Merge "Update kubernetes dashboard to v1.8.3" into stable/queens
This commit is contained in:
commit
dd1a2aa3c8
|
@ -345,6 +345,9 @@ the table are linked to more details elsewhere in the user guide.
|
|||
| `kube_dashboard_enabled`_ | - true | true |
|
||||
| | - false | |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `influx_grafana_dashboard_enabled`_ | - true | false |
|
||||
| | - false | |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `docker_volume_type`_ | see below | see below |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `etcd_volume_size`_ | etcd storage | 0 |
|
||||
|
@ -1184,6 +1187,11 @@ _`kubescheduler_options`
|
|||
<https://kubernetes.io/docs/admin/kube-scheduler//>`_.
|
||||
By default no additional options are passed.
|
||||
|
||||
_`influx_grafana_dashboard_enabled`
|
||||
The kubernetes dashboard comes with heapster enabled. If this
|
||||
label is set, an influxdb and grafana instance will be deployed,
|
||||
heapster will push data to influx and grafana will project them.
|
||||
|
||||
External load balancer for services
|
||||
-----------------------------------
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ RUN dnf -y --setopt=tsflags=nodocs install \
|
|||
findutils os-collect-config os-apply-config \
|
||||
os-refresh-config dib-utils python-pip python-docker-py \
|
||||
python-yaml python-zaqarclient python2-oslo-log \
|
||||
python-psutil && dnf clean all
|
||||
python-psutil kubernetes-client && dnf clean all
|
||||
|
||||
# pip installing dpath as python-dpath is an older version of dpath
|
||||
# install docker-compose
|
||||
|
|
|
@ -1,8 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
# this service is required because docker will start only after cloud init was finished
|
||||
# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final)
|
||||
|
||||
#!/bin/bash -x
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
|
@ -11,18 +7,115 @@ if [ "$(echo $KUBE_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "false" ]
|
|||
fi
|
||||
|
||||
KUBE_DASH_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}kubernetes-dashboard-amd64:${KUBE_DASHBOARD_VERSION}"
|
||||
HEAPSTER_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-amd64:v1.4.2"
|
||||
|
||||
KUBE_DASH_DEPLOY=/srv/kubernetes/manifests/kube-dash-deploy.yaml
|
||||
KUBE_DASH_DEPLOY=/srv/magnum/kubernetes/kubernetes-dashboard.yaml
|
||||
|
||||
[ -f ${KUBE_DASH_DEPLOY} ] || {
|
||||
echo "Writing File: $KUBE_DASH_DEPLOY"
|
||||
mkdir -p $(dirname ${KUBE_DASH_DEPLOY})
|
||||
cat << EOF > ${KUBE_DASH_DEPLOY}
|
||||
kind: Deployment
|
||||
apiVersion: extensions/v1beta1
|
||||
# Copyright 2017 The Kubernetes Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Configuration to deploy release version of the Dashboard UI compatible with
|
||||
# Kubernetes 1.8.
|
||||
#
|
||||
# Example usage: kubectl create -f <this_file>
|
||||
|
||||
# ------------------- Dashboard Secret ------------------- #
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
app: kubernetes-dashboard
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard-certs
|
||||
namespace: kube-system
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Service Account ------------------- #
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
namespace: kube-system
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Role & Role Binding ------------------- #
|
||||
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: kubernetes-dashboard-minimal
|
||||
namespace: kube-system
|
||||
rules:
|
||||
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["create"]
|
||||
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps"]
|
||||
verbs: ["create"]
|
||||
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
|
||||
verbs: ["get", "update", "delete"]
|
||||
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps"]
|
||||
resourceNames: ["kubernetes-dashboard-settings"]
|
||||
verbs: ["get", "update"]
