From f990473cde82eebc43150c04ff9de1c68a4562b6 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 8 Apr 2018 15:42:45 -0700 Subject: [PATCH] Update control plane manifests and add etcd metrics * Enable etcd v3.3 metrics to expose metrics for scraping by Prometheus * Use k8s.gcr.io instead of gcr.io/google_containers * Add flexvolume plugin mount to controller manager * Update kube-dns from v1.14.8 to v1.14.9 --- aws/fedora-atomic/kubernetes/bootkube.tf | 2 +- .../kubernetes/cloudinit/controller.yaml.tmpl | 3 ++- aws/fedora-atomic/kubernetes/security.tf | 10 ++++++++++ bare-metal/fedora-atomic/kubernetes/bootkube.tf | 2 +- .../kubernetes/cloudinit/controller.yaml.tmpl | 3 ++- digital-ocean/fedora-atomic/kubernetes/bootkube.tf | 2 +- .../kubernetes/cloudinit/controller.yaml.tmpl | 3 ++- 7 files changed, 19 insertions(+), 6 deletions(-) diff --git a/aws/fedora-atomic/kubernetes/bootkube.tf b/aws/fedora-atomic/kubernetes/bootkube.tf index 02bd15a8..b8117969 100644 --- a/aws/fedora-atomic/kubernetes/bootkube.tf +++ b/aws/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] diff --git a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl index 16029ea7..091f5b9b 100644 --- a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl +++ b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl @@ -8,6 +8,7 @@ write_files: ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380 ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379 ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380 + ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381 ETCD_INITIAL_CLUSTER=${etcd_initial_cluster} ETCD_STRICT_RECONFIG_CHECK=true ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt @@ -91,7 +92,7 @@ bootcmd: - [setenforce, Permissive] runcmd: - [systemctl, daemon-reload] - - "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f" + - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - [systemctl, start, --no-block, etcd.service] - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - [systemctl, start, --no-block, kubelet.service] diff --git a/aws/fedora-atomic/kubernetes/security.tf b/aws/fedora-atomic/kubernetes/security.tf index 8c71da6b..9c729c95 100644 --- a/aws/fedora-atomic/kubernetes/security.tf +++ b/aws/fedora-atomic/kubernetes/security.tf @@ -51,6 +51,16 @@ resource "aws_security_group_rule" "controller-etcd" { self = true } +resource "aws_security_group_rule" "controller-etcd-metrics" { + security_group_id = "${aws_security_group.controller.id}" + + type = "ingress" + protocol = "tcp" + from_port = 2381 + to_port = 2381 + source_security_group_id = "${aws_security_group.worker.id}" +} + resource "aws_security_group_rule" "controller-flannel" { security_group_id = "${aws_security_group.controller.id}" diff --git a/bare-metal/fedora-atomic/kubernetes/bootkube.tf b/bare-metal/fedora-atomic/kubernetes/bootkube.tf index eb115699..338d9b55 100644 --- a/bare-metal/fedora-atomic/kubernetes/bootkube.tf +++ b/bare-metal/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" cluster_name = "${var.cluster_name}" api_servers = ["${var.k8s_domain_name}"] diff --git a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl index b4977f97..03923a98 100644 --- a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl +++ b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl @@ -8,6 +8,7 @@ write_files: ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${domain_name}:2380 ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379 ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380 + ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381 ETCD_INITIAL_CLUSTER=${etcd_initial_cluster} ETCD_STRICT_RECONFIG_CHECK=true ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt @@ -96,7 +97,7 @@ bootcmd: - [setenforce, Permissive] runcmd: - [systemctl, daemon-reload] - - "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f" + - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - [systemctl, start, --no-block, etcd.service] - [hostnamectl, set-hostname, ${domain_name}] - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" diff --git a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf index efeefce7..d7e2106c 100644 --- a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf +++ b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] diff --git a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl index 78a1a806..3441ba48 100644 --- a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl +++ b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl @@ -8,6 +8,7 @@ write_files: ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380 ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379 ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380 + ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381 ETCD_INITIAL_CLUSTER=${etcd_initial_cluster} ETCD_STRICT_RECONFIG_CHECK=true ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt @@ -110,7 +111,7 @@ bootcmd: - [setenforce, Permissive] runcmd: - [systemctl, daemon-reload] - - "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f" + - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - [systemctl, start, --no-block, etcd.service] - [systemctl, enable, cloud-metadata.service] - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"