diff --git a/README.md b/README.md index b2112ce..b76d17a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,12 @@ # ansible-role-k8s-metrics-server -Deploy metrics-server to a kubernetes cluster \ No newline at end of file +Deploy metrics-server to a kubernetes cluster + +## Requirements + +Metrics Server has specific requirements for cluster and network configuration. These requirements aren't the default for all cluster +distributions. Please ensure that your cluster distribution supports these requirements before using Metrics Server: +- Metrics Server must be [reachable from kube-apiserver] +- The kube-apiserver must be correctly configured to [enable an aggregation layer] +- Nodes must have [kubelet authorization] configured to match Metrics Server configuration +- Container runtime must implement a [container metrics RPCs] diff --git a/bin/update.sh b/bin/update.sh new file mode 100755 index 0000000..0ff27b0 --- /dev/null +++ b/bin/update.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +METRICS_SERVER_FILE="vars/metrics_server_files_list.yml" + +wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml +kubernetes-split-yaml components.yaml > generated.log +rm -f files/*.yaml +mv generated/*.yaml files/ +echo -e "---\nmetrics_server_files:" > "${METRICS_SERVER_FILE}" +cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> "${METRICS_SERVER_FILE}" +rm -fr generated generated.log components.yaml + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..e0624d3 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1 @@ +my_context: minikube diff --git a/files/metrics-server-Deployment.yaml b/files/metrics-server-Deployment.yaml new file mode 100644 index 0000000..17cad5e --- /dev/null +++ b/files/metrics-server-Deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metrics-server + namespace: kube-system + labels: + k8s-app: metrics-server +spec: + selector: + matchLabels: + k8s-app: metrics-server + template: + metadata: + name: metrics-server + labels: + k8s-app: metrics-server + spec: + serviceAccountName: metrics-server + volumes: + # mount in tmp so we can safely use from-scratch images and/or read-only containers + - name: tmp-dir + emptyDir: {} + containers: + - name: metrics-server + image: k8s.gcr.io/metrics-server-amd64:v0.3.6 + imagePullPolicy: IfNotPresent + args: + - --cert-dir=/tmp + - --secure-port=4443 + ports: + - name: main-port + containerPort: 4443 + protocol: TCP + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - name: tmp-dir + mountPath: /tmp + nodeSelector: + kubernetes.io/os: linux + kubernetes.io/arch: "amd64" diff --git a/files/metrics-server-Service.yaml b/files/metrics-server-Service.yaml new file mode 100644 index 0000000..19304e8 --- /dev/null +++ b/files/metrics-server-Service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: metrics-server + namespace: kube-system + labels: + kubernetes.io/name: "Metrics-server" + kubernetes.io/cluster-service: "true" +spec: + selector: + k8s-app: metrics-server + ports: + - port: 443 + protocol: TCP + targetPort: main-port diff --git a/files/metrics-server-ServiceAccount.yaml b/files/metrics-server-ServiceAccount.yaml new file mode 100644 index 0000000..ee205aa --- /dev/null +++ b/files/metrics-server-ServiceAccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metrics-server + namespace: kube-system diff --git a/files/metrics-server-auth-reader-RoleBinding.yaml b/files/metrics-server-auth-reader-RoleBinding.yaml new file mode 100644 index 0000000..9eff129 --- /dev/null +++ b/files/metrics-server-auth-reader-RoleBinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml b/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml new file mode 100644 index 0000000..109f55f --- /dev/null +++ b/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/files/system:aggregated-metrics-reader-ClusterRole.yaml b/files/system:aggregated-metrics-reader-ClusterRole.yaml new file mode 100644 index 0000000..826455c --- /dev/null +++ b/files/system:aggregated-metrics-reader-ClusterRole.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:aggregated-metrics-reader + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] diff --git a/files/system:metrics-server-ClusterRole.yaml b/files/system:metrics-server-ClusterRole.yaml new file mode 100644 index 0000000..30e3401 --- /dev/null +++ b/files/system:metrics-server-ClusterRole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + - namespaces + - configmaps + verbs: + - get + - list + - watch diff --git a/files/system:metrics-server-ClusterRoleBinding.yaml b/files/system:metrics-server-ClusterRoleBinding.yaml new file mode 100644 index 0000000..dc63434 --- /dev/null +++ b/files/system:metrics-server-ClusterRoleBinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/files/v1beta1.metrics.k8s.io-APIService.yaml b/files/v1beta1.metrics.k8s.io-APIService.yaml new file mode 100644 index 0000000..a8860fb --- /dev/null +++ b/files/v1beta1.metrics.k8s.io-APIService.yaml @@ -0,0 +1,13 @@ +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + name: v1beta1.metrics.k8s.io +spec: + service: + name: metrics-server + namespace: kube-system + group: metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: true + groupPriorityMinimum: 100 + versionPriority: 100 diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..12ab788 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,7 @@ +galaxy_info: + author: Adrien Reslinger + description: Install mertrics-server to a cluster + company: Personnal + min_ansible_version: 2.9 + galaxy_tags: [] + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..3e1e41c --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,12 @@ +- name: Metrics Server setup + block: + - name: Metrics Server install + k8s: + state: present + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('file', item) | from_yaml }}" + with_items: + - '{{ metrics_server_files }}' + tags: + - metrics-server \ No newline at end of file diff --git a/vars/metrics_server_files_list.yml b/vars/metrics_server_files_list.yml new file mode 100644 index 0000000..9b8173b --- /dev/null +++ b/vars/metrics_server_files_list.yml @@ -0,0 +1,11 @@ +--- +metrics_server_files: + - "system:aggregated-metrics-reader-ClusterRole.yaml" + - "metrics-server:system:auth-delegator-ClusterRoleBinding.yaml" + - "metrics-server-auth-reader-RoleBinding.yaml" + - "v1beta1.metrics.k8s.io-APIService.yaml" + - "metrics-server-ServiceAccount.yaml" + - "metrics-server-Deployment.yaml" + - "metrics-server-Service.yaml" + - "system:metrics-server-ClusterRole.yaml" + - "system:metrics-server-ClusterRoleBinding.yaml"