diff --git a/docs/helm/Chart.yaml b/docs/helm/Chart.yaml new file mode 100644 index 00000000..5dc1d846 --- /dev/null +++ b/docs/helm/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: kube-metrics-adapter +version: 0.1.9 +description: kube-metrics-adapter helm chart +home: https://github.com/zalando-incubator/kube-metrics-adapter +maintainers: + - name: The Zalando Incubator + email: opensource@zalando.de + url: https://github.com/zalando-incubator diff --git a/docs/helm/templates/custom-metrics-apiservice.yaml b/docs/helm/templates/custom-metrics-apiservice.yaml new file mode 100644 index 00000000..58afc4e6 --- /dev/null +++ b/docs/helm/templates/custom-metrics-apiservice.yaml @@ -0,0 +1,15 @@ +{{- if .Values.enableCustomMetricsApi }} +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + name: v1beta1.custom.metrics.k8s.io +spec: + service: + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} + group: custom.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ .Values.tls.skipTLSVerify }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end}} \ No newline at end of file diff --git a/docs/helm/templates/deployment.yaml b/docs/helm/templates/deployment.yaml new file mode 100644 index 00000000..ef0d007e --- /dev/null +++ b/docs/helm/templates/deployment.yaml @@ -0,0 +1,191 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} + labels: + application: kube-metrics-adapter + version: {{ .Values.registry.imageTag }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + application: kube-metrics-adapter + template: + metadata: + labels: + application: kube-metrics-adapter + version: {{ .Values.registry.imageTag }} + spec: + serviceAccountName: kube-metrics-adapter + containers: + - name: kube-metrics-adapter + image: {{ .Values.registry.image}}:{{ .Values.registry.imageTag }} + args: + {{- if .Values.addDirectoryHeader }} + - --add_dir_header={{ .Values.addDirectoryHeader }} + {{- end}} + {{- if .Values.log.alsoToStderr }} + - --alsologtostderr={{ .Values.log.alsoToStderr }} + {{- end}} + {{- if .Values.authentication.kubeConfig }} + - --authentication-kubeconfig={{ .Values.authentication.kubeConfig }} + {{- end}} + {{- if .Values.authentication.skipLookup }} + - --authentication-skip-lookup={{ .Values.authentication.skipLookup }} + {{- end}} + {{- if .Values.authentication.tokenWebhookCacheTtl }} + - --authentication-token-webhook-cache-ttl={{ .Values.authentication.tokenWebhookCacheTtl }} + {{- end}} + {{- if .Values.authentication.tolerateLookupFailure }} + - --authentication-tolerate-lookup-failure={{ .Values.authentication.tolerateLookupFailure }} + {{- end}} + {{- if .Values.authorization.alwaysAllowPaths }} + - --authorization-always-allow-paths={{ .Values.authorization.alwaysAllowPaths }} + {{- end}} + {{- if .Values.authorization.kubeConfig }} + - --authorization-kubeconfig={{ .Values.authorization.kubeConfig }} + {{- end}} + {{- if .Values.authorization.webhookCache.authorizedTtl }} + - --authorization-webhook-cache-authorized-ttl={{ .Values.authorization.webhookCache.authorizedTtl }} + {{- end}} + {{- if .Values.authorization.webhookCache.unauthorizedTtl }} + - --authorization-webhook-cache-unauthorized-ttl={{ .Values.authorization.webhookCache.unauthorizedTtl }} + {{- end}} + {{- if .Values.aws.externalMetrics }} + - --aws-external-metrics={{ .Values.aws.externalMetrics }} + {{- end}} + {{- if .Values.aws.region }} + - --aws-region={{ .Values.aws.region }} + {{- end}} + {{- if .Values.tls.certificateDirectory }} + - --cert-dir={{ .Values.tls.certificateDirectory }} + {{- end}} + {{- if .Values.tls.clientCaFile }} + - --client-ca-file={{ .Values.tls.clientCaFile }} + {{- end}} + {{- if .Values.contentionProfiling }} + - --contention-profiling={{ .Values.contentionProfiling }} + {{- end}} + {{- if .Values.credentialsDirectory }} + - --credentials-dir={{ .Values.credentialsDirectory }} + {{- end}} + {{- if .Values.disregardIncompatibleHPAs }} + - --disregard-incompatible-hpas={{ .Values.disregardIncompatibleHPAs }} + {{- end}} + {{- if .Values.enableCustomMetricsApi }} + - --enable-custom-metrics-api={{ .Values.enableCustomMetricsApi }} + {{- end}} + {{- if .Values.enableExternalMetricsApi }} + - --enable-external-metrics-api={{ .Values.enableExternalMetricsApi }} + {{- end}} + {{- if .Values.http2MaxStreamsPerConnection }} + - --http2-max-streams-per-connection={{ .Values.http2MaxStreamsPerConnection }} + {{- end}} + {{- if .Values.influxDB.address }} + - --influxdb-address={{ .Values.influxDB.address }} + {{- end}} + {{- if .Values.influxDB.organization }} + - --influxdb-org={{ .Values.influxDB.organization }} + {{- end}} + {{- if .Values.influxDB.token }} + - --influxdb-token={{ .Values.influxDB.token }} + {{- end}} + {{- if .Values.listerKubeConfig }} + - --lister-kubeconfig={{ .Values.listerKubeConfig }} + {{- end}} + {{- if .Values.log.flushFrequency }} + - --log-flush-frequency={{ .Values.log.flushFrequency }} + {{- end}} + {{- if .Values.log.backtraceAtTraceLocation }} + - --log_backtrace_at={{ .Values.log.backtraceAtTraceLocation }} + {{- end}} + {{- if .Values.log.directory }} + - --log_dir={{ .Values.log.directory }} + {{- end}} + {{- if .Values.log.file }} + - --log_file={{ .Values.log.file }} + {{- end}} + {{- if .Values.log.fileMaxSize }} + - --log_file_max_size={{ .Values.log.fileMaxSize }} + {{- end}} + {{- if .Values.log.toStderr }} + - --logtostderr={{ .Values.log.toStderr }} + {{- end}} + {{- if .Values.prometheus.metricsAddress }} + - --metrics-address={{ .Values.prometheus.metricsAddress }} + {{- end}} + {{- if .Values.profiling }} + - --profiling={{ .Values.profiling }} + {{- end}} + {{- if .Values.prometheus.server }} + - --prometheus-server={{ .Values.prometheus.server }} + {{- end}} + {{- if .Values.requestHeader.allowedNames }} + - --requestheader-allowed-names={{ .Values.requestHeader.allowedNames }} + {{- end}} + {{- if .Values.requestHeader.clientCaFile }} + - --requestheader-client-ca-file={{ .Values.requestHeader.clientCaFile }} + {{- end}} + {{- if .Values.requestHeader.extraHeadersPrefix }} + - --requestheader-extra-headers-prefix={{ .Values.requestHeader.extraHeadersPrefix }} + {{- end}} + {{- if .Values.requestHeader.groupHeaders }} + - --requestheader-group-headers={{ .Values.requestHeader.groupHeaders }} + {{- end}} + {{- if .Values.requestHeader.usernameHeaders }} + - --requestheader-username-headers={{ .Values.requestHeader.usernameHeaders }} + {{- end}} + - --secure-port={{ .Values.service.internalPort }} + {{- if .Values.log.skipHeaders }} + - --skip_headers={{ .Values.log.skipHeaders }} + {{- end}} + {{- if .Values.log.skipLogHeaders }} + - --skip_log_headers={{ .Values.log.skipLogHeaders }} + {{- end}} + {{- if .Values.skipperBackendsAnnotation }} + - --skipper-backends-annotation={{ .Values.skipperBackendsAnnotation }} + {{- end}} + {{- if .Values.skipperIngressMetrics }} + - --skipper-ingress-metrics={{ .Values.skipperIngressMetrics }} + {{- end}} + {{- if .Values.log.stderrThreshold }} + - --stderrthreshold={{ .Values.log.stderrThreshold }} + {{- end}} + {{- if .Values.tls.certFile }} + - --tls-cert-file={{ .Values.tls.certFile }} + {{- end}} + {{- if .Values.tls.cipherSuites }} + - --tls-cipher-suites={{ .Values.tls.cipherSuites }} + {{- end}} + {{- if .Values.tls.minVersion }} + - --tls-min-version={{ .Values.tls.minVersion }} + {{- end}} + {{- if .Values.tls.privateKeyFile }} + - --tls-private-key-file={{ .Values.tls.privateKeyFile }} + {{- end}} + {{- if .Values.tls.sniCertKey }} + - --tls-sni-cert-key={{ .Values.tls.sniCertKey }} + {{- end}} + {{- if .Values.token }} + - --token={{ .Values.token }} + {{- end}} + {{- if .Values.log.level }} + - --v={{ .Values.log.level }} + {{- end}} + {{- if .Values.vmodule }} + - --vmodule={{ .Values.vmodule }} + {{- end}} + {{- if .Values.zmon.kariosdbEndpoint }} + - --zmon-kariosdb-endpoint={{ .Values.zmon.kariosdbEndpoint }} + {{- end}} + {{- if .Values.zmon.tokenName }} + - --zmon-token-name={{ .Values.zmon.tokenName }} + {{- end}} + resources: + limits: + cpu: {{ .Values.resources.limits.cpu }} + memory: {{ .Values.resources.limits.memory }} + requests: + cpu: {{ .Values.resources.requests.cpu }} + memory: {{ .Values.resources.requests.memory }} diff --git a/docs/helm/templates/external-metrics-apiservice.yaml b/docs/helm/templates/external-metrics-apiservice.yaml new file mode 100644 index 00000000..47aca58c --- /dev/null +++ b/docs/helm/templates/external-metrics-apiservice.yaml @@ -0,0 +1,15 @@ +{{- if .Values.enableExternalMetricsApi }} +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + name: v1beta1.external.metrics.k8s.io +spec: + service: + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} + group: external.