Split metrics-server into its own playbook/role

This splits metrics-server off into its own playbook and role, so that
it can easily be installed separately (e.g. as part of pre-upgrade setup),
independently of Heapster, Hawkular, or other monitoring stacks.

inventory/hosts.example

@@ -548,6 +548,11 @@ debug_level=2
 # By default metrics are not automatically deployed, set this to enable them
 #openshift_metrics_install_metrics=true
 #
+# metrics-server deployment
+# By default, metrics-server is not automatically deployed.  Deploying metrics-server
+# is necessary to use the HorizontalPodAutoscaler.  Set this to enable it.
+#openshift_metrics_server_install=true
+#
 # Storage Options
 # If openshift_metrics_storage_kind is unset then metrics will be stored
 # in an EmptyDir volume and will be deleted when the cassandra pod terminates.

playbooks/common/private/components.yml

@@ -28,6 +28,10 @@
 - import_playbook: ../../openshift-metrics/private/config.yml
   when: openshift_metrics_install_metrics | default(false) | bool
 
+- import_playbook: ../../metrics-server/private/config.yml
+  # a default is set on the actual variable in the role, so no fancy logic is needed here
+  when: openshift_metrics_server_install | default(true) | bool
+
 - import_playbook: ../../openshift-logging/private/config.yml
   when: openshift_logging_install_logging | default(false) | bool
 

playbooks/metrics-server/OWNERS

@@ -0,0 +1,20 @@
+# approval == this is a good idea /approve
+approvers:
+  - ewolinetz
+  - michaelgugino
+  - mtnbikenc
+  - sdodson
+  - vrutkovs
+  - sross
+  - brancz
+  - frobware
+# review == this code is good /lgtm
+reviewers:
+  - ewolinetz
+  - michaelgugino
+  - mtnbikenc
+  - sdodson
+  - vrutkovs
+  - sross
+  - brancz
+  - frobware

playbooks/metrics-server/config.yml

@@ -0,0 +1,9 @@
+---
+- import_playbook: ../init/main.yml
+  vars:
+    l_init_fact_hosts: "oo_masters_to_config"
+    l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master"
+    l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}"
+
+
+- import_playbook: private/config.yml

playbooks/metrics-server/private/config.yml

@@ -0,0 +1,31 @@
+---
+- name: metrics-server Install Checkpoint Start
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set metrics-server install 'In Progress'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_metrics_server:
+          title: "metrics-server Install"
+          playbook: "playbooks/metrics-server/config.yml"
+          status: "In Progress"
+          start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
+
+- name: OpenShift metrics-server
+  hosts: oo_first_master
+  roles:
+  - role: metrics_server
+
+- name: metrics-server Install Checkpoint End
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set metrics-server install 'Complete'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_metrics_service:
+          status: "Complete"
+          end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"

playbooks/metrics-server/private/roles

@@ -0,0 +1 @@
+../../../roles

roles/metrics_server/OWNERS

@@ -0,0 +1,10 @@
+# approval == this is a good idea /approve
+approvers:
+  - sross
+  - frobware
+  - brancz
+# review == this code is good /lgtm
+reviewers:
+  - sross
+  - frobware
+  - brancz

roles/metrics_server/README.md

@@ -0,0 +1,42 @@
+OpenShift metrics-server
+========================
+
+OpenShift metrics-server Installation
+
+Requirements
+------------
+The following variables need to be set and will be validated:
+
+- `openshift_metrics_server_project`: project (i.e. namespace) where the
+  components will be deployed.
+
+Role Variables
+--------------
+
+- `openshift_metrics_server_resolution`: How often metrics should be
+  gathered.
+
+Dependencies
+------------
+openshift_facts
+
+
+Example Playbook
+----------------
+
+```
+- name: Configure openshift-metrics-server
+  hosts: oo_first_master
+  roles:
+  - role: openshift_metrics_server
+```
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Solly Ross <sross@redhat.com>

roles/metrics_server/defaults/main.yaml

@@ -0,0 +1,15 @@
+---
+openshift_metrics_server_image: "{{ l_os_registry_url | regex_replace('${component}' | regex_escape, 'metrics-server') }}"
+
+# if the user has metrics turned on, don't break existing installations by not installing metrics-server,
+# and behave sanely for new installations by default.
+openshift_metrics_server_install: "{{ openshift_metrics_install_metrics | default(False) }}"
+openshift_metrics_server_resolution: 30s
+openshift_metrics_server_project: openshift-monitoring
+
+#####
+# Caution should be taken for the following defaults before
+# overriding the values here
+#####
+
+openshift_metrics_server_master_url: https://kubernetes.default.svc

roles/metrics_server/meta/main.yaml

@@ -0,0 +1,21 @@
+---
+galaxy_info:
+  author: OpenShift Development <dev@lists.openshift.redhat.com>
+  description: Deploy OpenShift metrics-server
+  company: Red Hat, Inc.
+  license: license (Apache)
+  min_ansible_version: 2.2
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  - name: Fedora
+    versions:
+    - all
+  categories:
+  - openshift
+dependencies:
+- role: lib_openshift
+- role: lib_utils
+- role: openshift_facts
+- role: openshift_logging_defaults

roles/metrics_server/tasks/generate_certs_and_apiservice.yaml

@@ -0,0 +1,91 @@
+---
+# if we already have serving certs and a CA, re-use that
+- name: fetch existing metrics-server secret
+  command: >
+    {{ openshift_client_binary }} -n {{ openshift_metrics_server_project }}
+    --config={{ mktemp.stdout }}/admin.kubeconfig
+    get secret metrics-server-certs -o json
+  register: existing_metrics_server_secret
+  changed_when: false
+  ignore_errors: true
+
+- name: use existing serving certs
+  when: existing_metrics_server_secret.rc == 0
+  block:
+  - set_fact:
+      existing_metrics_server_secret_json: "{{ existing_metrics_server_secret.stdout | from_json }}"
+  - set_fact:
+      metrics_server_certs:
+        metrics-server.crt: "{{ existing_metrics_server_secret_json.data['tls.crt'] }}"
+        metrics-server.key: "{{ existing_metrics_server_secret_json.data['tls.key'] }}"
+        ca.crt: "{{ existing_metrics_server_secret_json.data['ca.crt'] }}"
+
+- name: generate new serving cert secrets if needed
+  when: existing_metrics_server_secret.rc != 0
+  block:
+  - name: generate ca certificate chain
+    command: >
+      {{ openshift_client_binary }} adm ca create-signer-cert
+      --config={{ mktemp.stdout }}/admin.kubeconfig
+      --key='{{ mktemp.stdout }}/ca.key'
+      --cert='{{ mktemp.stdout }}/ca.crt'
+      --serial='{{ mktemp.stdout }}/ca.serial.txt'
+      --name="metrics-signer@{{lookup('pipe','date +%s')}}"
+
+  - name: generate metrics-server keys
+    command: >
+      {{ openshift_client_binary }} adm ca create-server-cert
+      --config={{ mktemp.stdout }}/admin.kubeconfig
+      --key='{{ mktemp.stdout }}/metrics-server.key'
+      --cert='{{ mktemp.stdout }}/metrics-server.crt'
+      --hostnames='metrics-server,metrics-server.{{ openshift_metrics_server_project }}.svc,metrics-server.{{ openshift_metrics_server_project }}.svc.cluster.local'
+      --signer-cert='{{ mktemp.stdout }}/ca.crt'
+      --signer-key='{{ mktemp.stdout }}/ca.key'
+      --signer-serial='{{ mktemp.stdout }}/ca.serial.txt'
+
+  - name: read files for the metrics-server-certs secret
+    shell: >
+      printf '%s: ' '{{ item }}'
+      && base64 --wrap 0 '{{ mktemp.stdout }}/{{ item }}'
+    register: metrics_server_secrets
+    with_items:
+    - metrics-server.crt
+    - metrics-server.key
+    changed_when: false
+
+  - set_fact:
+      metrics_server_secrets: |
+        {{ metrics_server_secrets.results|map(attribute='stdout')|join('
+        ')|from_yaml }}
+
+  - slurp:
+      src: "{{ mktemp.stdout }}/ca.crt"
+    register: apiserver_ca
+
+  - set_fact:
+      metrics_server_certs:
+        metrics-server.crt: "{{ metrics_server_secrets['metrics-server.crt'] }}"
+        metrics-server.key: "{{ metrics_server_secrets['metrics-server.key'] }}"
+        ca.crt: "{{ apiserver_ca.content }}"
+
+- name: generate metrics-server secret template
+  template:
+    src: serving-certs-secret.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-certs.yaml"
+  vars:
+    cert: >
+      {{ metrics_server_certs['metrics-server.crt'] }}
+    key: >
+      {{ metrics_server_certs['metrics-server.key'] }}
+    # store the CA cert so we can easily later use it to recreate the APIService
+    ca: >
+      {{ metrics_server_certs['ca.crt'] }}
+  changed_when: no
+
+- name: Generate metrics-server apiservice
+  template:
+    src: metrics-server-apiservice.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-apiservice.yaml"
+  vars:
+    caBundle: "{{  metrics_server_certs['ca.crt'] }}"
+  changed_when: no

