Add metrics server as addon to k8s CI #1903
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
area/provider/azure
jsturtevant
force-pushed
the
add-metrics-server-to-ci
branch
4 times, most recently
from
ab164e6 to
86c615a
Compare
|
/hold I've got it deploying but running into errors: Apparently kubeadm doesn't set this up properly out of the box: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#cannot-use-the-metrics-server-securely-in-a-kubeadm-cluster It looks like we are missing the ability to properly get signed certs:
|
k8s-ci-robot
added
the
do-not-merge/hold
|
looks like there has been some thought on how this works with capi: https://github.com/kubernetes-sigs/cluster-api/blob/58905fb5140a7844c3e24aa70d255fb8f9d0c491/docs/proposals/20210222-kubelet-authentication.md#changes-to-cluster-api-bootstrap-provider-kubeadm |
|
After following the directions in https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs (note that setting the field As there is a proposal to address this long term in CAPI I will plan to turn on the metric server flag |
Due to the way that kubeadm configures the kubelet with a self-signed certificate, the metric server can't verify the kubelet certs. There is a proposal in CAPI to manage this long term. For the e2e tests we disabling the tls verificiation. See kubernetes-sigs#1903 (comment) for more details.
jsturtevant
force-pushed
the
add-metrics-server-to-ci
branch
from
86c615a to
e8385ba
Compare
Due to the way that kubeadm configures the kubelet with a self-signed certificate, the metric server can't verify the kubelet certs. There is a proposal in CAPI to manage this long term. For the e2e tests we disabling the tls verificiation. See kubernetes-sigs#1903 (comment) for more details.
jsturtevant
force-pushed
the
add-metrics-server-to-ci
branch
from
e8385ba to
0093c77
Compare
Due to the way that kubeadm configures the kubelet with a self-signed certificate, the metric server can't verify the kubelet certs. There is a proposal in CAPI to manage this long term. For the e2e tests we disabling the tls verificiation. See kubernetes-sigs#1903 (comment) for more details.
|
/test ls |
|
@jsturtevant: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test pull-cluster-api-provider-azure-conformance-with-ci-artifacts |
|
/test pull-cluster-api-provider-azure-windows-containerd-upstream-with-ci-artifacts |
|
The windows tests ran but have the flakes I am investigating in s separate workstream. /test pull-cluster-api-provider-azure-windows-containerd-upstream-with-ci-artifacts |
|
/assign @CecileRobertMichon @devigned @mboersma |
| kind: Kustomization | ||
| namespace: kube-system | ||
| resources: | ||
| - https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.5.2/components.yaml |
There was a problem hiding this comment.
this is awesome, we should use this model for more stuff (eg. cloud-provider) instead of maintaining addon specs in the repo
There was a problem hiding this comment.
cool! I created a tracking issue with a few possible items: #1917
k8s-ci-robot
added
the
lgtm
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: CecileRobertMichon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
What type of PR is this?
/kind feature
What this PR does / why we need it:
We would like to run HPA tests in upstream and the metrics server is required for HPA components: #1881
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #1125
Special notes for your reviewer:
I've only added this to the CI Job that is need for now but did tried to do it in a way that would make it pretty easy to add to other jobs and tilt if we wanted.
Also using kustomize to pull in the metric server from the releases page on https://github.com/kubernetes-sigs/metrics-server/releases. This allows for easy updates and overriding settings if needed via kustomize. This could be a pattern we use for the other addons as well.
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
Release note: