First commit

2020-05-30 01:48:58 +02:00 · 2020-05-30 01:48:58 +02:00 · f295d3d319
commit f295d3d319
parent 7e7e171b4c
15 changed files with 195 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,12 @@
 # ansible-role-k8s-metrics-server

-Deploy metrics-server to a kubernetes cluster
+Deploy metrics-server to a kubernetes cluster
+
+## Requirements
+
+Metrics Server has specific requirements for cluster and network configuration. These requirements aren't the default for all cluster
+distributions. Please ensure that your cluster distribution supports these requirements before using Metrics Server:
+- Metrics Server must be [reachable from kube-apiserver]
+- The kube-apiserver must be correctly configured to [enable an aggregation layer]
+- Nodes must have [kubelet authorization] configured to match Metrics Server configuration
+- Container runtime must implement a [container metrics RPCs]
--- a/bin/update.sh
+++ b/bin/update.sh
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+METRICS_SERVER_FILE="vars/metrics_server_files_list.yml"
+
+wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
+kubernetes-split-yaml components.yaml > generated.log
+rm -f files/*.yaml
+mv generated/*.yaml files/
+echo -e "---\nmetrics_server_files:" > "${METRICS_SERVER_FILE}"
+cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)|      - "\2"|' >> "${METRICS_SERVER_FILE}"
+rm -fr generated generated.log components.yaml
+
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1 @@
+my_context: minikube
--- a/files/metrics-server-Deployment.yaml
+++ b/files/metrics-server-Deployment.yaml
@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+      # mount in tmp so we can safely use from-scratch images and/or read-only containers
+      - name: tmp-dir
+        emptyDir: {}
+      containers:
+      - name: metrics-server
+        image: k8s.gcr.io/metrics-server-amd64:v0.3.6
+        imagePullPolicy: IfNotPresent
+        args:
+          - --cert-dir=/tmp
+          - --secure-port=4443
+        ports:
+        - name: main-port
+          containerPort: 4443
+          protocol: TCP
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+        volumeMounts:
+        - name: tmp-dir
+          mountPath: /tmp
+      nodeSelector:
+        kubernetes.io/os: linux
+        kubernetes.io/arch: "amd64"
--- a/files/metrics-server-Service.yaml
+++ b/files/metrics-server-Service.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: main-port
--- a/files/metrics-server-ServiceAccount.yaml
+++ b/files/metrics-server-ServiceAccount.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
--- a/files/metrics-server-auth-reader-RoleBinding.yaml
+++ b/files/metrics-server-auth-reader-RoleBinding.yaml
@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
--- a/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml
+++ b/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml
@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
--- a/files/system:aggregated-metrics-reader-ClusterRole.yaml
+++ b/files/system:aggregated-metrics-reader-ClusterRole.yaml
@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:aggregated-metrics-reader
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["pods", "nodes"]
+  verbs: ["get", "list", "watch"]
--- a/files/system:metrics-server-ClusterRole.yaml
+++ b/files/system:metrics-server-ClusterRole.yaml
@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  - nodes/stats
+  - namespaces
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
--- a/files/system:metrics-server-ClusterRoleBinding.yaml
+++ b/files/system:metrics-server-ClusterRoleBinding.yaml
@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
--- a/files/v1beta1.metrics.k8s.io-APIService.yaml
+++ b/files/v1beta1.metrics.k8s.io-APIService.yaml
@ -0,0 +1,13 @@
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,7 @@
+galaxy_info:
+  author: Adrien Reslinger
+  description: Install mertrics-server to a cluster
+  company: Personnal
+  min_ansible_version: 2.9
+  galaxy_tags: []
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,12 @@
+- name: Metrics Server setup
+  block:
+  - name: Metrics Server install
+    k8s:
+      state: present
+      context: "{{ my_context }}"
+      merge_type: merge
+      resource_definition: "{{ lookup('file', item) | from_yaml }}"
+    with_items:
+      - '{{ metrics_server_files }}'
+  tags:
+    - metrics-server
--- a/vars/metrics_server_files_list.yml
+++ b/vars/metrics_server_files_list.yml
@ -0,0 +1,11 @@
+---
+metrics_server_files:
+      - "system:aggregated-metrics-reader-ClusterRole.yaml"
+      - "metrics-server:system:auth-delegator-ClusterRoleBinding.yaml"
+      - "metrics-server-auth-reader-RoleBinding.yaml"
+      - "v1beta1.metrics.k8s.io-APIService.yaml"
+      - "metrics-server-ServiceAccount.yaml"
+      - "metrics-server-Deployment.yaml"
+      - "metrics-server-Service.yaml"
+      - "system:metrics-server-ClusterRole.yaml"
+      - "system:metrics-server-ClusterRoleBinding.yaml"