roles/metrics_server/tasks/generate_sa_and_rbac.yaml

@@ -0,0 +1,30 @@
+---
+- name: Generate service account for metrics-server
+  template:
+    src: metrics-server-sa.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-sa.yaml"
+  changed_when: no
+
+- name: generate the metrics-server cluster role
+  template:
+    src: metrics-server-role.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-role.yaml"
+  changed_when: no
+
+- name: generate auth-delegator role binding for the metrics-server service account
+  template:
+    src: metrics-server-auth-delegator.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-auth-delegator-rolebinding.yaml"
+  changed_when: no
+
+- name: generate auth-reader role binding for the metrics-server api extension server
+  template:
+    src: metrics-server-auth-reader.j2
+    dest: "{{ mktemp.stdout }}/templates/extension-apiserver-authentication-reader-metrics-server-rolebinding.yaml"
+  changed_when: no
+
+- name: generate resource-reader role binding for the metrics-server service account
+  template:
+    src: metrics-server-resource-reader.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-resource-reader-rolebinding.yaml"
+  changed_when: no

roles/metrics_server/tasks/generate_svc_and_deployment.yaml

@@ -0,0 +1,11 @@
+---
+- name: Generate service for metrics-server
+  template:
+    src: metrics-server-service.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-service.yaml"
+  changed_when: no
+
+- name: Generate metrics-server deployment from template
+  template:
+    src: metrics-server-deployment.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-server-deployment.yaml"

roles/metrics_server/tasks/install_metrics_server.yaml

@@ -0,0 +1,57 @@
+---
+- name: Ensure metrics-server namespace is present
+  oc_project:
+    state: present
+    name: "{{ openshift_metrics_server_project }}"
+    node_selector: ""
+
+- include_tasks: generate_certs_and_apiservice.yaml
+- include_tasks: generate_sa_and_rbac.yaml
+- include_tasks: generate_svc_and_deployment.yaml
+
+# create objects in the main metrics-server ns
+- find:
+    paths: "{{ mktemp.stdout }}/templates"
+    patterns: "^metrics-server-.*.yaml"
+    use_regex: true
+  register: metrics_server_object_def_files
+  changed_when: no
+
+- slurp:
+    src: "{{item.path}}"
+  register: metrics_server_object_defs
+  with_items: "{{ metrics_server_object_def_files.files }}"
+  changed_when: no
+
+- name: Create metrics-server objects
+  include_tasks: oc_apply.yaml
+  vars:
+    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+    namespace: "{{ openshift_metrics_server_project }}"
+    file_name: "{{ item.source }}"
+    file_content: "{{ item.content | b64decode | from_yaml }}"
+  with_items: "{{ metrics_server_object_defs.results }}"
+
+# create the extension-apiserver configmap permission rolebinding, which needs to live in kube-system,
+# since the actual configmap lives in kube-system
+- find:
+    paths: "{{ mktemp.stdout }}/templates"
+    patterns: "^extension-apiserver-authentication-reader-metrics-server-rolebinding.yaml"
+    use_regex: true
+  register: apiextension_object_def_files
+  changed_when: no
+
+- slurp:
+    src: "{{item.path}}"
+  register: apiextension_object_defs
+  with_items: "{{ apiextension_object_def_files.files }}"
+  changed_when: no
+
+- name: Create metrics-server objects that belong in kube-system (extension-apiserver-authentication-reader rolebinding)
+  include_tasks: oc_apply.yaml
+  vars:
+    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+    namespace: kube-system
+    file_name: "{{ item.source }}"
+    file_content: "{{ item.content | b64decode | from_yaml }}"
+  with_items: "{{ apiextension_object_defs.results }}"

