From f80d9b1ec37e9ce66d1328b2491437a5f2538c93 Mon Sep 17 00:00:00 2001
From: Lequn Chen <chenlequn22@gmail.com>
Date: Fri, 26 Oct 2018 14:40:05 -0700
Subject: [PATCH] support the Kubernetes Metrics Server

---
 .swp                                          | Bin 12288 -> 0 bytes
 README.md                                     |   4 ++
 Vagrantfile                                   |  17 ++++++++
 manifests/master-apiserver-rbac.yaml          |   7 ++++
 manifests/master-apiserver.yaml               |   7 ++++
 .../aggregated-metrics-reader.yaml            |  12 ++++++
 plugins/metrics-server/auth-delegator.yaml    |  13 ++++++
 plugins/metrics-server/auth-reader.yaml       |  14 +++++++
 .../metrics-server/metrics-apiservice.yaml    |  14 +++++++
 .../metrics-server-deployment.yaml            |  37 +++++++++++++++++
 .../metrics-server-service.yaml               |  15 +++++++
 plugins/metrics-server/resource-reader.yaml   |  38 ++++++++++++++++++
 12 files changed, 178 insertions(+)
 delete mode 100644 .swp
 create mode 100644 plugins/metrics-server/aggregated-metrics-reader.yaml
 create mode 100644 plugins/metrics-server/auth-delegator.yaml
 create mode 100644 plugins/metrics-server/auth-reader.yaml
 create mode 100644 plugins/metrics-server/metrics-apiservice.yaml
 create mode 100644 plugins/metrics-server/metrics-server-deployment.yaml
 create mode 100644 plugins/metrics-server/metrics-server-service.yaml
 create mode 100644 plugins/metrics-server/resource-reader.yaml

diff --git a/.swp b/.swp
deleted file mode 100644
index 1bac88c10a31bf01a9bf5bc84595bc33d4a51737..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12288
zcmeI&Jx;?g7zSXMjRg=~z`&fOEkjF3eufUEOH;8`PV%L-8rj8mT9t(ha0Sl7VYmnh
zZKO(cD<aEl$+6<d{@y%W6i3Z*f55wbixusxylmRXJ7Xe>ld|7-JJs~wG0t8*ySAB#
z{Mh;{VP{fJomM_2`Q8PXga8C;5I7ER+O1|;`1<OSUz~?EWI#y>KmY;|fB*y_009U<
zpe_NoXt1}U_|Y~%H8!^Q)mT?P)P(>9AOHafKmY;|fB*y_009U<;BWzvF!p)E*jLfZ
z|NqtZzdhZ~9bN)EKmY;|fB*y_009U<00Izz00jO+AP6lP8|<8B4<2YqnO=|y=6OU$
zkt6FZ#ncGpyjUC3){C>;Ix=3W%{&-yo~1IQUaQ^d@s%*DIOX2s3qwn(bITJ-rIJo+
z#dXT>hR>5xfABaAN0a+u_%te3SUw{|?C<k*ck+nLkVw}2CyU7BD<wSE%DUp!ey3vJ
D7`uRT

diff --git a/README.md b/README.md
index a2d15ec..7100311 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,10 @@ Most aspects of your cluster setup can be customized with environment variables.
 
    Defaults to `false`.
 
+ - **USE_METRICS_SERVER** defines whether to deploy or not the [Kubernetes Metrics Server](https://github.com/kubernetes-incubator/metrics-server)
+
+   Defaults to `false`.
+
  - **AUTHORIZATION_MODE** setting this to `RBAC` enables RBAC for the kubernetes cluster.
 
    Defaults to `AlwaysAllow`.
diff --git a/Vagrantfile b/Vagrantfile
index ad8ee86..ea01f84 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -122,6 +122,7 @@ DNS_DOMAIN = ENV["DNS_DOMAIN"] || "cluster.local"
 SERIAL_LOGGING = (ENV["SERIAL_LOGGING"].to_s.downcase == "true")
 GUI = (ENV["GUI"].to_s.downcase == "true")
 USE_KUBE_UI = (ENV["USE_KUBE_UI"].to_s.downcase == "true") || false
+USE_METRICS_SERVER = (ENV["USE_METRICS_SERVER"].to_s.downcase == "true") || false
 
 BOX_TIMEOUT_COUNT = (ENV["BOX_TIMEOUT_COUNT"] || 50).to_i
 
@@ -362,6 +363,18 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
             info "Kubernetes Dashboard will be available at http://#{MASTER_IP}:8080/ui/"
           end
+
+          if USE_METRICS_SERVER
+            info "Configuring Kubernetes Metrics Server..."
+
+            if OS.windows?
+              run_remote "/opt/bin/kubectl apply -f /home/core/metrics-server/"
+            else
+              system "kubectl apply -f plugins/metrics-server/"
+            end
+
+            info "Kubernetes Metrics Server will be available at http://#{MASTER_IP}:8080/apis/metrics.k8s.io/"
+          end
         end
 
         # copy setup files to master vm if host is windows
@@ -377,6 +390,10 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
             kHost.vm.provision :file, :source => File.join(File.dirname(__FILE__), "plugins/dashboard/dashboard-rbac.yaml"), :destination => "/home/core/dashboard-rbac.yaml"
             kHost.vm.provision :file, :source => File.join(File.dirname(__FILE__), "plugins/dashboard/dashboard.yaml"), :destination => "/home/core/dashboard.yaml"
           end
+
+          if USE_METRICS_SERVER
+            kHost.vm.provision :file, :source => File.join(File.dirname(__FILE__), "plugins/dashboard/metrics-server"), :destination => "/home/core/metrics-server"
+          end
         end
 
         # clean temp directory after master is destroyed
diff --git a/manifests/master-apiserver-rbac.yaml b/manifests/master-apiserver-rbac.yaml
index 428b416..330f4e5 100644
--- a/manifests/master-apiserver-rbac.yaml
+++ b/manifests/master-apiserver-rbac.yaml
@@ -24,6 +24,13 @@ spec:
       - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
       - --client-ca-file=/etc/kubernetes/ssl/ca.pem
       - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+      - --proxy-client-cert-file=/etc/kubernetes/ssl/apiserver.pem
+      - --proxy-client-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+      - --requestheader-allowed-names=
+      - --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
+      - --requestheader-extra-headers-prefix=X-Remote-Extra-
+      - --requestheader-group-headers=X-Remote-Group
+      - --requestheader-username-headers=X-Remote-User
       - --runtime-config=extensions/v1beta1=true,networking.k8s.io/v1,batch/v2alpha1=true,admissionregistration.k8s.io/v1alpha1=true
       - --authorization-mode=RBAC
     ports:
diff --git a/manifests/master-apiserver.yaml b/manifests/master-apiserver.yaml
index bd4f775..eee3b7d 100644
--- a/manifests/master-apiserver.yaml
+++ b/manifests/master-apiserver.yaml
@@ -24,6 +24,13 @@ spec:
       - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
       - --client-ca-file=/etc/kubernetes/ssl/ca.pem
       - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+      - --proxy-client-cert-file=/etc/kubernetes/ssl/apiserver.pem
+      - --proxy-client-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+      - --requestheader-allowed-names=
+      - --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
+      - --requestheader-extra-headers-prefix=X-Remote-Extra-
+      - --requestheader-group-headers=X-Remote-Group
+      - --requestheader-username-headers=X-Remote-User
     ports:
     - containerPort: 443
       hostPort: 443
diff --git a/plugins/metrics-server/aggregated-metrics-reader.yaml b/plugins/metrics-server/aggregated-metrics-reader.yaml
new file mode 100644
index 0000000..cdf3415
--- /dev/null
+++ b/plugins/metrics-server/aggregated-metrics-reader.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:aggregated-metrics-reader
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
diff --git a/plugins/metrics-server/auth-delegator.yaml b/plugins/metrics-server/auth-delegator.yaml
new file mode 100644
index 0000000..e3442c5
--- /dev/null
+++ b/plugins/metrics-server/auth-delegator.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
diff --git a/plugins/metrics-server/auth-reader.yaml b/plugins/metrics-server/auth-reader.yaml
new file mode 100644
index 0000000..f0616e1
--- /dev/null
+++ b/plugins/metrics-server/auth-reader.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
diff --git a/plugins/metrics-server/metrics-apiservice.yaml b/plugins/metrics-server/metrics-apiservice.yaml
new file mode 100644
index 0000000..08b0530
--- /dev/null
+++ b/plugins/metrics-server/metrics-apiservice.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100
diff --git a/plugins/metrics-server/metrics-server-deployment.yaml b/plugins/metrics-server/metrics-server-deployment.yaml
new file mode 100644
index 0000000..ad2abaf
--- /dev/null
+++ b/plugins/metrics-server/metrics-server-deployment.yaml
@@ -0,0 +1,37 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+      # mount in tmp so we can safely use from-scratch images and/or read-only containers
+      - name: tmp-dir
+        emptyDir: {}
+      containers:
+      - name: metrics-server
+        image: k8s.gcr.io/metrics-server-amd64:v0.3.1
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: tmp-dir
+          mountPath: /tmp
+
diff --git a/plugins/metrics-server/metrics-server-service.yaml b/plugins/metrics-server/metrics-server-service.yaml
new file mode 100644
index 0000000..082b00c
--- /dev/null
+++ b/plugins/metrics-server/metrics-server-service.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443
diff --git a/plugins/metrics-server/resource-reader.yaml b/plugins/metrics-server/resource-reader.yaml
new file mode 100644
index 0000000..34294a3
--- /dev/null
+++ b/plugins/metrics-server/resource-reader.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  - nodes/stats
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - "extensions"
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system