kubernetes-retired
diff --git a/‎Documentation/kubernetes-on-aws-add-ons.md
Lines changed: 36 additions & 0 deletions b/‎Documentation/kubernetes-on-aws-add-ons.md
Lines changed: 36 additions & 0 deletions
diff --git a/‎core/controlplane/config/config.go
Lines changed: 78 additions & 91 deletions b/‎core/controlplane/config/config.go
Lines changed: 78 additions & 91 deletions
diff --git a/‎core/controlplane/config/templates/cloud-config-controller
Lines changed: 61 additions & 3 deletions b/‎core/controlplane/config/templates/cloud-config-controller
Lines changed: 61 additions & 3 deletions
diff --git a/‎core/controlplane/config/templates/cloud-config-worker
Lines changed: 1 addition & 1 deletion b/‎core/controlplane/config/templates/cloud-config-worker
Lines changed: 1 addition & 1 deletion
@@ -2,6 +2,42 @@
 
 kube-aws has built-in supports for several Kubernetes add-ons known to require additional configurations beforehand.
 
+## cluster-autoscaler
+
+[cluster-autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) is an add-on which automatically
+scales in/out your k8s cluster by removing/adding worker nodes according to resource utilization per node.
+
+To enable cluster-autoscaler, add the below settings to your cluster.yaml:
+
+```yaml
+addons:
+  clusterAutoscaler:
+    enabled: true
+worker:
+  nodePools:
+  - name: scaled
+    autoScalingGroup:
+      minSize: 1
+      maxSize: 10
+    autoscaling:
+      clusterAutoscaler:
+        enabled: true
+  - name: notScaled
+    autoScalingGroup:
+      minSize: 2
+      maxSize: 4
+```
+
+The above example configuration would:
+
+* By `addons.clusterAutoscaler.enabled`:
+  * Provide controller nodes appropriate IAM permissions to call necessary AWS APIs from CA
+  * Create a k8s deployment to run CA on one of controller nodes, so that CA can utilize the IAM permissions
+* By `worker.nodePools[0].autoscaling.clusterAutoscaler.enabled`:
+  * If there are unschedulable, pending pod(s) that is requesting more capacity, CA will add more nodes to the `scaled` node pool, up until the max size `10`
+  * If there are no unschdulable, pending pod(s) that is waiting for more capacity and one or more nodes are in low utlization, CA will remove node(s), down until the min size `1`
+* The second node pool `notScaled` is scaled manually by YOU, because you had not the autoscaling on it(=missing `autoscaling.clusterAutoscaler.enabled`)
+
 ## kube2iam
 
 [kube2iam](https://github.com/jtblin/kube2iam) is an add-on which provides IAM credentials for target IAM roles to pods running inside a Kubernetes cluster based on annotations.
 
@@ -58,7 +58,7 @@ func NewDefaultCluster() *Cluster {
 		AwsNodeLabels: AwsNodeLabels{
 			Enabled: false,
 		},
-		ClusterAutoscalerSupport: ClusterAutoscalerSupport{
+		ClusterAutoscalerSupport: model.ClusterAutoscalerSupport{
 			Enabled: false,
 		},
 		TLSBootstrap: TLSBootstrap{
@@ -81,7 +81,7 @@ func NewDefaultCluster() *Cluster {
 		NodeDrainer: NodeDrainer{
 			Enabled: false,
 		},
-		NodeLabels: NodeLabels{},
+		NodeLabels: model.NodeLabels{},
 		Plugins: Plugins{
 			Rbac: Rbac{
 				Enabled: false,
@@ -104,34 +104,35 @@ func NewDefaultCluster() *Cluster {
 
