Configure cluster metrics

Playbook based on
https://docs.openshift.org/latest/admin_guide/cluster_metrics.html.

playbooks/common/openshift-master/config.yml

@@ -215,6 +215,8 @@
   - role: openshift_master_cluster
     when: openshift_master_ha | bool
   - openshift_examples
+  - role: openshift_cluster_metrics
+    when: openshift.common.use_cluster_metrics | bool
 
 # Additional instance config for online deployments
 - name: Additional instance config

roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml

@@ -0,0 +1,53 @@
+apiVersion: "v1"
+kind: "List"
+items:
+  -
+    apiVersion: "v1"
+    kind: "Service"
+    metadata:
+      labels:
+        provider: "fabric8"
+        component: "grafana"
+      name: "grafana"
+    spec:
+      ports:
+        -
+          port: 80
+          targetPort: "http"
+      selector:
+        provider: "fabric8"
+        component: "grafana"
+  -
+    apiVersion: "v1"
+    kind: "ReplicationController"
+    metadata:
+      labels:
+        provider: "fabric8"
+        component: "grafana"
+      name: "grafana"
+    spec:
+      replicas: 1
+      selector:
+        provider: "fabric8"
+        component: "grafana"
+      template:
+        metadata:
+          labels:
+            provider: "fabric8"
+            component: "grafana"
+        spec:
+          containers:
+            -
+              env:
+                -
+                  name: "INFLUXDB_SERVICE_NAME"
+                  value: "INFLUXDB_MONITORING"
+                -
+                  name: "GRAFANA_DEFAULT_DASHBOARD"
+                  value: "/dashboard/file/kubernetes.json"
+              image: "fabric8/grafana:1.9.1_2"
+              name: "grafana"
+              ports:
+                -
+                  containerPort: 3000
+                  name: "http"

roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: heapster

roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml

@@ -0,0 +1,30 @@
+apiVersion: "v1"
+kind: "List"
+items:
+  -
+    apiVersion: "v1"
+    kind: "ReplicationController"
+    metadata:
+      labels:
+        provider: "fabric8"
+        component: "heapster"
+      name: "heapster"
+    spec:
+      replicas: 1
+      selector:
+        provider: "fabric8"
+        component: "heapster"
+      template:
+        metadata:
+          labels:
+            provider: "fabric8"
+            component: "heapster"
+        spec:
+          containers:
+            -
+              args:
+                - "-source=kubernetes:https://kubernetes.default.svc.cluster.local?auth=&insecure=true&useServiceAccount=true"
+                - "-sink=influxdb:http://influxdb-monitoring.default.svc.cluster.local:8086"
+              image: "kubernetes/heapster:V0.14.2"
+              name: "heapster"
+          serviceAccount: "heapster"

roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml

@@ -0,0 +1,67 @@
+apiVersion: "v1"
+kind: "List"
+items:
+  -
+    apiVersion: "v1"
+    kind: "Service"
+    metadata:
+      labels:
+        provider: "fabric8"
+        component: "influxdb-monitoring"
+      name: "influxdb-monitoring"
+    spec:
+      ports:
+        -
+          port: 8086
+          targetPort: "http"
+      selector:
+        provider: "fabric8"
+        component: "influxdb-monitoring"
+  -
+    apiVersion: "v1"
+    kind: "ReplicationController"
+    metadata:
+      labels:
+        provider: "fabric8"
+        component: "influxdb-monitoring"
+      name: "influxdb-monitoring"
+    spec:
+      replicas: 1
+      selector:
+        provider: "fabric8"
+        component: "influxdb-monitoring"
+      template:
+        metadata:
+          labels:
+            provider: "fabric8"
+            component: "influxdb-monitoring"
+        spec:
+          containers:
+            -
+              env:
+                -
+                  name: "PRE_CREATE_DB"
+                  value: "k8s;grafana"
+              image: "fabric8/influxdb:0.8.8"
+              name: "influxdb"
+              ports:
+                -
+                  containerPort: 8090
+                  name: "raft"
+                -
+                  containerPort: 8099
+                  name: "protobuf"
+                -
+                  containerPort: 8083
+                  name: "admin"
+                -
+                  containerPort: 8086
+                  name: "http"
+              volumeMounts:
+                -
+                  mountPath: "/data"
+                  name: "influxdb-data"
+          volumes:
+            -
+              emptyDir:
+              name: "influxdb-data"