roles/metrics_server/tasks/main.yaml

@@ -0,0 +1,37 @@
+---
+- name: Create temp directory for doing work in on target
+  command: mktemp -td openshift-metrics-server-ansible-XXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Create temp directory for all our templates
+  file: path={{mktemp.stdout}}/templates state=directory mode=0755
+  changed_when: False
+  when: openshift_metrics_server_install | bool
+
+- name: Create temp directory local on control node
+  local_action: command mktemp -d
+  register: local_tmp
+  changed_when: False
+  vars:
+    ansible_become: false
+
+- name: Copy the admin client config(s)
+  command: >
+     cp {{ openshift.common.config_base}}/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
+  changed_when: False
+  check_mode: no
+
+- name: Install metrics-server
+  include_tasks: install_metrics_server.yaml
+  when: openshift_metrics_server_install | bool
+
+- include_tasks: uninstall_metrics_server.yaml
+  when: not openshift_metrics_server_install | bool
+
+- name: Delete temp directory
+  local_action: file path=local_tmp.stdout state=absent
+  changed_when: False
+  check_mode: no
+  vars:
+    ansible_become: false

roles/metrics_server/tasks/oc_apply.yaml

@@ -0,0 +1,32 @@
+---
+- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}}
+  command: >
+    {{ openshift_client_binary }}
+    --config={{ kubeconfig }}
+    get {{file_content.kind}} {{file_content.metadata.name}}
+    -o jsonpath='{.metadata.resourceVersion}'
+    -n {{namespace}}
+  register: generation_init
+  failed_when: false
+  changed_when: no
+
+- name: Applying {{file_name}}
+  command: >
+    {{ openshift_client_binary }} --config={{ kubeconfig }}
+    apply -f {{ file_name }}
+    -n {{namespace}}
+  register: generation_apply
+  failed_when: "'error' in generation_apply.stderr or (generation_apply.rc | int != 0)"
+  changed_when: no
+
+- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}}
+  command: >
+    {{ openshift_client_binary }} --config={{ kubeconfig }}
+    get {{file_content.kind}} {{file_content.metadata.name}}
+    -o jsonpath='{.metadata.resourceVersion}'
+    -n {{namespace}}
+  register: version_changed
+  vars:
+    init_version: "{{ (generation_init is defined) | ternary(generation_init.stdout, '0') }}"
+  failed_when: "'error' in version_changed.stderr or version_changed.rc | int != 0"
+  changed_when: version_changed.stdout | int  > init_version | int

roles/metrics_server/tasks/uninstall_metrics_server.yaml

@@ -0,0 +1,16 @@
+---
+- name: remove metrics-server components
+  command: >
+    {{ openshift_client_binary }} -n {{ openshift_metrics_server_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
+    delete --ignore-not-found --selector=metrics-server-infra
+    all,sa,secrets,rolebindings,clusterrolebindings,clusterrole,apiservice,deployment
+  register: delete_metrics_server
+  changed_when: delete_metrics_server.stdout != 'No resources found'
+
+- name: remove metrics-server system components
+  command: >
+    {{ openshift_client_binary }} -n kube-system --config={{ mktemp.stdout }}/admin.kubeconfig
+    delete --ignore-not-found --selector=metrics-server-infra
+    rolebindings
+  register: delete_metrics_server
+  changed_when: delete_metrics_server.stdout != 'No resources found'

roles/openshift_metrics/templates/metrics-server-apiservice.j2

@@ -4,7 +4,7 @@ metadata:
   name: v1beta1.metrics.k8s.io
   labels:
     kubernetes.io/cluster-service: "true"
-    metrics-infra: support
+    metrics-server-infra: support
 spec:
   service:
     name: metrics-server

