From d1f1224d6df1cdb9ee249c1d6fc5ef116d67a9fe Mon Sep 17 00:00:00 2001 From: Gabi Davar Date: Thu, 4 Aug 2022 14:51:32 +0000 Subject: [PATCH] Merged in dev/gabi/MPC-6612_add_metrics_server (pull request #811) MPC-6612 Add metrics-server * MPC-6612 Add metrics-server Approved-by: Maxime Tremblay --- aws/ams-cluster-v1-tf/eks.tf | 15 +++ .../helm-charts/metrics-server/.helmignore | 23 ++++ .../helm-charts/metrics-server/Chart.yaml | 7 ++ .../metrics-server/templates/_helpers.tpl | 62 +++++++++++ .../metrics-server/templates/apiservice.yaml | 16 +++ .../metrics-server/templates/deployment.yaml | 71 +++++++++++++ .../metrics-server/templates/rbac.yaml | 100 ++++++++++++++++++ .../templates/service-monitor.yaml | 23 ++++ .../metrics-server/templates/service.yaml | 14 +++ .../helm-charts/metrics-server/values.yaml | 4 + 10 files changed, 335 insertions(+) create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/.helmignore create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/Chart.yaml create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/_helpers.tpl create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/apiservice.yaml create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/deployment.yaml create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/rbac.yaml create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service-monitor.yaml create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service.yaml create mode 100644 aws/ams-cluster-v1-tf/helm-charts/metrics-server/values.yaml diff --git a/aws/ams-cluster-v1-tf/eks.tf b/aws/ams-cluster-v1-tf/eks.tf index 774a688a733f80..dd7f2363c95c3d 100644 --- a/aws/ams-cluster-v1-tf/eks.tf +++ b/aws/ams-cluster-v1-tf/eks.tf @@ -20,6 +20,7 @@ locals { ingress_nginx = "4.0.10" grafana_agent_operator = "0.1.5" kube_state_metrics = "4.4.1" + metrics_server = "0.6.1-1" node_exporter = "3.0.1" cloudwatch_exporter = "0.14.3-1" redis_exporter = "1.43.0-1" @@ -836,6 +837,20 @@ depends_on = [ ] } +resource "helm_release" "metrics_server" { + chart = "helm-charts/metrics-server" + name = "metrics-server" + version = local.helm_charts_versions.metrics_server + wait = true + atomic = true + max_history = 10 + values = [] + + depends_on = [ + module.eks + ] +} + resource "helm_release" "node_exporter" { repository = "https://prometheus-community.github.io/helm-charts" chart = "prometheus-node-exporter" diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/.helmignore b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/.helmignore new file mode 100644 index 00000000000000..0e8a0eb36f4ca2 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/Chart.yaml b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/Chart.yaml new file mode 100644 index 00000000000000..d3ba5cc5a81fc1 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: metrics-server +description: A minimalistic metrics-server chart for Kubernetes +version: 0.6.1-1 +maintainers: +- name: Engageli DevOps + email: devops@engageli.com diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/_helpers.tpl b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/_helpers.tpl new file mode 100644 index 00000000000000..a1ab9dc9aa0f45 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "metrics-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "metrics-server.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "metrics-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "metrics-server.labels" -}} +helm.sh/chart: {{ include "metrics-server.chart" . }} +{{ include "metrics-server.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "metrics-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "metrics-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "metrics-server.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "metrics-server.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/apiservice.yaml b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/apiservice.yaml new file mode 100644 index 00000000000000..a5b791ea3dbb03 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/apiservice.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + app: metrics-server + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/deployment.yaml b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/deployment.yaml new file mode 100644 index 00000000000000..8774fbeeeabee3 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metrics-server + name: metrics-server + namespace: kube-system +spec: + selector: + matchLabels: + app: metrics-server + replicas: 1 + template: + metadata: + labels: + app: metrics-server + spec: + enableServiceLinks: false + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + containers: + - name: metrics-server + image: {{ $.Values.image.repository }}:v{{ $.Values.image.tag | default ($.Chart.Version | split "-")._0 }} + args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --profiling=false + - --metric-resolution=15s + env: + - name: GOMAXPROCS + value: "1" + ports: + - containerPort: 4443 + name: https + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: "1" + memory: 64Mi + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + volumes: + - emptyDir: {} + name: tmp-dir diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/rbac.yaml b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/rbac.yaml new file mode 100644 index 00000000000000..b5f6788219c722 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/rbac.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metrics-server + name: metrics-server + namespace: kube-system +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metrics-server + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metrics-server + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metrics-server + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system + \ No newline at end of file diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service-monitor.yaml b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service-monitor.yaml new file mode 100644 index 00000000000000..8895f6cb02fe84 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service-monitor.yaml @@ -0,0 +1,23 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: metrics-server + name: metrics-server + namespace: kube-system +spec: + endpoints: + - port: https + scheme: https + tlsConfig: + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + namespaceSelector: + matchNames: + - kube-system + selector: + matchExpressions: + - key: app + operator: In + values: + - metrics-server diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service.yaml b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service.yaml new file mode 100644 index 00000000000000..26ba6ef39dc61c --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metrics-server + name: metrics-server + namespace: kube-system +spec: + ports: + - name: https + port: 443 + targetPort: https + selector: + app: metrics-server diff --git a/aws/ams-cluster-v1-tf/helm-charts/metrics-server/values.yaml b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/values.yaml new file mode 100644 index 00000000000000..2186a3a79d3dc7 --- /dev/null +++ b/aws/ams-cluster-v1-tf/helm-charts/metrics-server/values.yaml @@ -0,0 +1,4 @@ +image: + repository: k8s.gcr.io/metrics-server/metrics-server + # Overrides the image tag whose default is the chart appVersion. + tag: ""