roles/openshift_cluster_metrics/tasks/main.yml

@@ -0,0 +1,50 @@
+---
+
+- name: Install cluster metrics templates
+  copy:
+    src: cluster-metrics
+    dest: /etc/openshift/
+
+- name: Create InfluxDB Services
+  command: >
+    {{ openshift.common.client_binary }} create -f 
+    /etc/openshift/cluster-metrics/influxdb.yaml
+  register: oex_influxdb_services
+  failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0"
+  changed_when: false
+
+- name: Create Heapster Service Account
+  command: >
+    {{ openshift.common.client_binary }} create -f 
+    /etc/openshift/cluster-metrics/heapster-serviceaccount.yaml
+  register: oex_heapster_serviceaccount
+  failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0"
+  changed_when: false
+
+- name: Add cluster-reader role to Heapster
+  command: > 
+    {{ openshift.common.admin_binary }} policy
+    add-cluster-role-to-user
+    cluster-reader
+    system:serviceaccount:default:heapster
+  register: oex_cluster_header_role
+  register: oex_cluster_header_role
+  failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0"
+  changed_when: false
+
+- name: Create Heapster Services
+  command: >
+    {{ openshift.common.client_binary }} create -f
+    /etc/openshift/cluster-metrics/heapster.yaml
+  register: oex_heapster_services
+  failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0"
+  changed_when: false
+
+- name: Create Grafana Services
+  command: >
+    {{ openshift.common.client_binary }} create -f
+    /etc/openshift/cluster-metrics/grafana.yaml
+  register: oex_grafana_services
+  failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0"
+  changed_when: false
+

roles/openshift_facts/library/openshift_facts.py

@@ -323,6 +323,24 @@ def set_fluentd_facts_if_unset(facts):
             facts['common']['use_fluentd'] = use_fluentd
     return facts
 
+def set_cluster_metrics_facts_if_unset(facts):
+    """ Set cluster metrics facts if not already present in facts dict
+            dict: the facts dict updated with the generated cluster metrics facts if
+            missing
+        Args:
+            facts (dict): existing facts
+        Returns:
+            dict: the facts dict updated with the generated cluster metrics
+            facts if they were not already present
+
+    """
+    if 'common' in facts:
+        deployment_type = facts['common']['deployment_type']
+        if 'use_cluster_metrics' not in facts['common']:
+            use_cluster_metrics = True if deployment_type == 'origin' else False
+            facts['common']['use_cluster_metrics'] = use_cluster_metrics
+    return facts
+
 def set_identity_providers_if_unset(facts):
     """ Set identity_providers fact if not already present in facts dict
 
@@ -700,6 +718,7 @@ class OpenShiftFacts(object):
         facts['current_config'] = get_current_config(facts)
         facts = set_url_facts_if_unset(facts)
         facts = set_fluentd_facts_if_unset(facts)
+        facts = set_cluster_metrics_facts_if_unset(facts)
         facts = set_identity_providers_if_unset(facts)
         facts = set_registry_url_if_unset(facts)
         facts = set_sdn_facts_if_unset(facts)

roles/openshift_node/defaults/main.yml

@@ -6,3 +6,7 @@ os_firewall_allow:
   port: 80/tcp
 - service: https
   port: 443/tcp
+- service: Openshift kubelet ReadOnlyPort
+  port: 10255/tcp
+- service: Openshift kubelet ReadOnlyPort udp
+  port: 10255/udp

roles/openshift_node/templates/node.yaml.v1.j2

@@ -18,3 +18,4 @@ servingInfo:
   clientCA: ca.crt
   keyFile: server.key
 volumeDirectory: {{ openshift_data_dir }}/openshift.local.volumes
+{% include 'partials/kubeletArguments.j2' %}

roles/openshift_node/templates/partials/kubeletArguments.j2

@@ -0,0 +1,5 @@
+{% if openshift.common.use_cluster_metrics | bool %}
+kubeletArguments:
+  "read-only-port":
+    - "10255"
+{% endif %}