roles/openshift_metrics/templates/metrics-server-auth-delegator.j2

@@ -4,7 +4,7 @@ metadata:
   name: metrics-server:system:auth-delegator
   labels:
     kubernetes.io/cluster-service: "true"
-    metrics-infra: support
+    metrics-server-infra: support
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

roles/openshift_metrics/templates/metrics-server-auth-reader.j2

@@ -5,7 +5,7 @@ metadata:
   namespace: kube-system
   labels:
     kubernetes.io/cluster-service: "true"
-    metrics-infra: support
+    metrics-server-infra: support
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

roles/openshift_metrics/templates/metrics-server-deployment.j2

@@ -6,7 +6,7 @@ metadata:
   labels:
     k8s-app: metrics-server
     kubernetes.io/cluster-service: "true"
-    metrics-infra: metrics-server
+    metrics-server-infra: metrics-server
 spec:
   selector:
     matchLabels:
@@ -29,6 +29,7 @@ spec:
           - "--source=kubernetes.summary_api:?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250"
           - "--tls-cert-file=/certs/tls.crt"
           - "--tls-private-key-file=/certs/tls.key"
+          - "--metric_resolution={{ openshift_metrics_server_resolution }}"
           - --secure-port=8443
         ports:
         - containerPort: 8443

roles/openshift_metrics/templates/metrics-server-resource-reader.j2

@@ -4,7 +4,7 @@ metadata:
   name: system:metrics-server
   labels:
     kubernetes.io/cluster-service: "true"
-    metrics-infra: support
+    metrics-server-infra: support
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

roles/openshift_metrics/templates/metrics-server-role.js2

@@ -4,7 +4,7 @@ metadata:
   name: system:metrics-server
   labels:
     kubernetes.io/cluster-service: "true"
-    metrics-infra: support
+    metrics-server-infra: support
 rules:
 - apiGroups:
   - ""

roles/openshift_metrics/templates/metrics-server-sa.j2

@@ -5,4 +5,4 @@ metadata:
   namespace: "{{ openshift_metrics_server_project }}"
   labels:
     kubernetes.io/cluster-service: "true"
-    metrics-infra: support
+    metrics-server-infra: support

roles/openshift_metrics/templates/metrics-server-service.j2

@@ -6,7 +6,7 @@ metadata:
   labels:
     kubernetes.io/cluster-service: "true"
     kubernetes.io/name: "Metrics-server"
-    metrics-infra: metrics-server
+    metrics-server-infra: metrics-server
 spec:
   ports:
   -

roles/metrics_server/templates/serving-certs-secret.j2

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: metrics-server-certs
+  labels:
+    metrics-infra: metrics-server
+data:
+  tls.crt: {{ cert }}
+  tls.key: {{ key }}
+  ca.crt: {{ ca }}

roles/openshift_metrics/README.md

@@ -17,9 +17,6 @@ The following variables need to be set and will be validated:
 - `openshift_metrics_project`: project (i.e. namespace) where the components will be
   deployed.
 
-- `openshift_metrics_server_project`: project (i.e. namespace) where
-  the metrics-server components will be deployed.
-
 Role Variables
 --------------
 

roles/openshift_metrics/defaults/main.yaml

@@ -4,7 +4,6 @@ openshift_metrics_hawkular_agent_image: "{{ l_os_registry_url | regex_replace(l_
 openshift_metrics_hawkular_metrics_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'metrics-hawkular-metrics') }}"
 openshift_metrics_schema_installer_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'metrics-schema-installer') }}"
 openshift_metrics_heapster_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'metrics-heapster') }}"
-openshift_metrics_server_image: "{{ l_os_registry_url | regex_replace('${component}' | regex_escape, 'metrics-server') }}"
 
 openshift_metrics_start_cluster: True
 openshift_metrics_install_metrics: False
@@ -62,7 +61,6 @@ openshift_metrics_resolution: 30s
 openshift_metrics_master_url: https://kubernetes.default.svc
 openshift_metrics_node_id: nodename
 openshift_metrics_project: openshift-infra
-openshift_metrics_server_project: openshift-monitoring
 
 openshift_metrics_cassandra_pvc_prefix: metrics-cassandra
 openshift_metrics_cassandra_pvc_access: "{{ openshift_metrics_storage_access_modes | default(['ReadWriteOnce']) }}"

roles/openshift_metrics/tasks/generate_certificates.yaml

@@ -8,5 +8,4 @@
     --serial='{{ mktemp.stdout }}/ca.serial.txt'
     --name="metrics-signer@{{lookup('pipe','date +%s')}}"
 
