From e2a8845d0ed5a7c1000da61a6787227493624782 Mon Sep 17 00:00:00 2001 From: Pedro Sliuzas Date: Thu, 11 Feb 2021 16:49:14 -0300 Subject: [PATCH] Metrics Server Armada App Metrics Server integrates with starlingX throught an Armada App. The charts on this review was based on https://github.com/kubernetes-sigs/metrics-server/pull/670. The Armada App will deploy one replica in one of the kubernetes masters(controllers). Because of that, there is a node selector configured in the Armada App manifest. Besides that, there is a required label, that is included in the Helm Chart, the "app: metrics-server". This label is used by System Inventory to manage the Armada App lifecycle. Since there is no need to have any integration with System Inventory, there is no plan to develop a plugin for this Armada App. This commit was tested in the version 20.06 of StarlingX using an containerized application that could retrieve Metrics Server data, and also it was testing scaling horizontally an containerized application. Is possible to find the implementation of both of the mentioned tests in this review https://review.opendev.org/c/starlingx/metrics-server-armada-app/+/776162/1 Story: 2008457 Task: 41905 Change-Id: I29ee0ebbcfeddafd7c598166014bd076246e5862 Signed-off-by: Pedro Sliuzas --- .zuul.yaml | 8 ++ centos_build_layer.cfg | 1 + centos_iso_image.inc | 1 + centos_pkg_dirs | 1 + centos_pkg_dirs_containers | 1 + requirements.txt | 1 + .../centos/build_srpm.data | 7 ++ .../centos/stx-metrics-server-helm.spec | 76 +++++++++++++ .../stx-metrics-server-helm/files/index.yaml | 3 + .../files/metadata.yaml | 5 + .../files/repositories.yaml | 12 ++ .../helm-charts/Makefile | 43 +++++++ .../helm-charts/metrics-server/Chart.yaml | 14 +++ .../metrics-server/templates/_helpers.tpl | 62 ++++++++++ .../metrics-server/templates/apiservice.yaml | 17 +++ .../clusterrole-aggregated-reader.yaml | 21 ++++ .../metrics-server/templates/clusterrole.yaml | 32 ++++++ .../clusterrolebinding-auth-delegator.yaml | 16 +++ .../templates/clusterrolebinding.yaml | 16 +++ .../metrics-server/templates/deployment.yaml | 79 +++++++++++++ .../metrics-server/templates/pdb.yaml | 18 +++ .../metrics-server/templates/psp.yaml | 28 +++++ .../metrics-server/templates/rolebinding.yaml | 17 +++ .../sample-app-cluster-role-binding.yml | 16 +++ .../templates/sample-app-cluster-role.yml | 17 +++ .../templates/sample-app-deployment.yml | 25 +++++ .../templates/sample-app-namespace.yml | 6 + .../templates/sample-app-service-account.yml | 9 ++ .../metrics-server/templates/service.yaml | 22 ++++ .../templates/serviceaccount.yaml | 12 ++ .../helm-charts/metrics-server/values.yaml | 106 ++++++++++++++++++ .../manifests/metrics-server_manifest.yaml | 88 +++++++++++++++ test-requirements.txt | 3 + tox.ini | 35 ++++++ 34 files changed, 818 insertions(+) create mode 100644 .zuul.yaml create mode 100644 centos_build_layer.cfg create mode 100644 centos_iso_image.inc create mode 100644 centos_pkg_dirs create mode 100644 centos_pkg_dirs_containers create mode 100644 requirements.txt create mode 100644 stx-metrics-server-helm/centos/build_srpm.data create mode 100644 stx-metrics-server-helm/centos/stx-metrics-server-helm.spec create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/files/index.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/files/metadata.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/files/repositories.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/Makefile create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/Chart.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/_helpers.tpl create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/apiservice.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole-aggregated-reader.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/deployment.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/pdb.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/psp.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/rolebinding.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role-binding.yml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role.yml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-deployment.yml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-namespace.yml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-service-account.yml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/service.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/serviceaccount.