github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 03:33:56 +00:00
Code Issues Projects Releases Wiki Activity

Create an insecure (http) read-only port on the kubelet so that

Browse Source 
heapster can collect metrics. Update the heapster config to
point to the non-secured port.
This commit is contained in:
Robert Bailey 2015-04-01 21:41:32 -07:00
parent f15e34a1bf
commit 4488ff95a2
4 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cluster/addons/cluster-monitoring/heapster-controller.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v1beta1 apiVersion: v1beta1
id: monitoring-heapster-controller id: monitoring-heapster-controller
kind: ReplicationController kind: ReplicationController
desiredState: desiredState:
replicas: 1 replicas: 1
replicaSelector: replicaSelector:
name: heapster name: heapster
podTemplate: podTemplate:
desiredState: desiredState:
@ -13,11 +13,13 @@ desiredState:
containers: containers:
- name: heapster - name: heapster
image: gcr.io/google_containers/heapster:v0.10.0 image: gcr.io/google_containers/heapster:v0.10.0
env: env:
- name: "INFLUXDB_HOST" - name: "INFLUXDB_HOST"
value: "monitoring-influxdb" value: "monitoring-influxdb"
- name: "SINK" - name: "SINK"
value: "influxdb" value: "influxdb"
- name: "FLAGS"
value: "--kubelet_port=10255"
volumeMounts: volumeMounts:
- name: ssl-certs - name: ssl-certs
mountPath: /etc/ssl/certs mountPath: /etc/ssl/certs
@ -27,10 +29,10 @@ desiredState:
source: source:
hostDir: hostDir:
path: /etc/ssl/certs path: /etc/ssl/certs
labels: labels:
name: heapster name: heapster
uses: monitoring-influxdb uses: monitoring-influxdb
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
labels: labels:
name: heapster name: heapster
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

22
cmd/kubelet/app/server.go
View File

@ -61,6 +61,7 @@ type KubeletServer struct {
EnableServer bool EnableServer bool
Address util.IP Address util.IP
Port uint Port uint
ReadOnlyPort uint
HostnameOverride string HostnameOverride string
PodInfraContainerImage string PodInfraContainerImage string
DockerEndpoint string DockerEndpoint string
@ -98,12 +99,13 @@ type KubeletServer struct {
// NewKubeletServer will create a new KubeletServer with default values. // NewKubeletServer will create a new KubeletServer with default values.
func NewKubeletServer() *KubeletServer { func NewKubeletServer() *KubeletServer {
return &KubeletServer{ return &KubeletServer{
SyncFrequency: 10 * time.Second, SyncFrequency: 10 * time.Second,
FileCheckFrequency: 20 * time.Second, FileCheckFrequency: 20 * time.Second,
HTTPCheckFrequency: 20 * time.Second, HTTPCheckFrequency: 20 * time.Second,
EnableServer: true, EnableServer: true,
Address: util.IP(net.ParseIP("0.0.0.0")), Address: util.IP(net.ParseIP("0.0.0.0")),
Port: ports.KubeletPort, Port: ports.KubeletPort,
ReadOnlyPort: ports.KubeletReadOnlyPort,
PodInfraContainerImage: kubelet.PodInfraContainerImage, PodInfraContainerImage: kubelet.PodInfraContainerImage,
RootDirectory: defaultRootDir, RootDirectory: defaultRootDir,
RegistryBurst: 10, RegistryBurst: 10,
@ -135,6 +137,7 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
fs.BoolVar(&s.EnableServer, "enable_server", s.EnableServer, "Enable the info server") fs.BoolVar(&s.EnableServer, "enable_server", s.EnableServer, "Enable the info server")
fs.Var(&s.Address, "address", "The IP address for the info server to serve on (set to 0.0.0.0 for all interfaces)") fs.Var(&s.Address, "address", "The IP address for the info server to serve on (set to 0.0.0.0 for all interfaces)")
fs.UintVar(&s.Port, "port", s.Port, "The port for the info server to serve on") fs.UintVar(&s.Port, "port", s.Port, "The port for the info server to serve on")
fs.UintVar(&s.ReadOnlyPort, "read_only_port", s.ReadOnlyPort, "The read-only port for the info server to serve on (set to 0 to disable)")
fs.StringVar(&s.TLSCertFile, "tls_cert_file", s.TLSCertFile, ""+ fs.StringVar(&s.TLSCertFile, "tls_cert_file", s.TLSCertFile, ""+
"File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). "+ "File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). "+
"If --tls_cert_file and --tls_private_key_file are not provided, a self-signed certificate and key "+ "If --tls_cert_file and --tls_private_key_file are not provided, a self-signed certificate and key "+
@ -248,6 +251,7 @@ func (s *KubeletServer) Run(_ []string) error {
ClusterDNS: s.ClusterDNS, ClusterDNS: s.ClusterDNS,
Runonce: s.RunOnce, Runonce: s.RunOnce,
Port: s.Port, Port: s.Port,
ReadOnlyPort: s.ReadOnlyPort,
CadvisorInterface: cadvisorInterface, CadvisorInterface: cadvisorInterface,
EnableServer: s.EnableServer, EnableServer: s.EnableServer,
EnableDebuggingHandlers: s.EnableDebuggingHandlers, EnableDebuggingHandlers: s.EnableDebuggingHandlers,
@ -414,6 +418,11 @@ func startKubelet(k *kubelet.Kubelet, podCfg *config.PodConfig, kc *KubeletConfi
kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.TLSOptions, kc.EnableDebuggingHandlers) kubelet.ListenAndServeKubeletServer(k, net.IP(kc.Address), kc.Port, kc.TLSOptions, kc.EnableDebuggingHandlers)
}, 0) }, 0)
} }
if kc.ReadOnlyPort > 0 {
go util.Forever(func() {
kubelet.ListenAndServeKubeletReadOnlyServer(k, net.IP(kc.Address), kc.ReadOnlyPort)
}, 0)
}
} }
func makePodSourceConfig(kc *KubeletConfig) *config.PodConfig { func makePodSourceConfig(kc *KubeletConfig) *config.PodConfig {
@ -466,6 +475,7 @@ type KubeletConfig struct {
EnableServer bool EnableServer bool
EnableDebuggingHandlers bool EnableDebuggingHandlers bool
Port uint Port uint
ReadOnlyPort uint
Runonce bool Runonce bool
MasterServiceNamespace string MasterServiceNamespace string
VolumePlugins []volume.VolumePlugin VolumePlugins []volume.VolumePlugin

