From 80598a8bd378cc05d24e551fb384a0d6afef8d47 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Mon, 13 Nov 2017 09:45:03 +0100 Subject: [PATCH] deploy: Update custom metrics API name and separate into files --- deploy/README.md | 4 +- deploy/example-deployment.yaml | 156 ------------------ ...r-auth-delegator-cluster-role-binding.yaml | 12 ++ ...cs-apiserver-auth-reader-role-binding.yaml | 13 ++ .../custom-metrics-apiserver-deployment.yaml | 42 +++++ ...-resource-reader-cluster-role-binding.yaml | 12 ++ ...tom-metrics-apiserver-service-account.yaml | 5 + .../custom-metrics-apiserver-service.yaml | 11 ++ .../manifests/custom-metrics-apiservice.yaml | 13 ++ .../custom-metrics-cluster-role.yaml | 9 + ...-metrics-resource-reader-cluster-role.yaml | 14 ++ ...a-custom-metrics-cluster-role-binding.yaml | 12 ++ 12 files changed, 146 insertions(+), 157 deletions(-) delete mode 100644 deploy/example-deployment.yaml create mode 100644 deploy/manifests/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100644 deploy/manifests/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100644 deploy/manifests/custom-metrics-apiserver-deployment.yaml create mode 100644 deploy/manifests/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100644 deploy/manifests/custom-metrics-apiserver-service-account.yaml create mode 100644 deploy/manifests/custom-metrics-apiserver-service.yaml create mode 100644 deploy/manifests/custom-metrics-apiservice.yaml create mode 100644 deploy/manifests/custom-metrics-cluster-role.yaml create mode 100644 deploy/manifests/custom-metrics-resource-reader-cluster-role.yaml create mode 100644 deploy/manifests/hpa-custom-metrics-cluster-role-binding.yaml diff --git a/deploy/README.md b/deploy/README.md index bf58cf6e..302dd2f5 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -9,5 +9,7 @@ Example Deployment documentation](https://github.com/kubernetes-incubator/apiserver-builder/blob/master/docs/concepts/auth.md) in the apiserver-builder repository. -3. `kubectl create -f example-deployment.yaml`, modifying as necessary to +3. `kubectl create namespace custom-metrics` to ensure the namespace we choose to install the custom metrics adapter in. + +4. `kubectl create -f manifests/`, modifying as necessary to point to your prometheus server. diff --git a/deploy/example-deployment.yaml b/deploy/example-deployment.yaml deleted file mode 100644 index 69c7a248..00000000 --- a/deploy/example-deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: custom-metrics ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: custom-metrics-apiserver - namespace: custom-metrics ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: custom-metrics:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: custom-metrics-apiserver - namespace: custom-metrics ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: custom-metrics-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: custom-metrics-apiserver - namespace: custom-metrics ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: custom-metrics-resource-reader -rules: -- apiGroups: - - "" - resources: - - namespaces - - pods - - services - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: custom-metrics-resource-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: custom-metrics-resource-reader -subjects: -- kind: ServiceAccount - name: custom-metrics-apiserver - namespace: custom-metrics ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: custom-metrics-apiserver - name: custom-metrics-apiserver -spec: - replicas: 1 - selector: - matchLabels: - app: custom-metrics-apiserver - template: - metadata: - labels: - app: custom-metrics-apiserver - name: custom-metrics-apiserver - spec: - serviceAccountName: custom-metrics-apiserver - containers: - - name: custom-metrics-apiserver - image: directxman12/k8s-prometheus-adapter - args: - - /adapter - - --secure-port=6443 - - --tls-cert-file=/var/run/serving-cert/serving.crt - - --tls-private-key-file=/var/run/serving-cert/serving.key - - --logtostderr=true - - --prometheus-url=http://prometheus.prom.svc:9090/ - - --metrics-relist-interval=30s - - --rate-interval=30s - - --v=10 - ports: - - containerPort: 6443 - volumeMounts: - - mountPath: /var/run/serving-cert - name: volume-serving-cert - readOnly: true - volumes: - - name: volume-serving-cert - secret: - secretName: cm-adapter-serving-certs ---- -apiVersion: v1 -kind: Service -metadata: - name: api - namespace: custom-metrics -spec: - ports: - - port: 443 - targetPort: 6443 - selector: - app: custom-metrics-apiserver ---- -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1alpha1.custom-metrics.metrics.k8s.io -spec: - insecureSkipTLSVerify: true - group: custom-metrics.metrics.k8s.io - priority: 150 - service: - name: api - namespace: custom-metrics - version: v1alpha1 ---- -# Make a ClusterRole so that the HPA controller is able to read the custom metrics this adapter provides -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: custom-metrics-server-resources -rules: -- apiGroups: - - custom-metrics.metrics.k8s.io - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: hpa-controller-custom-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: custom-metrics-server-resources -subjects: -- kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system \ No newline at end