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/values.yaml create mode 100644 stx-metrics-server-helm/stx-metrics-server-helm/manifests/metrics-server_manifest.yaml create mode 100644 test-requirements.txt create mode 100644 tox.ini diff --git a/.zuul.yaml b/.zuul.yaml new file mode 100644 index 0000000..0792bb0 --- /dev/null +++ b/.zuul.yaml @@ -0,0 +1,8 @@ +--- + - project: + check: + jobs: + - openstack-tox-linters + gate: + jobs: + - openstack-tox-linters \ No newline at end of file diff --git a/centos_build_layer.cfg b/centos_build_layer.cfg new file mode 100644 index 0000000..c581999 --- /dev/null +++ b/centos_build_layer.cfg @@ -0,0 +1 @@ +flock diff --git a/centos_iso_image.inc b/centos_iso_image.inc new file mode 100644 index 0000000..4aa6b80 --- /dev/null +++ b/centos_iso_image.inc @@ -0,0 +1 @@ +stx-metrics-server-helm diff --git a/centos_pkg_dirs b/centos_pkg_dirs new file mode 100644 index 0000000..4aa6b80 --- /dev/null +++ b/centos_pkg_dirs @@ -0,0 +1 @@ +stx-metrics-server-helm diff --git a/centos_pkg_dirs_containers b/centos_pkg_dirs_containers new file mode 100644 index 0000000..4aa6b80 --- /dev/null +++ b/centos_pkg_dirs_containers @@ -0,0 +1 @@ +stx-metrics-server-helm diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..c01ade2 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +# Nothing diff --git a/stx-metrics-server-helm/centos/build_srpm.data b/stx-metrics-server-helm/centos/build_srpm.data new file mode 100644 index 0000000..eab950b --- /dev/null +++ b/stx-metrics-server-helm/centos/build_srpm.data @@ -0,0 +1,7 @@ +SRC_DIR="stx-metrics-server-helm" + +TIS_PATCH_VER=GITREVCOUNT +SRC_BASE_SRCREV=9fa1ccbdbae09c9726642bfbb5b20e27cd729f2c +COPY_LIST_TO_TAR="\ + $STX_BASE/helm-charts/psp-rolebinding/psp-rolebinding/helm-charts \ +" diff --git a/stx-metrics-server-helm/centos/stx-metrics-server-helm.spec b/stx-metrics-server-helm/centos/stx-metrics-server-helm.spec new file mode 100644 index 0000000..6f37ddf --- /dev/null +++ b/stx-metrics-server-helm/centos/stx-metrics-server-helm.spec @@ -0,0 +1,76 @@ +# Application tunables (maps to metadata) +%global app_name metrics-server +%global helm_repo stx-platform +%global helm_folder /usr/lib/helm +%global armada_folder /usr/lib/armada +%global app_folder /usr/local/share/applications/helm +%global helmchart_version 0.1.0 + + +Summary: StarlingX Metrics Server Armada Helm Charts +Name: stx-metrics-server-helm +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: base +Packager: Wind River +URL: unknown + +Source0: %{name}-%{version}.tar.gz + +BuildArch: noarch + +BuildRequires: helm +BuildRequires: chartmuseum + +%description +StarlingX Metrics Server Armada Helm Charts + +%prep +%setup + +%build +# Host a server for the charts +chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." & +sleep 2 +helm repo add local http://localhost:8879/charts + +# Make the charts. These produce a tgz file +cd helm-charts +make +cd - + +# terminate helm server (the last backgrounded task) +kill %1 + +# Create a chart tarball compliant with sysinv kube-app.py +%define app_staging %{_builddir}/staging +%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz + +# Setup staging +mkdir -p %{app_staging} +cp files/metadata.yaml %{app_staging} +cp manifests/*.yaml %{app_staging} +mkdir -p %{app_staging}/charts +cp helm-charts/*.tgz %{app_staging}/charts +cd %{app_staging} + +# Populate metadata +sed -i 's/@APP_NAME@/%{app_name}/g' %{app_staging}/metadata.yaml +sed -i 's/@APP_VERSION@/%{version}-%{tis_patch_ver}/g' %{app_staging}/metadata.yaml +sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml + +# package it up +find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 +tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ . + +# Cleanup staging +rm -fr %{app_staging} + +%install +install -d -m 755 %{buildroot}/%{app_folder} +install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder} + +%files +%defattr(-,root,root,-) +%{app_folder}/* diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/files/index.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/files/index.yaml new file mode 100644 index 0000000..36db709 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/files/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: 2019-01-07T12:33:46.098166523-06:00 diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/files/metadata.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/files/metadata.yaml new file mode 100644 index 0000000..d2c6295 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/files/metadata.yaml @@ -0,0 +1,5 @@ +maintain_user_overrides: true + +app_name: @APP_NAME@ +app_version: @APP_VERSION@ +helm_repo: @HELM_REPO@ diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/files/repositories.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/files/repositories.yaml new file mode 100644 index 0000000..e613b63 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/files/repositories.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +generated: 2019-01-02T15:19:36.215111369-06:00 +repositories: +- caFile: "" + cache: /builddir/.helm/repository/cache/local-index.yaml + certFile: "" + keyFile: "" + name: local + password: "" + url: http://127.0.0.1:8879/charts + username: "" + diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/Makefile b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/Makefile new file mode 100644 index 0000000..5cf4447 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/Makefile @@ -0,0 +1,43 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := helm-toolkit doc tests tools logs tmp +CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: lint-% + if [ -d $* ]; then helm package $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -f *tgz */charts/*tgz */requirements.lock + rm -rf */charts */tmpcharts + +%: + @: diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/Chart.