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ .Values.tls.skipTLSVerify }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end}} diff --git a/docs/helm/templates/rbac.yaml b/docs/helm/templates/rbac.yaml new file mode 100644 index 00000000..29433dc7 --- /dev/null +++ b/docs/helm/templates/rbac.yaml @@ -0,0 +1,154 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-metrics-adapter-server-resources +rules: +- apiGroups: + - custom.metrics.k8s.io + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-metrics-server-resources +rules: +- apiGroups: + - external.metrics.k8s.io + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-metrics-adapter-resource-reader +rules: +- apiGroups: + - "" + resources: + - namespaces + - pods + - services + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-metrics-adapter-resource-collector +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - list +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - get +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: hpa-controller-custom-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-metrics-adapter-server-resources +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: hpa-controller-external-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-metrics-server-resources +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kube-metrics-adapter-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: custom-metrics:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-metrics-adapter-resource-collector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-metrics-adapter-resource-collector +subjects: +- kind: ServiceAccount + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-metrics-adapter-resource-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-metrics-adapter-resource-reader +subjects: +- kind: ServiceAccount + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} diff --git a/docs/helm/templates/service-account.yaml b/docs/helm/templates/service-account.yaml new file mode 100644 index 00000000..1220c0ea --- /dev/null +++ b/docs/helm/templates/service-account.yaml @@ -0,0 +1,5 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} diff --git a/docs/helm/templates/service.yaml b/docs/helm/templates/service.yaml new file mode 100644 index 00000000..26327152 --- /dev/null +++ b/docs/helm/templates/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: kube-metrics-adapter + namespace: {{ .Values.namespace }} +spec: + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.internalPort }} + selector: + application: kube-metrics-adapter diff --git a/docs/helm/values.yaml b/docs/helm/values.yaml new file mode 100644 index 00000000..9d71b624 --- /dev/null +++ b/docs/helm/values.yaml @@ -0,0 +1,94 @@ +namespace: kube-system + +replicas: 1 + +registry: + image: registry.opensource.zalan.do/teapot/kube-metrics-adapter + imageTag: v0.1.9 + imagePullPolicy: IfNotPresent + +service: + port: 443 + internalPort: 443 + +addDirectoryHeader: +contentionProfiling: +profiling: +enableCustomMetricsApi: +enableExternalMetricsApi: +credentialsDirectory: +disregardIncompatibleHPAs: +http2MaxStreamsPerConnection: +listerKubeConfig: +skipperBackendsAnnotation: +skipperIngressMetrics: +token: +vmodule: + +authentication: + kubeConfig: + skipLookup: + tokenWebhookCacheTtl: + tolerateLookupFailure: + +authorization: + kubeConfig: + alwaysAllowPaths: + webhookCache: + authorizedTtl: + unauthorizedTtl: + +aws: + externalMetrics: + region: + +influxDB: + address: + organization: + token: + +log: + alsoToStderr: + toStderr: + flushFrequency: + backtraceAtTraceLocation: + directory: + file: + fileMaxSize: + level: + stderrThreshold: + skipHeaders: + skipLogHeaders: + +prometheus: + server: http://prometheus.kube-system.svc.cluster.local + metricsAddress: + +requestHeader: + allowedNames: + clientCaFile: + extraHeadersPrefix: + groupHeaders: + usernameHeaders: + +tls: + skipTLSVerify: true + certificateDirectory: + clientCaFile: + certFile: + cipherSuites: + minVersion: + privateKeyFile: + sniCertKey: + +zmon: + kariosdbEndpoint: + tokenName: + +resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 100m + memory: 100Mi