of file diff --git a/deploy/manifests/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml b/deploy/manifests/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml new file mode 100644 index 00000000..d6e2b084 --- /dev/null +++ b/deploy/manifests/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: custom-metrics:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: custom-metrics-apiserver + namespace: custom-metrics diff --git a/deploy/manifests/custom-metrics-apiserver-auth-reader-role-binding.yaml b/deploy/manifests/custom-metrics-apiserver-auth-reader-role-binding.yaml new file mode 100644 index 00000000..5ca35118 --- /dev/null +++ b/deploy/manifests/custom-metrics-apiserver-auth-reader-role-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: custom-metrics-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: custom-metrics-apiserver + namespace: custom-metrics diff --git a/deploy/manifests/custom-metrics-apiserver-deployment.yaml b/deploy/manifests/custom-metrics-apiserver-deployment.yaml new file mode 100644 index 00000000..888bb3bf --- /dev/null +++ b/deploy/manifests/custom-metrics-apiserver-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: custom-metrics-apiserver + name: custom-metrics-apiserver + namespace: custom-metrics +spec: + replicas: 1 + selector: + matchLabels: + app: custom-metrics-apiserver + template: + metadata: + labels: + app: custom-metrics-apiserver + name: custom-metrics-apiserver + spec: + serviceAccountName: custom-metrics-apiserver + containers: + - name: custom-metrics-apiserver + image: directxman12/k8s-prometheus-adapter + args: + - /adapter + - --secure-port=6443 + - --tls-cert-file=/var/run/serving-cert/serving.crt + - --tls-private-key-file=/var/run/serving-cert/serving.key + - --logtostderr=true + - --prometheus-url=http://prometheus.prom.svc:9090/ + - --metrics-relist-interval=30s + - --rate-interval=5m + - --v=10 + ports: + - containerPort: 6443 + volumeMounts: + - mountPath: /var/run/serving-cert + name: volume-serving-cert + readOnly: true + volumes: + - name: volume-serving-cert + secret: + secretName: cm-adapter-serving-certs diff --git a/deploy/manifests/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml b/deploy/manifests/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml new file mode 100644 index 00000000..8dd161f0 --- /dev/null +++ b/deploy/manifests/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: custom-metrics-resource-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: custom-metrics-resource-reader +subjects: +- kind: ServiceAccount + name: custom-metrics-apiserver + namespace: custom-metrics diff --git a/deploy/manifests/custom-metrics-apiserver-service-account.yaml b/deploy/manifests/custom-metrics-apiserver-service-account.yaml new file mode 100644 index 00000000..b833e758 --- /dev/null +++ b/deploy/manifests/custom-metrics-apiserver-service-account.yaml @@ -0,0 +1,5 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: custom-metrics-apiserver + namespace: custom-metrics diff --git a/deploy/manifests/custom-metrics-apiserver-service.yaml b/deploy/manifests/custom-metrics-apiserver-service.yaml new file mode 100644 index 00000000..c8f9344f --- /dev/null +++ b/deploy/manifests/custom-metrics-apiserver-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: custom-metrics-apiserver + namespace: custom-metrics +spec: + ports: + - port: 443 + targetPort: 6443 + selector: + app: custom-metrics-apiserver diff --git a/deploy/manifests/custom-metrics-apiservice.yaml b/deploy/manifests/custom-metrics-apiservice.yaml new file mode 100644 index 00000000..f3c50ee5 --- /dev/null +++ b/deploy/manifests/custom-metrics-apiservice.yaml @@ -0,0 +1,13 @@ +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + name: v1beta1.custom.metrics.k8s.io +spec: + service: + name: custom-metrics-apiserver + namespace: custom-metrics + group: custom.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: true + groupPriorityMinimum: 100 + versionPriority: 100 diff --git a/deploy/manifests/custom-metrics-cluster-role.yaml b/deploy/manifests/custom-metrics-cluster-role.yaml new file mode 100644 index 00000000..003f0bf1 --- /dev/null +++ b/deploy/manifests/custom-metrics-cluster-role.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: custom-metrics-server-resources +rules: +- apiGroups: + - custom.metrics.k8s.io + resources: ["*"] + verbs: ["*"] diff --git a/deploy/manifests/custom-metrics-resource-reader-cluster-role.yaml b/deploy/manifests/custom-metrics-resource-reader-cluster-role.yaml new file mode 100644 index 00000000..a5ad7604 --- /dev/null +++ b/deploy/manifests/custom-metrics-resource-reader-cluster-role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: custom-metrics-resource-reader +rules: +- apiGroups: + - "" + resources: + - namespaces + - pods + - services + verbs: + - get + - list diff --git a/deploy/manifests/hpa-custom-metrics-cluster-role-binding.yaml b/deploy/manifests/hpa-custom-metrics-cluster-role-binding.yaml new file mode 100644 index 00000000..530ebea5 --- /dev/null +++ b/deploy/manifests/hpa-custom-metrics-cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: hpa-controller-custom-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: custom-metrics-server-resources +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system