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/Chart.yaml new file mode 100644 index 0000000..b3f8203 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: metrics-server +description: Helm chart for the Kubernetes Metrics Server. +type: application +version: 1.0.0 +appVersion: 0.4.1 +keywords: + - kubernetes + - metrics-server + - metrics +home: https://github.com/kubernetes-sigs/metrics-server +icon: https://avatars.githubusercontent.com/u/36015203?s=400&v=4 +sources: + - https://github.com/kubernetes-sigs/metrics-server diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/_helpers.tpl b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/_helpers.tpl new file mode 100644 index 0000000..a1ab9dc --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "metrics-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "metrics-server.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "metrics-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "metrics-server.labels" -}} +helm.sh/chart: {{ include "metrics-server.chart" . }} +{{ include "metrics-server.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "metrics-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "metrics-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "metrics-server.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "metrics-server.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/apiservice.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/apiservice.yaml new file mode 100644 index 0000000..dd37b5d --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/apiservice.yaml @@ -0,0 +1,17 @@ +{{- if .Values.apiService.create -}} +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1beta1.metrics.k8s.io + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: {{ include "metrics-server.fullname" . }} + namespace: {{ .Release.Namespace }} + version: v1beta1 + versionPriority: 100 +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole-aggregated-reader.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole-aggregated-reader.yaml new file mode 100644 index 0000000..d5e8fe1 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole-aggregated-reader.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ printf "system:%s-aggregated-reader" (include "metrics-server.name" .) }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole.yaml new file mode 100644 index 0000000..0636414 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrole.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ printf "system:%s" (include "metrics-server.fullname" .) }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + - namespaces + - configmaps + verbs: + - get + - list + - watch + {{- if .Values.rbac.pspEnabled }} + - apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + resourceNames: + - {{ printf "privileged-%s" (include "metrics-server.fullname" .) }} + verbs: + - use + {{- end -}} +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml new file mode 100644 index 0000000..826c3b7 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ printf "%s:system:auth-delegator" (include "metrics-server.fullname" .) }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: {{ include "metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..512cb65 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ printf "system:%s" (include "metrics-server.fullname" .) }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:{{ template "metrics-server.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/deployment.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/deployment.yaml new file mode 100644 index 0000000..7894a21 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "metrics-server.fullname" . }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "metrics-server.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "metrics-server.selectorLabels" . | nindent 8 }} + app: metrics-server + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "metrics-server.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} + {{- if .Values.hostNetwork.enabled }} + hostNetwork: true + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ printf "%s:%s" .Values.image.repository (.Values.image.tag | default (printf "v%s" .Chart.AppVersion)) }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --logtostderr + {{- range .Values.args }} + - {{ . }} + {{- end }} + ports: + - name: https + containerPort: 4443 + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | trim | nindent 12 }} + volumeMounts: + - name: tmp + mountPath: /tmp + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: tmp + emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/pdb.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/pdb.yaml new file mode 100644 index 0000000..cda6b4e --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "metrics-server.fullname" . }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "metrics-server.name" . }} +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/psp.