serviceAccountName: kubernetes-dashboard serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master # Comment the following tolerations if Dashboard must not be deployed on master
tolerations: tolerations:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
effect: NoSchedule effect: NoSchedule
--- ---
# ------------------- Dashboard Service ------------------- #
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: dashboard-metrics-scraper
name: kubernetes-dashboard name: dashboard-metrics-scraper
namespace: kube-system namespace: kube-system
spec: spec:
ports: ports:
- port: 443 - port: 8000
targetPort: 8443 targetPort: 8000
selector: selector:
k8s-app: kubernetes-dashboard k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
image: ${METRICS_SCRAPER_IMAGE}
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}
EOF EOF
} }

View File

@ -145,6 +145,7 @@ CONTAINERD_VERSION="$CONTAINERD_VERSION"
CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL" CONTAINERD_TARBALL_URL="$CONTAINERD_TARBALL_URL"
CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256" CONTAINERD_TARBALL_SHA256="$CONTAINERD_TARBALL_SHA256"
POST_INSTALL_MANIFEST_URL="$POST_INSTALL_MANIFEST_URL" POST_INSTALL_MANIFEST_URL="$POST_INSTALL_MANIFEST_URL"
METRICS_SCRAPER_TAG="$METRICS_SCRAPER_TAG"
EOF EOF
} }

View File

@ -114,7 +114,8 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
'draino_tag', 'autoscaler_tag', 'draino_tag', 'autoscaler_tag',
'min_node_count', 'max_node_count', 'npd_enabled', 'min_node_count', 'max_node_count', 'npd_enabled',
'ostree_remote', 'ostree_commit', 'ostree_remote', 'ostree_commit',
'use_podman', 'kube_image_digest'] 'use_podman', 'kube_image_digest',
'metrics_scraper_tag']
labels = self._get_relevant_labels(cluster, kwargs) labels = self._get_relevant_labels(cluster, kwargs)

View File

@ -495,7 +495,13 @@ parameters:
kube_dashboard_version: kube_dashboard_version:
type: string type: string
description: version of kubernetes dashboard used for kubernetes cluster description: version of kubernetes dashboard used for kubernetes cluster
default: v1.8.3 default: v2.0.0
metrics_scraper_tag:
type: string
description: >
Tag of metrics-scraper for kubernetes dashboard.
default: v1.0.4
insecure_registry_url: insecure_registry_url:
type: string type: string
@ -1221,6 +1227,7 @@ resources:
containerd_tarball_url: {get_param: containerd_tarball_url} containerd_tarball_url: {get_param: containerd_tarball_url}
containerd_tarball_sha256: {get_param: containerd_tarball_sha256} containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
post_install_manifest_url: {get_param: post_install_manifest_url} post_install_manifest_url: {get_param: post_install_manifest_url}
metrics_scraper_tag: {get_param: metrics_scraper_tag}
kube_cluster_config: kube_cluster_config:
condition: create_cluster_resources condition: create_cluster_resources

View File

@ -626,6 +626,11 @@ parameters:
Post install manifest url to setup some cloud provider/vendor Post install manifest url to setup some cloud provider/vendor
specific configs specific configs
metrics_scraper_tag:
type: string
description: >
Tag of metrics-scraper for kubernetes dashboard.
conditions: conditions:
image_based: {equals: [{get_param: boot_volume_size}, 0]} image_based: {equals: [{get_param: boot_volume_size}, 0]}
@ -812,6 +817,7 @@ resources:
"$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url} "$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url}
"$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256} "$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256}
"$POST_INSTALL_MANIFEST_URL": {get_param: post_install_manifest_url} "$POST_INSTALL_MANIFEST_URL": {get_param: post_install_manifest_url}
"$METRICS_SCRAPER_TAG": {get_param: metrics_scraper_tag}
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh - get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
- get_file: ../../common/templates/kubernetes/fragments/make-cert.sh - get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
- str_replace: - str_replace:

View File

@ -495,7 +495,13 @@ parameters:
kube_dashboard_version: kube_dashboard_version:
type: string type: string
description: version of kubernetes dashboard used for kubernetes cluster description: version of kubernetes dashboard used for kubernetes cluster
default: v1.8.3 default: v2.0.0
metrics_scraper_tag:
type: string
description: >
Tag of metrics-scraper for kubernetes dashboard.
default: v1.0.4
insecure_registry_url: insecure_registry_url:
type: string type: string
@ -1225,6 +1231,7 @@ resources:
containerd_tarball_url: {get_param: containerd_tarball_url} containerd_tarball_url: {get_param: containerd_tarball_url}
containerd_tarball_sha256: {get_param: containerd_tarball_sha256} containerd_tarball_sha256: {get_param: containerd_tarball_sha256}
post_install_manifest_url: {get_param: post_install_manifest_url} post_install_manifest_url: {get_param: post_install_manifest_url}
metrics_scraper_tag: {get_param: metrics_scraper_tag}
kube_cluster_config: kube_cluster_config:
condition: create_cluster_resources condition: create_cluster_resources

View File

@ -636,6 +636,11 @@ parameters:
Post install manifest url to setup some cloud provider/vendor Post install manifest url to setup some cloud provider/vendor
specific configs specific configs
metrics_scraper_tag:
type: string
description: >
Tag of metrics-scraper for kubernetes dashboard.
conditions: conditions:
image_based: {equals: [{get_param: boot_volume_size}, 0]} image_based: {equals: [{get_param: boot_volume_size}, 0]}
@ -825,6 +830,7 @@ resources:
"$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url} "$CONTAINERD_TARBALL_URL": {get_param: containerd_tarball_url}
"$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256} "$CONTAINERD_TARBALL_SHA256": {get_param: containerd_tarball_sha256}
"$POST_INSTALL_MANIFEST_URL": {get_param: post_install_manifest_url} "$POST_INSTALL_MANIFEST_URL": {get_param: post_install_manifest_url}
"$METRICS_SCRAPER_TAG": {get_param: metrics_scraper_tag}
- get_file: ../../common/templates/kubernetes/fragments/install-cri.sh - get_file: ../../common/templates/kubernetes/fragments/install-cri.sh
- get_file: ../../common/templates/kubernetes/fragments/make-cert.sh - get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
- str_replace: - str_replace:

View File

@ -610,6 +610,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
containerd_tarball_sha256 = mock_cluster.labels.get( containerd_tarball_sha256 = mock_cluster.labels.get(
'containerd_tarball_sha256') 'containerd_tarball_sha256')
kube_image_digest = mock_cluster.labels.get('kube_image_digest') kube_image_digest = mock_cluster.labels.get('kube_image_digest')
metrics_scraper_tag = mock_cluster.labels.get('metrics_scraper_tag')
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
@ -719,6 +720,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'containerd_tarball_url': containerd_tarball_url, 'containerd_tarball_url': containerd_tarball_url,
'containerd_tarball_sha256': containerd_tarball_sha256, 'containerd_tarball_sha256': containerd_tarball_sha256,
'post_install_manifest_url': '', 'post_install_manifest_url': '',
'metrics_scraper_tag': metrics_scraper_tag,
}} }}
mock_get_params.assert_called_once_with(mock_context, mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template, mock_cluster_template,
@ -1111,6 +1113,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
containerd_tarball_sha256 = mock_cluster.labels.get( containerd_tarball_sha256 = mock_cluster.labels.get(
'containerd_tarball_sha256') 'containerd_tarball_sha256')
kube_image_digest = mock_cluster.labels.get('kube_image_digest') kube_image_digest = mock_cluster.labels.get('kube_image_digest')
metrics_scraper_tag = mock_cluster.labels.get('metrics_scraper_tag')
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
@ -1222,6 +1225,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'containerd_tarball_url': containerd_tarball_url, 'containerd_tarball_url': containerd_tarball_url,
'containerd_tarball_sha256': containerd_tarball_sha256, 'containerd_tarball_sha256': containerd_tarball_sha256,
'post_install_manifest_url': '', 'post_install_manifest_url': '',
'metrics_scraper_tag': metrics_scraper_tag,
}} }}
mock_get_params.assert_called_once_with(mock_context, mock_get_params.assert_called_once_with(mock_context,
mock_cluster_template, mock_cluster_template,

View File

@ -0,0 +1,5 @@
---
upgrade:
- |
The default version of Kubernetes dashboard has been upgraded to v2.0.0 and
metrics-server is supported by k8s dashboard now.