Merge pull request #327 from linkernetworks/johnlin/metrics-and-ovs

[Task] autoscalar and openvswitch-exec

deploy/helm/apps/charts/metrics-server/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

deploy/helm/apps/charts/metrics-server/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: metrics-server
+version: 0.1.0

deploy/helm/apps/charts/metrics-server/templates/auth-delegator.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system

deploy/helm/apps/charts/metrics-server/templates/auth-reader.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system

deploy/helm/apps/charts/metrics-server/templates/metrics-apiservice.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100

deploy/helm/apps/charts/metrics-server/templates/metrics-server-deployment.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+      # mount in tmp so we can safely use from-scratch images and/or read-only containers
+      - name: tmp-dir
+        emptyDir: {}
+      containers:
+      - name: metrics-server
+        image: k8s.gcr.io/metrics-server-amd64:v0.3.1
+        command:
+          - /metrics-server
+          - --kubelet-insecure-tls
+          - --kubelet-preferred-address-types=InternalIP
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: tmp-dir
+          mountPath: /tmp
+        resources:
+          requests:
+            cpu: {{ .Values.controller.cpu }}
+

deploy/helm/apps/charts/metrics-server/templates/metrics-server-service.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443

deploy/helm/apps/charts/metrics-server/templates/resource-reader.yaml

@@ -0,0 +1,38 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  - nodes/stats
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - "extensions"
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system

deploy/helm/apps/charts/openvswitch-exec/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

deploy/helm/apps/charts/openvswitch-exec/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: openvswitch-exec
+version: 0.1.0

deploy/helm/apps/charts/openvswitch-exec/templates/daemonset.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: openvswitch-exec
+  namespace: vortex
+spec:
+  selector:
+    matchLabels:
+      name: openvswitch-exec
+  template:
+    metadata:
+      labels:
+        name: openvswitch-exec
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      containers:
+      - name: openvswitch-exec
+        image: sdnvortex/openvswitch-exec:{{ .Values.controller.imageTag }}
+        command: ["tail"]
+        args: ["-f", "/etc/hostname"]
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /var/run/openvswitch/db.sock
+          name: ovs-sock
+        resources:
+          requests:
+            cpu: {{ .Values.controller.cpu }}
+      volumes:
+      - name: ovs-sock #since the UNIX version only add-port, the db.sock is enough
+        hostPath:
+          path: /run/openvswitch/db.sock

deploy/helm/config/development.yaml

@@ -20,14 +20,23 @@ apps:
       imageTag: v0.4.8
       tcpCPU: 50m
       unixCPU: 50m
+  # vortex/deploy/helm/apps/charts/openvswitch-exec
+  openvswitch-exec:
+    controller:
+      imageTag: latest
+      cpu: 10m
+  # vortex/deploy/helm/apps/charts/metrics-server
+  metrics-server:
+    controller:
+      cpu: 30m
   # vortex/deploy/helm/apps/charts/prometheus
   prometheus:
     controller:
       replicaCount: 1
       imageTag: v2.2.1
       scrapeInterval: 5s
       retention: 24h
-      cpu: 50m
+      cpu: 30m
     service:
       nodePort: true
     # vortex/deploy/helm/apps/charts/prometheus/charts/alertmanager

deploy/helm/config/production.yaml

@@ -20,6 +20,15 @@ apps:
       imageTag: v0.4.8
       tcpCPU: 100m
       unixCPU: 100m
+  # vortex/deploy/helm/apps/charts/openvswitch-exec
+  openvswitch-exec:
+    controller:
+      imageTag: latest
+      cpu: 10m
+  # vortex/deploy/helm/apps/charts/metrics-server
+  metrics-server:
+    controller:
+      cpu: 100m
   # vortex/deploy/helm/apps/charts/prometheus
   prometheus:
     controller:

deploy/helm/config/testing.yaml

@@ -20,6 +20,15 @@ apps:
       imageTag: v0.4.8
       tcpCPU: 50m
       unixCPU: 50m
+  # vortex/deploy/helm/apps/charts/openvswitch-exec
+  openvswitch-exec:
+    controller:
+      imageTag: latest
+      cpu: 10m
+  # vortex/deploy/helm/apps/charts/metrics-server
+  metrics-server:
+    controller:
+      cpu: 10m
   # vortex/deploy/helm/apps/charts/prometheus
   prometheus:
     controller:

deploy/kubernetes/apps/monitoring/metrics-server/auth-delegator.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system

deploy/kubernetes/apps/monitoring/metrics-server/auth-reader.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system

deploy/kubernetes/apps/monitoring/metrics-server/metrics-apiservice.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100

deploy/kubernetes/apps/monitoring/metrics-server/metrics-server-deployment.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+      # mount in tmp so we can safely use from-scratch images and/or read-only containers
+      - name: tmp-dir
+        emptyDir: {}
+      containers:
+      - name: metrics-server
+        image: k8s.gcr.io/metrics-server-amd64:v0.3.1
+        command:
+          - /metrics-server
+          - --kubelet-insecure-tls
+          - --kubelet-preferred-address-types=InternalIP
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: tmp-dir
+          mountPath: /tmp
+        resources:
+          requests:
+            cpu: 10m
+

deploy/kubernetes/apps/monitoring/metrics-server/metrics-server-service.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443