|
||||
# Allow Dashboard to get metrics from heapster.
|
||||
- apiGroups: [""]
|
||||
resources: ["services"]
|
||||
resourceNames: ["heapster"]
|
||||
verbs: ["proxy"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services/proxy"]
|
||||
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
|
||||
verbs: ["get"]
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: kubernetes-dashboard-minimal
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: kubernetes-dashboard-minimal
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kubernetes-dashboard
|
||||
namespace: kube-system
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Deployment ------------------- #
|
||||
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1beta2
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
namespace: kube-system
|
||||
spec:
|
||||
|
@ -30,114 +123,319 @@ spec:
|
|||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kubernetes-dashboard
|
||||
k8s-app: kubernetes-dashboard
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kubernetes-dashboard
|
||||
# Comment the following annotation if Dashboard must not be deployed on master
|
||||
annotations:
|
||||
scheduler.alpha.kubernetes.io/tolerations: |
|
||||
[
|
||||
{
|
||||
"key": "dedicated",
|
||||
"operator": "Equal",
|
||||
"value": "master",
|
||||
"effect": "NoSchedule"
|
||||
}
|
||||
]
|
||||
k8s-app: kubernetes-dashboard
|
||||
spec:
|
||||
containers:
|
||||
- name: kubernetes-dashboard
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
image: ${KUBE_DASH_IMAGE}
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
- containerPort: 8443
|
||||
protocol: TCP
|
||||
args:
|
||||
- --auto-generate-certificates
|
||||
- --heapster-host=heapster:80
|
||||
# Uncomment the following line to manually specify Kubernetes API server Host
|
||||
# If not specified, Dashboard will attempt to auto discover the API server and connect
|
||||
# to it. Uncomment only if the default does not work.
|
||||
# - --apiserver-host=http://my-address:port
|
||||
volumeMounts:
|
||||
- name: kubernetes-dashboard-certs
|
||||
mountPath: /certs
|
||||
# Create on-disk volume to store exec logs
|
||||
- mountPath: /tmp
|
||||
name: tmp-volume
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
scheme: HTTPS
|
||||
path: /
|
||||
port: 9090
|
||||
port: 8443
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
EOF
|
||||
}
|
||||
volumes:
|
||||
- name: kubernetes-dashboard-certs
|
||||
secret:
|
||||
secretName: kubernetes-dashboard-certs
|
||||
- name: tmp-volume
|
||||
emptyDir: {}
|
||||
serviceAccountName: kubernetes-dashboard
|
||||
# Comment the following tolerations if Dashboard must not be deployed on master
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
|
||||
---
|
||||
# ------------------- Dashboard Service ------------------- #
|
||||
|
||||
KUBE_DASH_SVC=/srv/kubernetes/manifests/kube-dash-svc.yaml
|
||||
[ -f ${KUBE_DASH_SVC} ] || {
|
||||
echo "Writing File: $KUBE_DASH_SVC"
|
||||
mkdir -p $(dirname ${KUBE_DASH_SVC})
|
||||
cat << EOF > ${KUBE_DASH_SVC}
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
labels:
|
||||
app: kubernetes-dashboard
|
||||
k8s-app: kubernetes-dashboard
|
||||
name: kubernetes-dashboard
|
||||
namespace: kube-system
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 9090
|
||||
- port: 443
|
||||
targetPort: 8443
|
||||
selector:
|
||||
app: kubernetes-dashboard
|
||||
k8s-app: kubernetes-dashboard
|
||||
---
|
||||
# Grant admin privileges to the dashboard serviceacount
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubernetes-dashboard
|
||||
labels:
|
||||
k8s-app: kubernetes-dashboard
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kubernetes-dashboard
|
||||
namespace: kube-system
|
||||
EOF
|
||||
}
|
||||
|
||||
KUBE_DASH_BIN=/usr/local/bin/kube-dash
|
||||
[ -f ${KUBE_DASH_BIN} ] || {
|
||||
echo "Writing File: $KUBE_DASH_BIN"
|
||||
mkdir -p $(dirname ${KUBE_DASH_BIN})
|
||||
cat << EOF > ${KUBE_DASH_BIN}
|
||||
#!/bin/sh
|
||||
until curl -sf "http://127.0.0.1:8080/healthz"
|
||||
do
|
||||
INFLUX_SINK=""
|
||||
# Deploy INFLUX AND GRAFANA
|
||||
if [ "$(echo $INFLUX_GRAFANA_DASHBOARD_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then
|
||||
INFLUX_SINK=" - --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086"
|
||||
INFLUX_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-influxdb-amd64:v1.3.3"
|
||||
GRAFANA_IMAGE="${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}heapster-grafana-amd64:v4.4.3"
|
||||
|
||||
INFLUX_DEPLOY=/srv/magnum/kubernetes/influxdb.yaml
|
||||
GRAFANA_DEPLOY=/srv/magnum/kubernetes/grafana.yaml
|
||||
|
||||
[ -f ${INFLUX_DEPLOY} ] || {
|
||||
echo "Writing File: $INFLUX_DEPLOY"
|
||||
mkdir -p $(dirname ${INFLUX_DEPLOY})
|
||||
cat << EOF > ${INFLUX_DEPLOY}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: monitoring-influxdb
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
task: monitoring
|
||||
k8s-app: influxdb
|
||||
spec:
|
||||
containers:
|
||||
- name: influxdb
|
||||
image: ${INFLUX_IMAGE}
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: influxdb-storage
|
||||
volumes:
|
||||
- name: influxdb-storage
|
||||
emptyDir: {}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
task: monitoring
|
||||
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
|
||||
# If you are NOT using this as an addon, you should comment out this line.
|
||||
# kubernetes.io/cluster-service: 'true'
|
||||
kubernetes.io/name: monitoring-influxdb
|
||||
name: monitoring-influxdb
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- port: 8086
|
||||
targetPort: 8086
|
||||
selector:
|
||||
k8s-app: influxdb
|
||||
EOF
|
||||
}
|
||||
|
||||
[ -f ${GRAFANA_DEPLOY} ] || {
|
||||
echo "Writing File: $GRAFANA_DEPLOY"
|
||||
mkdir -p $(dirname ${GRAFANA_DEPLOY})
|
||||
cat << EOF > ${GRAFANA_DEPLOY}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: monitoring-grafana
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
task: monitoring
|
||||
k8s-app: grafana
|
||||
spec:
|
||||
containers:
|
||||
- name: grafana
|
||||
image: ${GRAFANA_IMAGE}
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ca-certificates
|
||||
readOnly: true
|
||||
- mountPath: /var
|
||||
name: grafana-storage
|
||||
env:
|
||||
- name: INFLUXDB_HOST
|
||||
value: monitoring-influxdb
|
||||
- name: GF_SERVER_HTTP_PORT
|
||||
value: "3000"
|
||||
# The following env variables are required to make Grafana accessible via
|
||||
# the kubernetes api-server proxy. On production clusters, we recommend
|
||||
# removing these env variables, setup auth for grafana, and expose the grafana
|
||||
# service using a LoadBalancer or a public IP.
|
||||
- name: GF_AUTH_BASIC_ENABLED
|
||||
value: "false"
|
||||
- name: GF_AUTH_ANONYMOUS_ENABLED
|
||||
value: "true"
|
||||
- name: GF_AUTH_ANONYMOUS_ORG_ROLE
|
||||
value: Admin
|
||||
- name: GF_SERVER_ROOT_URL
|
||||
# If you're only using the API Server proxy, set this value instead:
|
||||
# value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
|
||||
value: /
|
||||
volumes:
|
||||
- name: ca-certificates
|
||||
hostPath:
|
||||
path: /etc/ssl/certs
|
||||
- name: grafana-storage
|
||||
emptyDir: {}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
|
||||
# If you are NOT using this as an addon, you should comment out this line.
|
||||
# kubernetes.io/cluster-service: 'true'
|
||||
kubernetes.io/name: monitoring-grafana
|
||||
name: monitoring-grafana
|
||||
namespace: kube-system
|
||||
spec:
|
||||
# In a production setup, we recommend accessing Grafana through an external Loadbalancer
|
||||
# or through a public IP.
|
||||
# type: LoadBalancer
|
||||
# You could also use NodePort to expose the service at a randomly-generated port
|
||||
# type: NodePort
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 3000
|
||||
selector:
|
||||
k8s-app: grafana
|
||||
EOF
|
||||
}
|
||||
|
||||
echo "Waiting for Kubernetes API..."
|
||||
until curl --silent "http://127.0.0.1:8080/version"
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
|
||||
kubectl apply --validate=false -f $INFLUX_DEPLOY
|
||||
kubectl apply --validate=false -f $GRAFANA_DEPLOY
|
||||
fi
|
||||
|
||||
# Deploy Heapster
|
||||
HEAPSTER_DEPLOY=/srv/magnum/kubernetes/heapster-controller.yaml
|
||||
|
||||
[ -f ${HEAPSTER_DEPLOY} ] || {
|
||||
echo "Writing File: $HEAPSTER_DEPLOY"
|
||||
mkdir -p $(dirname ${HEAPSTER_DEPLOY})
|
||||
cat << EOF > ${HEAPSTER_DEPLOY}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: heapster
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: heapster
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
task: monitoring
|
||||
k8s-app: heapster
|
||||
spec:
|
||||
serviceAccountName: heapster
|
||||
containers:
|
||||
- name: heapster
|
||||
image: ${HEAPSTER_IMAGE}
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /heapster
|
||||
- --source=kubernetes:https://kubernetes.default
|
||||
${INFLUX_SINK}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
task: monitoring
|
||||
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
|
||||
# If you are NOT using this as an addon, you should comment out this line.
|
||||
kubernetes.io/cluster-service: 'true'
|
||||
kubernetes.io/name: Heapster
|
||||
name: heapster
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 8082
|
||||
selector:
|
||||
k8s-app: heapster
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: heapster
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:heapster
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: heapster
|
||||
namespace: kube-system
|
||||
EOF
|
||||
}
|
||||
|
||||
echo "Waiting for Kubernetes API..."