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/psp.yaml new file mode 100644 index 0000000..bf8ace1 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/psp.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ printf "privileged-%s" (include "metrics-server.fullname" .) }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +spec: + allowedCapabilities: + - '*' + fsGroup: + rule: RunAsAny + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - '*' + hostPID: true + hostIPC: true + hostNetwork: true + hostPorts: + - min: 1 + max: 65536 +{{- end }} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/rolebinding.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/rolebinding.yaml new file mode 100644 index 0000000..3fda743 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ printf "%s-auth-reader" (include "metrics-server.fullname" .) }} + namespace: kube-system + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: {{ include "metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role-binding.yml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role-binding.yml new file mode 100644 index 0000000..ad4e316 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role-binding.yml @@ -0,0 +1,16 @@ +{{- if .Values.sampleApp.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metric-server-test-app + name: access-metrics-api +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: access-metrics-api +subjects: +- kind: ServiceAccount + name: metric-server-test-app + namespace: metric-server-test-app +{{- end }} \ No newline at end of file diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role.yml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role.yml new file mode 100644 index 0000000..c78fb28 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-cluster-role.yml @@ -0,0 +1,17 @@ +{{- if .Values.sampleApp.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metric-server-test-app + name: access-metrics-api +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list +{{- end }} \ No newline at end of file diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-deployment.yml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-deployment.yml new file mode 100644 index 0000000..c318dd9 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-deployment.yml @@ -0,0 +1,25 @@ +{{- if .Values.sampleApp.create -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metric-server-test-app-deployment + namespace: metric-server-test-app +spec: + selector: + matchLabels: + app: metric-server-test-app + replicas: 1 + template: + metadata: + labels: + app: metric-server-test-app + spec: + containers: + - name: sample-app + image: docker.io/starlingx/stx-metrics-server-sample-app + imagePullPolicy: IfNotPresent + env: + - name: TOKEN_PATH + value: /var/run/secrets/kubernetes.io/serviceaccount/token + serviceAccountName: metric-server-test-app +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-namespace.yml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-namespace.yml new file mode 100644 index 0000000..5a83759 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-namespace.yml @@ -0,0 +1,6 @@ +{{- if .Values.sampleApp.create -}} +apiVersion: v1 +kind: Namespace +metadata: + name: metric-server-test-app +{{- end }} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-service-account.yml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-service-account.yml new file mode 100644 index 0000000..5e116c0 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/sample-app-service-account.yml @@ -0,0 +1,9 @@ +{{- if .Values.sampleApp.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metric-server-test-app + name: metric-server-test-app + namespace: metric-server-test-app +{{- end }} \ No newline at end of file diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/service.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/service.yaml new file mode 100644 index 0000000..abbb659 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "metrics-server.fullname" . }} + {{- with .Values.service.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} + {{- with .Values.service.labels -}} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - name: https + port: {{ .Values.service.port }} + protocol: TCP + targetPort: https + selector: + {{- include "metrics-server.selectorLabels" . | nindent 4 }} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/serviceaccount.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/serviceaccount.yaml new file mode 100644 index 0000000..12f7724 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "metrics-server.serviceAccountName" . }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} +{{- end -}} diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/values.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/values.yaml new file mode 100644 index 0000000..ed14027 --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/helm-charts/metrics-server/values.yaml @@ -0,0 +1,106 @@ +# Default values for metrics-server. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: k8s.gcr.io/metrics-server/metrics-server + # Overrides the image tag whose default is jetty-v{{ .Chart.AppVersion }} + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - registrySecretName + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +rbac: + # Specifies whether RBAC resources should be created + create: true + pspEnabled: false + +apiService: + # Specifies if the v1beta1.metrics.k8s.io API service should be created. + # + # You typically want this enabled! If you disable API service creation you have to + # manage it outside of this chart for e.g horizontal pod autoscaling to + # work with this release. + create: true + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + +priorityClassName: "system-cluster-critical" + +hostNetwork: + # Specifies if metrics-server should be started in hostNetwork mode. + # + # You would require this enabled if you use alternate overlay networking for pods and + # API server unable to communicate with metrics-server. As an example, this is required + # if you use Weave network on EKS + enabled: false + +replicas: 1 + +args: [] + +livenessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + +readinessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + +service: + annotations: {} + labels: {} + # Add these labels to have metrics-server show up in `kubectl cluster-info` + # kubernetes.io/cluster-service: "true" + # kubernetes.io/name: "Metrics-server" + port: 443 + type: ClusterIP + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +podDisruptionBudget: + # https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + enabled: false + minAvailable: + maxUnavailable: + +# If you want to deploy a sample app application to test metrics server +# Set the create value to true +sampleApp: + create: false diff --git a/stx-metrics-server-helm/stx-metrics-server-helm/manifests/metrics-server_manifest.yaml b/stx-metrics-server-helm/stx-metrics-server-helm/manifests/metrics-server_manifest.yaml new file mode 100644 index 0000000..1dfb62d --- /dev/null +++ b/stx-metrics-server-helm/stx-metrics-server-helm/manifests/metrics-server_manifest.yaml @@ -0,0 +1,88 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: metrics-server-psp-rolebinding +data: + chart_name: psp-rolebinding + release: metrics-server-psp-rolebinding + namespace: metrics-server + values: + rolebindingNamespace: metrics-server + serviceAccount: metrics-server + source: + location: http://172.17.0.1:8080/helm_charts/stx-platform/psp-rolebinding-0.1.0.tgz + subpath: psp-rolebinding + type: tar + reference: master + upgrade: + no_hooks: false + pre: + delete: + - labels: + release_group: metrics-server-psp-rolebinding + type: job + wait: + labels: + release_group: metrics-server-psp-rolebinding + resources: [] + timeout: 1800 + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: metrics-server +data: + chart_name: metrics-server + release: metrics-server + namespace: metrics-server + wait: + timeout: 1800 + labels: + app: metrics-server + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + app: metrics-server + values: + imagePullSecrets: [{"name": "default-registry-key"}] + args: + - --kubelet-insecure-tls + replicas: 1 + image: + repository: k8s.gcr.io/metrics-server/metrics-server + tag: "v0.4.1" + nodeSelector: + node-role.kubernetes.io/master: "" + source: + type: tar + location: http://172.17.0.1/helm_charts/stx-platform/metrics-server-1.0.0.tgz + subpath: metrics-server + reference: master + dependencies: [] +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: metrics-server +data: + description: "StarlingX metrics-server" + sequenced: true + chart_group: + - metrics-server + - metrics-server-psp-rolebinding +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: metrics-server-manifest +data: + release_prefix: ms + chart_groups: + - metrics-server \ No newline at end of file diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..8ae3e22 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,3 @@ +# hacking pulls in flake8 +hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 +bashate >= 0.2 diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..cede375 --- /dev/null +++ b/tox.ini @@ -0,0 +1,35 @@ +[tox] +envlist = linters +minversion = 2.3 +skipsdist = True +sitepackages=False + +[testenv] +install_command = pip install -U {opts} {packages} +setenv = + VIRTUAL_ENV={envdir} + OS_STDOUT_CAPTURE=1 + OS_STDERR_CAPTURE=1 + OS_DEBUG=1 + OS_LOG_CAPTURE=1 +deps = + -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt +whitelist_externals = + bash + +[testenv:bashate] +# Treat all E* codes as Errors rather than warnings using: -e 'E*' +commands = + bash -c "find {toxinidir} \ + -not \( -type d -name .?\* -prune \) \ + -type f \ + -not -name \*~ \ + -not -name \*.md \ + -name \*.sh \ + -print0 | xargs -r -n 1 -0 bashate -v \ + -e 'E*'" + +[testenv:linters] +commands = + {[testenv:bashate]commands}