18
pkg/kubelet/server.go
View File

@ -76,6 +76,24 @@ func ListenAndServeKubeletServer(host HostInterface, address net.IP, port uint,
} }
} }
// ListenAndServeKubeletReadOnlyServer initializes a server to respond to HTTP network requests on the Kubelet.
func ListenAndServeKubeletReadOnlyServer(host HostInterface, address net.IP, port uint) {
glog.V(1).Infof("Starting to listen read-only on %s:%d", address, port)
s := &Server{host, http.NewServeMux()}
healthz.InstallHandler(s.mux)
s.mux.HandleFunc("/stats/", s.handleStats)
s.mux.Handle("/metrics", prometheus.Handler())
server := &http.Server{
Addr: net.JoinHostPort(address.String(), strconv.FormatUint(uint64(port), 10)),
Handler: s,
ReadTimeout: 5 * time.Minute,
WriteTimeout: 5 * time.Minute,
MaxHeaderBytes: 1 << 20,
}
glog.Fatal(server.ListenAndServe())
}
// HostInterface contains all the kubelet methods required by the server. // HostInterface contains all the kubelet methods required by the server.
// For testablitiy. // For testablitiy.
type HostInterface interface { type HostInterface interface {

6
pkg/master/ports/ports.go
View File

@ -32,4 +32,10 @@ const (
// ControllerManagerPort is the default port for the controller manager status server. // ControllerManagerPort is the default port for the controller manager status server.
// May be overridden by a flag at startup. // May be overridden by a flag at startup.
ControllerManagerPort = 10252 ControllerManagerPort = 10252
// KubeletReadOnlyPort exposes basic read-only services from the kubelet.
// May be overridden by a flag at startup.
// This is necessary for heapster to collect monitoring stats from the kubelet
// until heapster can transition to using the SSL endpoint.
// TODO(roberthbailey): Remove this once we have a better solution for heapster.
KubeletReadOnlyPort = 10255
) )