|
||||
until curl --silent "http://127.0.0.1:8080/version"
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
|
||||
#echo check for existence of kubernetes-dashboard deployment
|
||||
/usr/bin/kubectl get deployment kubernetes-dashboard --namespace=kube-system
|
||||
|
||||
if [ "\$?" != "0" ]; then
|
||||
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-deploy.yaml --namespace=kube-system
|
||||
fi
|
||||
|
||||
#echo check for existence of kubernetes-dashboard service
|
||||
/usr/bin/kubectl get service kubernetes-dashboard --namespace=kube-system
|
||||
|
||||
if [ "\$?" != "0" ]; then
|
||||
/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-dash-svc.yaml --namespace=kube-system
|
||||
fi
|
||||
EOF
|
||||
}
|
||||
|
||||
KUBE_DASH_SERVICE=/etc/systemd/system/kube-dash.service
|
||||
[ -f ${KUBE_DASH_SERVICE} ] || {
|
||||
echo "Writing File: $KUBE_DASH_SERVICE"
|
||||
mkdir -p $(dirname ${KUBE_DASH_SERVICE})
|
||||
cat << EOF > ${KUBE_DASH_SERVICE}
|
||||
[Unit]
|
||||
Description=Enable kubernetes dashboard
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment=HOME=/root
|
||||
EnvironmentFile=-/etc/kubernetes/config
|
||||
ExecStart=${KUBE_DASH_BIN}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
}
|
||||
|
||||
chown root:root ${KUBE_DASH_BIN}
|
||||
chmod 0755 ${KUBE_DASH_BIN}
|
||||
|
||||
chown root:root ${KUBE_DASH_SERVICE}
|
||||
chmod 0644 ${KUBE_DASH_SERVICE}
|
||||
|
||||
systemctl enable kube-dash
|
||||
systemctl start --no-block kube-dash
|
||||
kubectl apply --validate=false -f $KUBE_DASH_DEPLOY
|
||||
kubectl apply --validate=false -f $HEAPSTER_DEPLOY
|
||||
|
|
|
@ -31,6 +31,7 @@ write_files:
|
|||
CLUSTER_SUBNET="$CLUSTER_SUBNET"
|
||||
TLS_DISABLED="$TLS_DISABLED"
|
||||
KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
|
||||
INFLUX_GRAFANA_DASHBOARD_ENABLED="$INFLUX_GRAFANA_DASHBOARD_ENABLED"
|
||||
VERIFY_CA="$VERIFY_CA"
|
||||
CLUSTER_UUID="$CLUSTER_UUID"
|
||||
MAGNUM_URL="$MAGNUM_URL"
|
||||
|
|
|
@ -121,7 +121,8 @@ class K8sTemplateDefinition(template_def.BaseTemplateDefinition):
|
|||
'kubeapi_options',
|
||||
'kubeproxy_options',
|
||||
'kubecontroller_options',
|
||||
'kubescheduler_options']
|
||||
'kubescheduler_options',
|
||||
'influx_grafana_dashboard_enabled']
|
||||
|
||||
for label in label_list:
|
||||
extra_params[label] = cluster.labels.get(label)
|
||||
|
|
|
@ -155,6 +155,11 @@ parameters:
|
|||
description: whether or not to disable kubernetes dashboard
|
||||
default: True
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: Enable influxdb with grafana dashboard for data from heapster
|
||||
default: False
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
@ -459,6 +464,7 @@ resources:
|
|||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
|
||||
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
|
||||
verify_ca: {get_param: verify_ca}
|
||||
secgroup_kube_master_id: {get_resource: secgroup_master}
|
||||
http_proxy: {get_param: http_proxy}
|
||||
|
|
|
@ -115,6 +115,10 @@ parameters:
|
|||
type: boolean
|
||||
description: whether or not to disable kubernetes dashboard
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: whether or not to disable kubernetes dashboard
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
@ -293,6 +297,7 @@ resources:
|
|||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
"$VERIFY_CA": {get_param: verify_ca}
|
||||
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
|
||||
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: enable_influx_grafana_dashboard}
|
||||
"$KUBE_VERSION": {get_param: kube_version}
|
||||
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
|
||||
"$CLUSTER_UUID": {get_param: cluster_uuid}
|
||||
|
|
|
@ -250,6 +250,11 @@ parameters:
|
|||
description: whether or not to enable kubernetes dashboard
|
||||
default: True
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: Enable influxdb with grafana dashboard for data from heapster
|
||||
default: False
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
