Metrics Server Armada App
Metrics Server integrates with starlingX throught an Armada App. The charts on this review was based on https://github.com/kubernetes-sigs/metrics-server/pull/670. The Armada App will deploy one replica in one of the kubernetes masters(controllers). Because of that, there is a node selector configured in the Armada App manifest. Besides that, there is a required label, that is included in the Helm Chart, the "app: metrics-server". This label is used by System Inventory to manage the Armada App lifecycle. Since there is no need to have any integration with System Inventory, there is no plan to develop a plugin for this Armada App. This commit was tested in the version 20.06 of StarlingX using an containerized application that could retrieve Metrics Server data, and also it was testing scaling horizontally an containerized application. Is possible to find the implementation of both of the mentioned tests in this review https://review.opendev.org/c/starlingx/metrics-server-armada-app/+/776162/1 Story: 2008457 Task: 41905 Change-Id: I29ee0ebbcfeddafd7c598166014bd076246e5862 Signed-off-by: Pedro Sliuzas <PedroLuisMarques.Sliuzas@windriver.com>
This commit is contained in:
parent
9fa1ccbdba
commit
e2a8845d0e
8
.zuul.yaml
Normal file
8
.zuul.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- project:
|
||||||
|
check:
|
||||||
|
jobs:
|
||||||
|
- openstack-tox-linters
|
||||||
|
gate:
|
||||||
|
jobs:
|
||||||
|
- openstack-tox-linters
|
1
centos_build_layer.cfg
Normal file
1
centos_build_layer.cfg
Normal file
@ -0,0 +1 @@
|
|||||||
|
flock
|
1
centos_iso_image.inc
Normal file
1
centos_iso_image.inc
Normal file
@ -0,0 +1 @@
|
|||||||
|
stx-metrics-server-helm
|
1
centos_pkg_dirs
Normal file
1
centos_pkg_dirs
Normal file
@ -0,0 +1 @@
|
|||||||
|
stx-metrics-server-helm
|
1
centos_pkg_dirs_containers
Normal file
1
centos_pkg_dirs_containers
Normal file
@ -0,0 +1 @@
|
|||||||
|
stx-metrics-server-helm
|
1
requirements.txt
Normal file
1
requirements.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
# Nothing
|
7
stx-metrics-server-helm/centos/build_srpm.data
Normal file
7
stx-metrics-server-helm/centos/build_srpm.data
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
SRC_DIR="stx-metrics-server-helm"
|
||||||
|
|
||||||
|
TIS_PATCH_VER=GITREVCOUNT
|
||||||
|
SRC_BASE_SRCREV=9fa1ccbdbae09c9726642bfbb5b20e27cd729f2c
|
||||||
|
COPY_LIST_TO_TAR="\
|
||||||
|
$STX_BASE/helm-charts/psp-rolebinding/psp-rolebinding/helm-charts \
|
||||||
|
"
|
76
stx-metrics-server-helm/centos/stx-metrics-server-helm.spec
Normal file
76
stx-metrics-server-helm/centos/stx-metrics-server-helm.spec
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
# Application tunables (maps to metadata)
|
||||||
|
%global app_name metrics-server
|
||||||
|
%global helm_repo stx-platform
|
||||||
|
%global helm_folder /usr/lib/helm
|
||||||
|
%global armada_folder /usr/lib/armada
|
||||||
|
%global app_folder /usr/local/share/applications/helm
|
||||||
|
%global helmchart_version 0.1.0
|
||||||
|
|
||||||
|
|
||||||
|
Summary: StarlingX Metrics Server Armada Helm Charts
|
||||||
|
Name: stx-metrics-server-helm
|
||||||
|
Version: 1.0
|
||||||
|
Release: %{tis_patch_ver}%{?_tis_dist}
|
||||||
|
License: Apache-2.0
|
||||||
|
Group: base
|
||||||
|
Packager: Wind River <info@windriver.com>
|
||||||
|
URL: unknown
|
||||||
|
|
||||||
|
Source0: %{name}-%{version}.tar.gz
|
||||||
|
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
BuildRequires: helm
|
||||||
|
BuildRequires: chartmuseum
|
||||||
|
|
||||||
|
%description
|
||||||
|
StarlingX Metrics Server Armada Helm Charts
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup
|
||||||
|
|
||||||
|
%build
|
||||||
|
# Host a server for the charts
|
||||||
|
chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." &
|
||||||
|
sleep 2
|
||||||
|
helm repo add local http://localhost:8879/charts
|
||||||
|
|
||||||
|
# Make the charts. These produce a tgz file
|
||||||
|
cd helm-charts
|
||||||
|
make
|
||||||
|
cd -
|
||||||
|
|
||||||
|
# terminate helm server (the last backgrounded task)
|
||||||
|
kill %1
|
||||||
|
|
||||||
|
# Create a chart tarball compliant with sysinv kube-app.py
|
||||||
|
%define app_staging %{_builddir}/staging
|
||||||
|
%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz
|
||||||
|
|
||||||
|
# Setup staging
|
||||||
|
mkdir -p %{app_staging}
|
||||||
|
cp files/metadata.yaml %{app_staging}
|
||||||
|
cp manifests/*.yaml %{app_staging}
|
||||||
|
mkdir -p %{app_staging}/charts
|
||||||
|
cp helm-charts/*.tgz %{app_staging}/charts
|
||||||
|
cd %{app_staging}
|
||||||
|
|
||||||
|
# Populate metadata
|
||||||
|
sed -i 's/@APP_NAME@/%{app_name}/g' %{app_staging}/metadata.yaml
|
||||||
|
sed -i 's/@APP_VERSION@/%{version}-%{tis_patch_ver}/g' %{app_staging}/metadata.yaml
|
||||||
|
sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml
|
||||||
|
|
||||||
|
# package it up
|
||||||
|
find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
|
||||||
|
tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ .
|
||||||
|
|
||||||
|
# Cleanup staging
|
||||||
|
rm -fr %{app_staging}
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -d -m 755 %{buildroot}/%{app_folder}
|
||||||
|
install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder}
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root,-)
|
||||||
|
%{app_folder}/*
|
@ -0,0 +1,3 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
entries: {}
|
||||||
|
generated: 2019-01-07T12:33:46.098166523-06:00
|
@ -0,0 +1,5 @@
|
|||||||
|
maintain_user_overrides: true
|
||||||
|
|
||||||
|
app_name: @APP_NAME@
|
||||||
|
app_version: @APP_VERSION@
|
||||||
|
helm_repo: @HELM_REPO@
|
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
generated: 2019-01-02T15:19:36.215111369-06:00
|
||||||
|
repositories:
|
||||||
|
- caFile: ""
|
||||||
|
cache: /builddir/.helm/repository/cache/local-index.yaml
|
||||||
|
certFile: ""
|
||||||
|
keyFile: ""
|
||||||
|
name: local
|
||||||
|
password: ""
|
||||||
|
url: http://127.0.0.1:8879/charts
|
||||||
|
username: ""
|
||||||
|
|
@ -0,0 +1,43 @@
|
|||||||
|
#
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Copyright (c) 2018 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
# It's necessary to set this because some environments don't link sh -> bash.
|
||||||
|
SHELL := /bin/bash
|
||||||
|
TASK := build
|
||||||
|
|
||||||
|
EXCLUDES := helm-toolkit doc tests tools logs tmp
|
||||||
|
CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
|
||||||
|
|
||||||
|
.PHONY: $(EXCLUDES) $(CHARTS)
|
||||||
|
|
||||||
|
all: $(CHARTS)
|
||||||
|
|
||||||
|
$(CHARTS):
|
||||||
|
@if [ -d $@ ]; then \
|
||||||
|
echo; \
|
||||||
|
echo "===== Processing [$@] chart ====="; \
|
||||||
|
make $(TASK)-$@; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
init-%:
|
||||||
|
if [ -f $*/Makefile ]; then make -C $*; fi
|
||||||
|
if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
|
||||||
|
|
||||||
|
lint-%: init-%
|
||||||
|
if [ -d $* ]; then helm lint $*; fi
|
||||||
|
|
||||||
|
build-%: lint-%
|
||||||
|
if [ -d $* ]; then helm package $*; fi
|
||||||
|
|
||||||
|
clean:
|
||||||
|
@echo "Clean all build artifacts"
|
||||||
|
rm -f */templates/_partials.tpl */templates/_globals.tpl
|
||||||
|
rm -f *tgz */charts/*tgz */requirements.lock
|
||||||
|
rm -rf */charts */tmpcharts
|
||||||
|
|
||||||
|
%:
|
||||||
|
@:
|
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: metrics-server
|
||||||
|
description: Helm chart for the Kubernetes Metrics Server.
|
||||||
|
type: application
|
||||||
|
version: 1.0.0
|
||||||
|
appVersion: 0.4.1
|
||||||
|
keywords:
|
||||||
|
- kubernetes
|
||||||
|
- metrics-server
|
||||||
|
- metrics
|
||||||
|
home: https://github.com/kubernetes-sigs/metrics-server
|
||||||
|
icon: https://avatars.githubusercontent.com/u/36015203?s=400&v=4
|
||||||
|
sources:
|
||||||
|
- https://github.com/kubernetes-sigs/metrics-server
|
@ -0,0 +1,62 @@
|
|||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "metrics-server.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "metrics-server.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride }}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||||
|
{{- if contains $name .Release.Name }}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "metrics-server.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "metrics-server.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "metrics-server.chart" . }}
|
||||||
|
{{ include "metrics-server.selectorLabels" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Selector labels
|
||||||
|
*/}}
|
||||||
|
{{- define "metrics-server.selectorLabels" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "metrics-server.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "metrics-server.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
{{- default (include "metrics-server.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,17 @@
|
|||||||
|
{{- if .Values.apiService.create -}}
|
||||||
|
apiVersion: apiregistration.k8s.io/v1
|
||||||
|
kind: APIService
|
||||||
|
metadata:
|
||||||
|
name: v1beta1.metrics.k8s.io
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
group: metrics.k8s.io
|
||||||
|
groupPriorityMinimum: 100
|
||||||
|
insecureSkipTLSVerify: true
|
||||||
|
service:
|
||||||
|
name: {{ include "metrics-server.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
version: v1beta1
|
||||||
|
versionPriority: 100
|
||||||
|
{{- end -}}
|
@ -0,0 +1,21 @@
|
|||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "system:%s-aggregated-reader" (include "metrics-server.name" .) }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- metrics.k8s.io
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- nodes
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
{{- end -}}
|
@ -0,0 +1,32 @@
|
|||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "system:%s" (include "metrics-server.fullname" .) }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- nodes
|
||||||
|
- nodes/stats
|
||||||
|
- namespaces
|
||||||
|
- configmaps
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
{{- if .Values.rbac.pspEnabled }}
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- podsecuritypolicies
|
||||||
|
resourceNames:
|
||||||
|
- {{ printf "privileged-%s" (include "metrics-server.fullname" .) }}
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,16 @@
|
|||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s:system:auth-delegator" (include "metrics-server.fullname" .) }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:auth-delegator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "metrics-server.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,16 @@
|
|||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "system:%s" (include "metrics-server.fullname" .) }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:{{ template "metrics-server.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "metrics-server.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,79 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "metrics-server.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
replicas: {{ .Values.replicas }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "metrics-server.selectorLabels" . | nindent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
{{- with .Values.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.selectorLabels" . | nindent 8 }}
|
||||||
|
app: metrics-server
|
||||||
|
spec:
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: {{ include "metrics-server.serviceAccountName" . }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||||
|
{{- with .Values.priorityClassName }}
|
||||||
|
priorityClassName: {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.hostNetwork.enabled }}
|
||||||
|
hostNetwork: true
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||||
|
image: {{ printf "%s:%s" .Values.image.repository (.Values.image.tag | default (printf "v%s" .Chart.AppVersion)) }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
args:
|
||||||
|
- --cert-dir=/tmp
|
||||||
|
- --secure-port=4443
|
||||||
|
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
||||||
|
- --kubelet-use-node-status-port
|
||||||
|
- --logtostderr
|
||||||
|
{{- range .Values.args }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: https
|
||||||
|
containerPort: 4443
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
{{- toYaml .Values.livenessProbe | nindent 12 }}
|
||||||
|
readinessProbe:
|
||||||
|
{{- toYaml .Values.readinessProbe | nindent 12 }}
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.resources | trim | nindent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
|
volumes:
|
||||||
|
- name: tmp
|
||||||
|
emptyDir: {}
|
||||||
|
{{- with .Values.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,18 @@
|
|||||||
|
{{- if .Values.podDisruptionBudget.enabled -}}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodDisruptionBudget
|
||||||
|
metadata:
|
||||||
|
name: {{ include "metrics-server.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.podDisruptionBudget.minAvailable }}
|
||||||
|
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
||||||
|
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: {{ include "metrics-server.name" . }}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,28 @@
|
|||||||
|
{{- if .Values.rbac.pspEnabled }}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "privileged-%s" (include "metrics-server.fullname" .) }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
allowedCapabilities:
|
||||||
|
- '*'
|
||||||
|
fsGroup:
|
||||||
|
rule: RunAsAny
|
||||||
|
privileged: true
|
||||||
|
runAsUser:
|
||||||
|
rule: RunAsAny
|
||||||
|
seLinux:
|
||||||
|
rule: RunAsAny
|
||||||
|
supplementalGroups:
|
||||||
|
rule: RunAsAny
|
||||||
|
volumes:
|
||||||
|
- '*'
|
||||||
|
hostPID: true
|
||||||
|
hostIPC: true
|
||||||
|
hostNetwork: true
|
||||||
|
hostPorts:
|
||||||
|
- min: 1
|
||||||
|
max: 65536
|
||||||
|
{{- end }}
|
@ -0,0 +1,17 @@
|
|||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-auth-reader" (include "metrics-server.fullname" .) }}
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: extension-apiserver-authentication-reader
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "metrics-server.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,16 @@
|
|||||||
|
{{- if .Values.sampleApp.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: metric-server-test-app
|
||||||
|
name: access-metrics-api
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: access-metrics-api
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: metric-server-test-app
|
||||||
|
namespace: metric-server-test-app
|
||||||
|
{{- end }}
|
@ -0,0 +1,17 @@
|
|||||||
|
{{- if .Values.sampleApp.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: metric-server-test-app
|
||||||
|
name: access-metrics-api
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- metrics.k8s.io
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- nodes
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
{{- end }}
|
@ -0,0 +1,25 @@
|
|||||||
|
{{- if .Values.sampleApp.create -}}
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: metric-server-test-app-deployment
|
||||||
|
namespace: metric-server-test-app
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: metric-server-test-app
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: metric-server-test-app
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: sample-app
|
||||||
|
image: docker.io/starlingx/stx-metrics-server-sample-app
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
env:
|
||||||
|
- name: TOKEN_PATH
|
||||||
|
value: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
|
serviceAccountName: metric-server-test-app
|
||||||
|
{{- end -}}
|
@ -0,0 +1,6 @@
|
|||||||
|
{{- if .Values.sampleApp.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: metric-server-test-app
|
||||||
|
{{- end }}
|
@ -0,0 +1,9 @@
|
|||||||
|
{{- if .Values.sampleApp.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: metric-server-test-app
|
||||||
|
name: metric-server-test-app
|
||||||
|
namespace: metric-server-test-app
|
||||||
|
{{- end }}
|
@ -0,0 +1,22 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "metrics-server.fullname" . }}
|
||||||
|
{{- with .Values.service.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.service.labels -}}
|
||||||
|
{{ toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
type: {{ .Values.service.type }}
|
||||||
|
ports:
|
||||||
|
- name: https
|
||||||
|
port: {{ .Values.service.port }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: https
|
||||||
|
selector:
|
||||||
|
{{- include "metrics-server.selectorLabels" . | nindent 4 }}
|
@ -0,0 +1,12 @@
|
|||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ template "metrics-server.serviceAccountName" . }}
|
||||||
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "metrics-server.labels" . | nindent 4 }}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,106 @@
|
|||||||
|
# Default values for metrics-server.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
|
image:
|
||||||
|
repository: k8s.gcr.io/metrics-server/metrics-server
|
||||||
|
# Overrides the image tag whose default is jetty-v{{ .Chart.AppVersion }}
|
||||||
|
tag: ""
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
imagePullSecrets: []
|
||||||
|
# - registrySecretName
|
||||||
|
|
||||||
|
nameOverride: ""
|
||||||
|
fullnameOverride: ""
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
# Specifies whether a service account should be created
|
||||||
|
create: true
|
||||||
|
# Annotations to add to the service account
|
||||||
|
annotations: {}
|
||||||
|
# The name of the service account to use.
|
||||||
|
# If not set and create is true, a name is generated using the fullname template
|
||||||
|
name: ""
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
# Specifies whether RBAC resources should be created
|
||||||
|
create: true
|
||||||
|
pspEnabled: false
|
||||||
|
|
||||||
|
apiService:
|
||||||
|
# Specifies if the v1beta1.metrics.k8s.io API service should be created.
|
||||||
|
#
|
||||||
|
# You typically want this enabled! If you disable API service creation you have to
|
||||||
|
# manage it outside of this chart for e.g horizontal pod autoscaling to
|
||||||
|
# work with this release.
|
||||||
|
create: true
|
||||||
|
|
||||||
|
podAnnotations: {}
|
||||||
|
|
||||||
|
podSecurityContext: {}
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop: ["all"]
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 10001
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10001
|
||||||
|
|
||||||
|
priorityClassName: "system-cluster-critical"
|
||||||
|
|
||||||
|
hostNetwork:
|
||||||
|
# Specifies if metrics-server should be started in hostNetwork mode.
|
||||||
|
#
|
||||||
|
# You would require this enabled if you use alternate overlay networking for pods and
|
||||||
|
# API server unable to communicate with metrics-server. As an example, this is required
|
||||||
|
# if you use Weave network on EKS
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
replicas: 1
|
||||||
|
|
||||||
|
args: []
|
||||||
|
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: https
|
||||||
|
scheme: HTTPS
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: https
|
||||||
|
scheme: HTTPS
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
|
||||||
|
service:
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
# Add these labels to have metrics-server show up in `kubectl cluster-info`
|
||||||
|
# kubernetes.io/cluster-service: "true"
|
||||||
|
# kubernetes.io/name: "Metrics-server"
|
||||||
|
port: 443
|
||||||
|
type: ClusterIP
|
||||||
|
|
||||||
|
resources: {}
|
||||||
|
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
podDisruptionBudget:
|
||||||
|
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||||
|
enabled: false
|
||||||
|
minAvailable:
|
||||||
|
maxUnavailable:
|
||||||
|
|
||||||
|
# If you want to deploy a sample app application to test metrics server
|
||||||
|
# Set the create value to true
|
||||||
|
sampleApp:
|
||||||
|
create: false
|
@ -0,0 +1,88 @@
|
|||||||
|
---
|
||||||
|
schema: armada/Chart/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: metrics-server-psp-rolebinding
|
||||||
|
data:
|
||||||
|
chart_name: psp-rolebinding
|
||||||
|
release: metrics-server-psp-rolebinding
|
||||||
|
namespace: metrics-server
|
||||||
|
values:
|
||||||
|
rolebindingNamespace: metrics-server
|
||||||
|
serviceAccount: metrics-server
|
||||||
|
source:
|
||||||
|
location: http://172.17.0.1:8080/helm_charts/stx-platform/psp-rolebinding-0.1.0.tgz
|
||||||
|
subpath: psp-rolebinding
|
||||||
|
type: tar
|
||||||
|
reference: master
|
||||||
|
upgrade:
|
||||||
|
no_hooks: false
|
||||||
|
pre:
|
||||||
|
delete:
|
||||||
|
- labels:
|
||||||
|
release_group: metrics-server-psp-rolebinding
|
||||||
|
type: job
|
||||||
|
wait:
|
||||||
|
labels:
|
||||||
|
release_group: metrics-server-psp-rolebinding
|
||||||
|
resources: []
|
||||||
|
timeout: 1800
|
||||||
|
dependencies: []
|
||||||
|
---
|
||||||
|
schema: armada/Chart/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: metrics-server
|
||||||
|
data:
|
||||||
|
chart_name: metrics-server
|
||||||
|
release: metrics-server
|
||||||
|
namespace: metrics-server
|
||||||
|
wait:
|
||||||
|
timeout: 1800
|
||||||
|
labels:
|
||||||
|
app: metrics-server
|
||||||
|
install:
|
||||||
|
no_hooks: false
|
||||||
|
upgrade:
|
||||||
|
no_hooks: false
|
||||||
|
pre:
|
||||||
|
delete:
|
||||||
|
- type: job
|
||||||
|
labels:
|
||||||
|
app: metrics-server
|
||||||
|
values:
|
||||||
|
imagePullSecrets: [{"name": "default-registry-key"}]
|
||||||
|
args:
|
||||||
|
- --kubelet-insecure-tls
|
||||||
|
replicas: 1
|
||||||
|
image:
|
||||||
|
repository: k8s.gcr.io/metrics-server/metrics-server
|
||||||
|
tag: "v0.4.1"
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/master: ""
|
||||||
|
source:
|
||||||
|
type: tar
|
||||||
|
location: http://172.17.0.1/helm_charts/stx-platform/metrics-server-1.0.0.tgz
|
||||||
|
subpath: metrics-server
|
||||||
|
reference: master
|
||||||
|
dependencies: []
|
||||||
|
---
|
||||||
|
schema: armada/ChartGroup/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: metrics-server
|
||||||
|
data:
|
||||||
|
description: "StarlingX metrics-server"
|
||||||
|
sequenced: true
|
||||||
|
chart_group:
|
||||||
|
- metrics-server
|
||||||
|
- metrics-server-psp-rolebinding
|
||||||
|
---
|
||||||
|
schema: armada/Manifest/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: metrics-server-manifest
|
||||||
|
data:
|
||||||
|
release_prefix: ms
|
||||||
|
chart_groups:
|
||||||
|
- metrics-server
|
3
test-requirements.txt
Normal file
3
test-requirements.txt
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# hacking pulls in flake8
|
||||||
|
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
|
||||||
|
bashate >= 0.2
|
35
tox.ini
Normal file
35
tox.ini
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
[tox]
|
||||||
|
envlist = linters
|
||||||
|
minversion = 2.3
|
||||||
|
skipsdist = True
|
||||||
|
sitepackages=False
|
||||||
|
|
||||||
|
[testenv]
|
||||||
|
install_command = pip install -U {opts} {packages}
|
||||||
|
setenv =
|
||||||
|
VIRTUAL_ENV={envdir}
|
||||||
|
OS_STDOUT_CAPTURE=1
|
||||||
|
OS_STDERR_CAPTURE=1
|
||||||
|
OS_DEBUG=1
|
||||||
|
OS_LOG_CAPTURE=1
|
||||||
|
deps =
|
||||||
|
-r{toxinidir}/requirements.txt
|
||||||
|
-r{toxinidir}/test-requirements.txt
|
||||||
|
whitelist_externals =
|
||||||
|
bash
|
||||||
|
|
||||||
|
[testenv:bashate]
|
||||||
|
# Treat all E* codes as Errors rather than warnings using: -e 'E*'
|
||||||
|
commands =
|
||||||
|
bash -c "find {toxinidir} \
|
||||||
|
-not \( -type d -name .?\* -prune \) \
|
||||||
|
-type f \
|
||||||
|
-not -name \*~ \
|
||||||
|
-not -name \*.md \
|
||||||
|
-name \*.sh \
|
||||||
|
-print0 | xargs -r -n 1 -0 bashate -v \
|
||||||
|
-e 'E*'"
|
||||||
|
|
||||||
|
[testenv:linters]
|
||||||
|
commands =
|
||||||
|
{[testenv:bashate]commands}
|
Loading…
Reference in New Issue
Block a user