Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Metrics Server as addon (#3560). #3563

Merged
merged 17 commits into from
Nov 23, 2018
Merged

Support Metrics Server as addon (#3560). #3563

Show file tree
Hide file tree
Changes from 16 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
fbf2c6e
Support Metrics Server as addon (#3560).
okamototk Oct 15, 2018
eab8fdc
Update metrics server v0.3.1.
okamototk Oct 26, 2018
2f38a67
Add metrics server test.
okamototk Oct 27, 2018
e41efa6
Replace metrics server manifests with kubernetes/cluster/addons's.
okamototk Oct 27, 2018
b7e230b
Modify metrics server manifests for kubespray.
okamototk Oct 27, 2018
d4d58fd
Follow PR#3558 node label node-role.kubernetes.io/master change
okamototk Oct 29, 2018
248acd4
Fix metrics server parameters base_metrics_server_... to metrics_serv…
okamototk Oct 29, 2018
fec91d6
Fix too hard corded metrics_server_memory_per_node
okamototk Oct 29, 2018
e37b95b
Add configurable insecure tls for metrics-apiservice
okamototk Oct 29, 2018
c73a95d
Downloadable addon-resizer and extract parameter as variables
okamototk Oct 29, 2018
04b1bd1
Remove metrics server version from deployment name
okamototk Oct 30, 2018
31306a2
Metrics Server work when all masters has node role
okamototk Oct 30, 2018
63681ba
Download metrics-server and add-resizer container only on master
okamototk Oct 30, 2018
03344cd
ServiceAccount and ConfigMap is separated and fix application name
okamototk Oct 31, 2018
80e9d58
Remove old metrics server clusterrole template
okamototk Oct 31, 2018
25874a8
Fix addon-resizer image specify
okamototk Oct 31, 2018
901f539
Make InternalIP default for metrics_server_kubelet_preferred_address_…
okamototk Oct 31, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions inventory/sample/group_vars/k8s-cluster/addons.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ registry_enabled: false
# registry_storage_class: ""
# registry_disk_size: "10Gi"

# Metrics Server deployment
metrics_server_enabled: false
# metrics_server_kubelet_insecure_tls: true
# metrics_server_metric_resolution: 60s
# metrics_server_kubelet_preferred_address_types: "InternalIP"

# Local volume provisioner deployment
local_volume_provisioner_enabled: false
# local_volume_provisioner_namespace: kube-system
Expand Down
25 changes: 25 additions & 0 deletions roles/download/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,9 @@ registry_image_repo: "registry"
registry_image_tag: "2.6"
registry_proxy_image_repo: "gcr.io/google_containers/kube-registry-proxy"
registry_proxy_image_tag: "0.4"
metrics_server_version: "v0.3.1"
metrics_server_image_repo: "k8s.gcr.io/metrics-server-amd64"
metrics_server_image_tag: "{{ metrics_server_version }}"
local_volume_provisioner_image_repo: "quay.io/external_storage/local-volume-provisioner"
local_volume_provisioner_image_tag: "v2.1.0"
cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner"
Expand All @@ -210,6 +213,9 @@ ingress_nginx_default_backend_image_tag: "1.5"
cert_manager_version: "v0.5.0"
cert_manager_controller_image_repo: "quay.io/jetstack/cert-manager-controller"
cert_manager_controller_image_tag: "{{ cert_manager_version }}"
addon_resizer_version: "1.8.3"
addon_resizer_image_repo: "k8s.gcr.io/addon-resizer"
addon_resizer_image_tag: "{{ addon_resizer_version }}"

downloads:
netcheck_server:
Expand Down Expand Up @@ -556,6 +562,25 @@ downloads:
groups:
- kube-node

metrics_server:
enabled: "{{ metrics_server_enabled }}"
container: true
repo: "{{ metrics_server_image_repo }}"
tag: "{{ metrics_server_image_tag }}"
sha256: "{{ metrics_server_digest_checksum|default(None) }}"
groups:
- kube-master

addon_resizer:
# Currently addon_resizer is only used by metrics server
enabled: "{{ metrics_server_enabled }}"
container: true
repo: "{{ addon_resizer_image_repo }}"
tag: "{{ addon_resizer_image_tag }}"
sha256: "{{ addon_resizer_digest_checksum|default(None) }}"
groups:
- kube-master

local_volume_provisioner:
enabled: "{{ local_volume_provisioner_enabled }}"
container: true
Expand Down
8 changes: 8 additions & 0 deletions roles/kubernetes-apps/meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,14 @@ dependencies:
- apps
- registry

- role: kubernetes-apps/metrics_server
when:
- metrics_server_enabled
- inventory_hostname == groups['kube-master'][0]
tags:
- apps
- metrics_server

- role: kubernetes-apps/persistent_volumes
when:
- persistent_volumes_enabled
Expand Down
12 changes: 12 additions & 0 deletions roles/kubernetes-apps/metrics_server/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
metrics_server_kubelet_insecure_tls: true
metrics_server_kubelet_preferred_address_types: "InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP"
woopstar marked this conversation as resolved.
Show resolved Hide resolved
metrics_server_metric_resolution: 60s
metrics_server_cpu: 40m
metrics_server_memory: 35Mi
metrics_server_memory_per_node: 4Mi
metrics_server_min_cluster_size: 5
addon_resizer_limits_cpu: 100m
addon_resizer_limits_memory: 300Mi
addon_resizer_requests_cpu: 5m
addon_resizer_requests_memory: 50Mi
57 changes: 57 additions & 0 deletions roles/kubernetes-apps/metrics_server/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
# If all masters have node role, there are no tainted master and toleration should not be specified.
- name: Check all masters are node or not
set_fact:
masters_are_not_tainted: "{{ groups['kube-node'] | intersect(groups['kube-master']) == groups['kube-master'] }}"

- name: Metrics Server | Delete addon dir
file:
path: "{{ kube_config_dir }}/addons/metrics_server"
state: absent
when:
- inventory_hostname == groups['kube-master'][0]
tags:
- upgrade

- name: Metrics Server | Create addon dir
file:
path: "{{ kube_config_dir }}/addons/metrics_server"
state: directory
owner: root
group: root
mode: 0755
when:
- inventory_hostname == groups['kube-master'][0]

- name: Metrics Server | Templates list
set_fact:
metrics_server_templates:
- { name: auth-delegator, file: auth-delegator.yaml, type: clusterrolebinding }
- { name: auth-reader, file: auth-reader.yaml, type: rolebinding }
- { name: metrics-server-cm, file: metrics-server-cm.yaml, type: cm }
- { name: metrics-server-sa, file: metrics-server-sa.yaml, type: sa }
- { name: metrics-server-deployment, file: metrics-server-deployment.yaml, type: deploy }
- { name: metrics-server-service, file: metrics-server-service.yaml, type: service }
- { name: metrics-apiservice, file: metrics-apiservice.yaml, type: service }
- { name: resource-reader-clusterrolebinding, file: resource-reader-clusterrolebinding.yaml, type: clusterrolebinding }
- { name: resource-reader, file: resource-reader.yaml, type: clusterrole }

- name: Metrics Server | Create manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/metrics_server/{{ item.file }}"
with_items: "{{ metrics_server_templates }}"
register: metrics_server_manifests
when:
- inventory_hostname == groups['kube-master'][0]

- name: Metrics Server | Apply manifests
kube:
name: "{{ item.item.name }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/addons/metrics_server/{{ item.item.file }}"
state: "latest"
with_items: "{{ metrics_server_manifests.results }}"
when:
- inventory_hostname == groups['kube-master'][0]
15 changes: 15 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/auth-delegator.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
16 changes: 16 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/auth-reader.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
16 changes: 16 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/metrics-apiservice.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: {{ metrics_server_kubelet_insecure_tls }}
groupPriorityMinimum: 100
versionPriority: 100
13 changes: 13 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/metrics-server-cm.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: metrics-server-config
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: EnsureExists
data:
NannyConfiguration: |-
apiVersion: nannyconfig/v1alpha1
kind: NannyConfiguration
134 changes: 134 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
app.kubernetes.io/name: metrics-server
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
version: {{ metrics_server_version }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: metrics-server
version: {{ metrics_server_version }}
template:
metadata:
name: metrics-server
labels:
app.kubernetes.io/name: metrics-server
version: {{ metrics_server_version }}
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
woopstar marked this conversation as resolved.
Show resolved Hide resolved
{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-cluster-critical
{% endif %}
serviceAccountName: metrics-server
containers:
- name: metrics-server
image: {{ metrics_server_image_repo }}:{{ metrics_server_image_tag }}
command:
- /metrics-server
{% if metrics_server_kubelet_preferred_address_types %}
- --kubelet-preferred-address-types={{ metrics_server_kubelet_preferred_address_types }}
{% endif %}
{% if metrics_server_kubelet_insecure_tls %}
- --kubelet-insecure-tls
{% endif %}
- --metric-resolution={{ metrics_server_metric_resolution }}
ports:
- containerPort: 443
name: https
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: https
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 443
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
securityContext:
# Currently non root is not supported:
# https://github.com/kubernetes-incubator/metrics-server/issues/37
#
# runAsNonRoot: true
# runAsUser: 65534
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
- name: metrics-server-nanny
image: {{ addon_resizer_image_repo }}:{{ addon_resizer_image_tag }}
resources:
limits:
woopstar marked this conversation as resolved.
Show resolved Hide resolved
cpu: {{ addon_resizer_limits_cpu }}
memory: {{ addon_resizer_limits_memory }}
requests:
cpu: {{ addon_resizer_requests_cpu }}
memory: {{ addon_resizer_requests_memory }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: metrics-server-config-volume
mountPath: /etc/config
command:
- /pod_nanny
- --config-dir=/etc/config
- --cpu={{ metrics_server_cpu }}
- --extra-cpu=0.5m
- --memory={{ metrics_server_memory }}
- --extra-memory={{ metrics_server_memory_per_node }}
- --threshold=5
- --deployment=metrics-server-{{ metrics_server_version }}
- --container=metrics-server
- --poll-period=300000
- --estimator=exponential
# Specifies the smallest cluster (defined in number of nodes)
# resources will be scaled to.
- --minClusterSize={{ metrics_server_min_cluster_size }}
volumes:
- name: metrics-server-config-volume
configMap:
name: metrics-server-config
{% if not masters_are_not_tainted %}
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
{% endif %}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- ""
9 changes: 9 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/metrics-server-sa.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
16 changes: 16 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/metrics-server-service.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
app.kubernetes.io/name: "metrics-server"
spec:
selector:
app.kubernetes.io/name: metrics-server
ports:
- port: 443
protocol: TCP
targetPort: https
16 changes: 16 additions & 0 deletions roles/kubernetes-apps/metrics_server/templates/resource-reader-clusterrolebinding.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
Loading