@ -333,7 +338,7 @@ parameters:
|
|||
kube_dashboard_version:
|
||||
type: string
|
||||
description: version of kubernetes dashboard used for kubernetes cluster
|
||||
default: v1.5.1
|
||||
default: v1.8.3
|
||||
|
||||
insecure_registry_url:
|
||||
type: string
|
||||
|
@ -631,6 +636,7 @@ resources:
|
|||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
|
||||
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
|
||||
verify_ca: {get_param: verify_ca}
|
||||
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
|
||||
http_proxy: {get_param: http_proxy}
|
||||
|
|
|
@ -112,6 +112,10 @@ parameters:
|
|||
type: boolean
|
||||
description: whether or not to disable kubernetes dashboard
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: Enable influxdb with grafana dashboard for data from heapster
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
@ -410,6 +414,7 @@ resources:
|
|||
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
|
||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
|
||||
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
|
||||
"$VERIFY_CA": {get_param: verify_ca}
|
||||
"$CLUSTER_UUID": {get_param: cluster_uuid}
|
||||
"$MAGNUM_URL": {get_param: magnum_url}
|
||||
|
@ -512,12 +517,6 @@ resources:
|
|||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh}
|
||||
|
||||
kube_ui_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
|
||||
|
||||
core_dns_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
|
@ -567,7 +566,6 @@ resources:
|
|||
- config: {get_resource: network_config_service}
|
||||
- config: {get_resource: kube_apiserver_to_kubelet_role}
|
||||
- config: {get_resource: core_dns_service}
|
||||
- config: {get_resource: kube_ui_service}
|
||||
- config: {get_resource: master_wc_notify}
|
||||
|
||||
enable_prometheus_monitoring:
|
||||
|
@ -638,6 +636,20 @@ resources:
|
|||
server: {get_resource: kube-master}
|
||||
actions: ['CREATE']
|
||||
|
||||
kubernetes_dashboard:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: script
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
|
||||
|
||||
kubernetes_dashboard_deployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
properties:
|
||||
signal_transport: HEAT_SIGNAL
|
||||
config: {get_resource: kubernetes_dashboard}
|
||||
server: {get_resource: kube-master}
|
||||
actions: ['CREATE']
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# a single kubernetes master.
|
||||
|
|
|
@ -248,6 +248,11 @@ parameters:
|
|||
description: whether or not to disable kubernetes dashboard
|
||||
default: True
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: Enable influxdb with grafana dashboard for data from heapster
|
||||
default: False
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
@ -510,6 +515,7 @@ resources:
|
|||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
|
||||
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
|
||||
verify_ca: {get_param: verify_ca}
|
||||
secgroup_base_id: {get_resource: secgroup_base}
|
||||
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
|
||||
|
|
|
@ -97,6 +97,10 @@ parameters:
|
|||
type: boolean
|
||||
description: whether or not to disable kubernetes dashboard
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: Enable influxdb with grafana dashboard for data from heapster
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
@ -299,6 +303,7 @@ resources:
|
|||
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
|
||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
|
||||
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
|
||||
"$VERIFY_CA": {get_param: verify_ca}
|
||||
"$CLUSTER_UUID": {get_param: cluster_uuid}
|
||||
"$MAGNUM_URL": {get_param: magnum_url}
|
||||
|
|
|
@ -56,6 +56,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'docker_volume_type': 'lvmdriver-1',
|
||||
'etcd_volume_size': 0,
|
||||
'availability_zone': 'az_1'},
|
||||
|
@ -105,7 +106,8 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'kubeapi_options': '--kubeapi',
|
||||
'kubecontroller_options': '--kubecontroller',
|
||||