-- include_tasks: generate_metrics_server_certificates.yaml
 - include_tasks: generate_hawkular_certificates.yaml

roles/openshift_metrics/tasks/generate_metrics_server_certificates.yaml

@@ -1,50 +0,0 @@
----
-- name: generate metrics-server certificates
-  include_tasks: setup_certificate.yaml
-  vars:
-    component: metrics-server
-    hostnames: "metrics-server,metrics-server.{{ openshift_metrics_server_project }}.svc,metrics-server.{{ openshift_metrics_server_project }}.svc.cluster.local"
-  changed_when: no
-
-- name: read files for the metrics-server-certs secret
-  shell: >
-    printf '%s: ' '{{ item }}'
-    && base64 --wrap 0 '{{ mktemp.stdout }}/{{ item }}'
-  register: metrics_server_secrets
-  with_items:
-  - metrics-server.crt
-  - metrics-server.key
-  changed_when: false
-
-- set_fact:
-    metrics_server_secrets: |
-      {{ metrics_server_secrets.results|map(attribute='stdout')|join('
-      ')|from_yaml }}
-
-- slurp:
-    src: "{{ mktemp.stdout }}/ca.crt"
-  register: apiserver_ca
-
-- name: generate metrics-server secret template
-  template:
-    src: secret.j2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-certs.yaml"
-  vars:
-    name: metrics-server-certs
-    labels:
-      metrics-infra: metrics-server
-    data:
-      tls.crt: >
-        {{ metrics_server_secrets['metrics-server.crt'] }}
-      tls.key: >
-        {{ metrics_server_secrets['metrics-server.key'] }}
-  when: name not in existing_metrics_server_secrets.stdout_lines
-  changed_when: no
-
-- name: Generate metrics-server apiservice
-  template:
-    src: metrics-server-apiservice.j2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-apiservice.yaml"
-  vars:
-    caBundle: "{{ apiserver_ca.content }}"
-  changed_when: no

roles/openshift_metrics/tasks/generate_rolebindings.yaml

@@ -46,27 +46,3 @@
     files:
     - "{{ mktemp.stdout }}/templates/hawkular-cluster-role.yaml"
     delete_after: true
-
-- name: generate the metrics-server cluster role
-  template:
-    src: metrics-server-role.js2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-role.yaml"
-  changed_when: no
-
-- name: generate auth-delegator role binding for the metrics-server service account
-  template:
-    src: metrics-server-auth-delegator.j2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-auth-delegator-rolebinding.yaml"
-  changed_when: no
-
-- name: generate auth-reader role binding for the metrics-server api extension server
-  template:
-    src: metrics-server-auth-reader.j2
-    dest: "{{ mktemp.stdout }}/templates/extension-apiserver-authentication-reader-metrics-server-rolebinding.yaml"
-  changed_when: no
-
-- name: generate resource-reader role binding for the metrics-server service account
-  template:
-    src: metrics-server-resource-reader.j2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-resource-reader-rolebinding.yaml"
-  changed_when: no

roles/openshift_metrics/tasks/generate_serviceaccounts.yaml

@@ -25,9 +25,3 @@
   with_items:
   - hawkular
   - cassandra
-
-- name: Generating serviceaccounts for metrics-server
-  template:
-    src: metrics-server-sa.j2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-sa.yaml"
-  changed_when: no

roles/openshift_metrics/tasks/generate_services.yaml

@@ -31,9 +31,3 @@
   - cassandra
   - cassandra-nodes
   changed_when: no
-
-- name: Generate service for metrics-server
-  template:
-    src: metrics-server-service.j2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-service.yaml"
-  changed_when: no

roles/openshift_metrics/tasks/install_metrics.yaml

@@ -21,14 +21,9 @@
   include_tasks: install_hosa.yaml
   when: openshift_metrics_install_hawkular_agent | default(false) | bool
 
