easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

metric server集成配置

pull/243/merge
gjmzj 2018-06-17 10:46:25 +08:00
parent 93f72599a9
commit 1b4864b669
9 changed files with 144 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
manifests/metric-server/auth-delegator.yaml 100644
View File

@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system

14
manifests/metric-server/auth-reader.yaml 100644
View File

@ -0,0 +1,14 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system

14
manifests/metric-server/metrics-apiservice.yaml 100644
View File

@ -0,0 +1,14 @@
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100

33
manifests/metric-server/metrics-server-deployment.yaml 100644
View File

@ -0,0 +1,33 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
containers:
- name: metrics-server
#image: gcr.io/google_containers/metrics-server-amd64:v0.2.1
image: mirrorgooglecontainers/metrics-server-amd64:v0.2.1
imagePullPolicy: Always
command:
- /metrics-server
- --source=kubernetes.summary_api:''

15
manifests/metric-server/metrics-server-service.yaml 100644
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: "Metrics-server"
spec:
selector:
k8s-app: metrics-server
ports:
- port: 443
protocol: TCP
targetPort: 443

38
manifests/metric-server/resource-reader.yaml 100644
View File

@ -0,0 +1,38 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- deployments
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system

8
roles/kube-master/templates/kube-apiserver-v1.8.service.j2
View File

@ -34,6 +34,14 @@ ExecStart={{ bin_dir }}/kube-apiserver \
--audit-log-maxsize=100 \ --audit-log-maxsize=100 \
--audit-log-path=/var/lib/audit.log \ --audit-log-path=/var/lib/audit.log \
--event-ttl=1h \ --event-ttl=1h \
--requestheader-client-ca-file={{ ca_dir }}/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file={{ ca_dir }}/admin.pem \
--proxy-client-key-file={{ ca_dir }}/admin-key.pem \
--enable-aggregator-routing=true \
--v=2 --v=2
Restart=on-failure Restart=on-failure
RestartSec=5 RestartSec=5

8
roles/kube-master/templates/kube-apiserver.service.j2
View File

@ -34,6 +34,14 @@ ExecStart={{ bin_dir }}/kube-apiserver \
--audit-log-maxsize=100 \ --audit-log-maxsize=100 \
--audit-log-path=/var/lib/audit.log \ --audit-log-path=/var/lib/audit.log \
--event-ttl=1h \ --event-ttl=1h \
--requestheader-client-ca-file={{ ca_dir }}/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file={{ ca_dir }}/admin.pem \
--proxy-client-key-file={{ ca_dir }}/admin-key.pem \
--enable-aggregator-routing=true \
--v=2 --v=2
Restart=on-failure Restart=on-failure
RestartSec=5 RestartSec=5

2
roles/kube-master/templates/kube-controller-manager.service.j2
View File

@ -14,7 +14,7 @@ ExecStart={{ bin_dir }}/kube-controller-manager \
--cluster-signing-key-file={{ ca_dir }}/ca-key.pem \ --cluster-signing-key-file={{ ca_dir }}/ca-key.pem \
--service-account-private-key-file={{ ca_dir }}/ca-key.pem \ --service-account-private-key-file={{ ca_dir }}/ca-key.pem \
--root-ca-file={{ ca_dir }}/ca.pem \ --root-ca-file={{ ca_dir }}/ca.pem \
--horizontal-pod-autoscaler-use-rest-clients=false \ --horizontal-pod-autoscaler-use-rest-clients=true \
--leader-elect=true \ --leader-elect=true \
--v=2 --v=2
Restart=on-failure Restart=on-failure