'kubescheduler_options': '--kubescheduler',
|
||||
'kubeproxy_options': '--kubeproxy'},
|
||||
'kubeproxy_options': '--kubeproxy',
|
||||
'influx_grafana_dashboard_enabled': 'True'},
|
||||
'master_flavor_id': 'master_flavor_id',
|
||||
'flavor_id': 'flavor_id',
|
||||
}
|
||||
|
@ -183,6 +185,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'docker_volume_type': 'lvmdriver-1',
|
||||
'etcd_volume_size': None,
|
||||
'availability_zone': 'az_1',
|
||||
|
@ -230,6 +233,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'http_proxy': 'http_proxy',
|
||||
'https_proxy': 'https_proxy',
|
||||
'no_proxy': 'no_proxy',
|
||||
|
@ -328,6 +332,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'http_proxy': 'http_proxy',
|
||||
'https_proxy': 'https_proxy',
|
||||
'magnum_url': 'http://127.0.0.1:9511/v1',
|
||||
|
@ -429,6 +434,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'docker_volume_type': 'lvmdriver-1',
|
||||
'etcd_volume_size': None,
|
||||
'insecure_registry_url': '10.0.0.1:5000',
|
||||
|
@ -522,6 +528,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'tls_disabled': False,
|
||||
'registry_enabled': False,
|
||||
'trustee_domain_id': self.mock_keystone.trustee_domain_id,
|
||||
|
@ -603,6 +610,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'tls_disabled': False,
|
||||
'registry_enabled': False,
|
||||
'trustee_domain_id': self.mock_keystone.trustee_domain_id,
|
||||
|
@ -781,6 +789,7 @@ class TestClusterConductorWithK8s(base.TestCase):
|
|||
'prometheus_monitoring': 'False',
|
||||
'grafana_admin_passwd': 'fake_pwd',
|
||||
'kube_dashboard_enabled': 'True',
|
||||
'influx_grafana_dashboard_enabled': 'True',
|
||||
'username': 'fake_user',
|
||||
'cluster_uuid': self.cluster_dict['uuid'],
|
||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||
|
|
|
@ -266,6 +266,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
|
|||
'grafana_admin_passwd')
|
||||
kube_dashboard_enabled = mock_cluster.labels.get(
|
||||
'kube_dashboard_enabled')
|
||||
influx_grafana_dashboard_enabled = mock_cluster.labels.get(
|
||||
'influx_grafana_dashboard_enabled')
|
||||
docker_volume_type = mock_cluster.labels.get(
|
||||
'docker_volume_type')
|
||||
etcd_volume_size = mock_cluster.labels.get(
|
||||
|
@ -322,6 +324,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
|
|||
'prometheus_monitoring': prometheus_monitoring,
|
||||
'grafana_admin_passwd': grafana_admin_passwd,
|
||||
'kube_dashboard_enabled': kube_dashboard_enabled,
|
||||
'influx_grafana_dashboard_enabled':
|
||||
influx_grafana_dashboard_enabled,
|
||||
'docker_volume_type': docker_volume_type,
|
||||
'etcd_volume_size': etcd_volume_size,
|
||||
'kubelet_options': kubelet_options,
|
||||
|
@ -398,6 +402,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
|
|||
'grafana_admin_passwd')
|
||||
kube_dashboard_enabled = mock_cluster.labels.get(
|
||||
'kube_dashboard_enabled')
|
||||
influx_grafana_dashboard_enabled = mock_cluster.labels.get(
|
||||
'influx_grafana_dashboard_enabled')
|
||||
docker_volume_type = mock_cluster.labels.get(
|
||||
'docker_volume_type')
|
||||
etcd_volume_size = mock_cluster.labels.get(
|
||||
|
@ -454,6 +460,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
|
|||
'prometheus_monitoring': prometheus_monitoring,
|
||||
'grafana_admin_passwd': grafana_admin_passwd,
|
||||
'kube_dashboard_enabled': kube_dashboard_enabled,
|
||||
'influx_grafana_dashboard_enabled':
|
||||
influx_grafana_dashboard_enabled,
|
||||
'docker_volume_type': docker_volume_type,
|
||||
'etcd_volume_size': etcd_volume_size,
|
||||
'kubelet_options': kubelet_options,
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Update kubernetes dashboard to `v1.8.3` which is compatible via kubectl
|
||||
proxy. Addionally, heapster is deployed as standalone deployemt and the
|
||||
user can enable a grafana-influx stack with the
|
||||
`influx_grafana_dashboard_enabled` label. See the kubernetes dashboard
|
||||
documenation for more details. https://github.com/kubernetes/dashboard/wiki
|
Loading…
Reference in New Issue