-- name: Generate metrics-server deployment
-  template:
-    src: metrics-server-deployment.j2
-    dest: "{{ mktemp.stdout }}/templates/metrics-server-deployment.yaml"
-
 - find:
     paths: "{{ mktemp.stdout }}/templates"
-    patterns: "^(?!metrics-hawkular-openshift-agent|metrics-server-|extension-apiserver-authentication-reader-metrics-server-).*.yaml"
+    patterns: "^(?!metrics-hawkular-openshift-agent).*.yaml"
     use_regex: true
   register: object_def_files
   changed_when: no
@@ -73,50 +68,6 @@
   with_items: "{{ hawkular_agent_object_defs.results }}"
   when: openshift_metrics_install_hawkular_agent | bool
 
-- find:
-    paths: "{{ mktemp.stdout }}/templates"
-    patterns: "^metrics-server-.*.yaml"
-    use_regex: true
-  register: metrics_server_object_def_files
-  changed_when: no
-
-- slurp:
-    src: "{{item.path}}"
-  register: metrics_server_object_defs
-  with_items: "{{ metrics_server_object_def_files.files }}"
-  changed_when: no
-
-- name: Create Metrics Server objects
-  include_tasks: oc_apply.yaml
-  vars:
-    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
-    namespace: "{{ openshift_metrics_server_project }}"
-    file_name: "{{ item.source }}"
-    file_content: "{{ item.content | b64decode | from_yaml }}"
-  with_items: "{{ metrics_server_object_defs.results }}"
-
-- find:
-    paths: "{{ mktemp.stdout }}/templates"
-    patterns: "^extension-apiserver-authentication-reader-metrics-server-rolebinding.yaml"
-    use_regex: true
-  register: apiextension_object_def_files
-  changed_when: no
-
-- slurp:
-    src: "{{item.path}}"
-  register: apiextension_object_defs
-  with_items: "{{ apiextension_object_def_files.files }}"
-  changed_when: no
-
-- name: Create Metrics Server kube-system objects
-  include_tasks: oc_apply.yaml
-  vars:
-    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
-    namespace: kube-system
-    file_name: "{{ item.source }}"
-    file_content: "{{ item.content | b64decode | from_yaml }}"
-  with_items: "{{ apiextension_object_defs.results }}"
-
 # Update asset config in openshift-web-console namespace
 - name: Add metrics route information to web console asset config
   include_role:

roles/openshift_metrics/tasks/install_support.yaml

@@ -19,12 +19,6 @@
 - fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node"
   when: keytool_check.rc  == 1
 
-- name: Set metrics server namespace
-  oc_project:
-    state: present
-    name: "{{ openshift_metrics_server_project }}"
-    node_selector: ""
-
 - include_tasks: generate_certificates.yaml
 - include_tasks: generate_serviceaccounts.yaml
 - include_tasks: generate_services.yaml

roles/openshift_metrics/tasks/pre_install.yaml

@@ -69,10 +69,3 @@
     openshift_metrics_namespace_uid is not defined or
     openshift_metrics_namespace_selinux is not defined or
     openshift_metrics_namespace_fsgroup is not defined
-- name: list existing metrics server secrets
-  command: >
-    {{ openshift_client_binary }} -n {{ openshift_metrics_server_project }}
-    --config={{ mktemp.stdout }}/admin.kubeconfig
-    get secrets -o name
-  register: existing_metrics_server_secrets
-  changed_when: false

roles/openshift_metrics/tasks/uninstall_metrics.yaml

@@ -30,19 +30,3 @@
         value: ""
   when:
     - openshift_web_console_install | default(true) | bool
-
-- name: remove metrics server components
-  command: >
-    {{ openshift_client_binary }} -n {{ openshift_metrics_server_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
-    delete --ignore-not-found --selector=metrics-infra
-    all,sa,secrets,rolebindings,clusterrolebindings,clusterrole,apiservice,deployment
-  register: delete_metrics
-  changed_when: delete_metrics.stdout != 'No resources found'
-
-- name: remove metrics server system components
-  command: >
-    {{ openshift_client_binary }} -n kube-system --config={{ mktemp.stdout }}/admin.kubeconfig
-    delete --ignore-not-found --selector=metrics-infra
-    rolebindings
-  register: delete_metrics
-  changed_when: delete_metrics.stdout != 'No resources found'