 	return &Cluster{
 		DeploymentSettings: DeploymentSettings{
-			ClusterName:                 "kubernetes",
-			VPCCIDR:                     "10.0.0.0/16",
-			ReleaseChannel:              "stable",
-			K8sVer:                      k8sVer,
-			ContainerRuntime:            "docker",
-			Subnets:                     []model.Subnet{},
-			EIPAllocationIDs:            []string{},
-			MapPublicIPs:                true,
-			Experimental:                experimental,
-			ManageCertificates:          true,
-			HyperkubeImage:              model.Image{Repo: "quay.io/coreos/hyperkube", Tag: k8sVer, RktPullDocker: false},
-			AWSCliImage:                 model.Image{Repo: "quay.io/coreos/awscli", Tag: "master", RktPullDocker: false},
-			CalicoNodeImage:             model.Image{Repo: "quay.io/calico/node", Tag: "v1.2.1", RktPullDocker: false},
-			CalicoCniImage:              model.Image{Repo: "quay.io/calico/cni", Tag: "v1.8.3", RktPullDocker: false},
-			CalicoPolicyControllerImage: model.Image{Repo: "quay.io/calico/kube-policy-controller", Tag: "v0.6.0", RktPullDocker: false},
-			CalicoCtlImage:              model.Image{Repo: "quay.io/calico/ctl", Tag: "v1.2.1", RktPullDocker: false},
-			ClusterAutoscalerImage:      model.Image{Repo: "gcr.io/google_containers/cluster-proportional-autoscaler-amd64", Tag: "1.1.1", RktPullDocker: false},
-			KubeDnsImage:                model.Image{Repo: "gcr.io/google_containers/k8s-dns-kube-dns-amd64", Tag: "1.14.2", RktPullDocker: false},
-			KubeDnsMasqImage:            model.Image{Repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64", Tag: "1.14.2", RktPullDocker: false},
-			KubeReschedulerImage:        model.Image{Repo: "gcr.io/google-containers/rescheduler", Tag: "v0.3.0", RktPullDocker: false},
-			DnsMasqMetricsImage:         model.Image{Repo: "gcr.io/google_containers/k8s-dns-sidecar-amd64", Tag: "1.14.2", RktPullDocker: false},
-			ExecHealthzImage:            model.Image{Repo: "gcr.io/google_containers/exechealthz-amd64", Tag: "1.2", RktPullDocker: false},
-			HeapsterImage:               model.Image{Repo: "gcr.io/google_containers/heapster", Tag: "v1.3.0", RktPullDocker: false},
-			AddonResizerImage:           model.Image{Repo: "gcr.io/google_containers/addon-resizer", Tag: "1.7", RktPullDocker: false},
-			KubeDashboardImage:          model.Image{Repo: "gcr.io/google_containers/kubernetes-dashboard-amd64", Tag: "v1.6.1", RktPullDocker: false},
-			PauseImage:                  model.Image{Repo: "gcr.io/google_containers/pause-amd64", Tag: "3.0", RktPullDocker: false},
-			FlannelImage:                model.Image{Repo: "quay.io/coreos/flannel", Tag: "v0.7.1", RktPullDocker: false},
-			DexImage:                    model.Image{Repo: "quay.io/coreos/dex", Tag: "v2.4.1", RktPullDocker: false},
+			ClusterName:                        "kubernetes",
+			VPCCIDR:                            "10.0.0.0/16",
+			ReleaseChannel:                     "stable",
+			K8sVer:                             k8sVer,
+			ContainerRuntime:                   "docker",
+			Subnets:                            []model.Subnet{},
+			EIPAllocationIDs:                   []string{},
+			MapPublicIPs:                       true,
+			Experimental:                       experimental,
+			ManageCertificates:                 true,
+			HyperkubeImage:                     model.Image{Repo: "quay.io/coreos/hyperkube", Tag: k8sVer, RktPullDocker: false},
+			AWSCliImage:                        model.Image{Repo: "quay.io/coreos/awscli", Tag: "master", RktPullDocker: false},
+			CalicoNodeImage:                    model.Image{Repo: "quay.io/calico/node", Tag: "v1.2.1", RktPullDocker: false},
+			CalicoCniImage:                     model.Image{Repo: "quay.io/calico/cni", Tag: "v1.8.3", RktPullDocker: false},
+			CalicoPolicyControllerImage:        model.Image{Repo: "quay.io/calico/kube-policy-controller", Tag: "v0.6.0", RktPullDocker: false},
+			CalicoCtlImage:                     model.Image{Repo: "quay.io/calico/ctl", Tag: "v1.2.1", RktPullDocker: false},
+			ClusterAutoscalerImage:             model.Image{Repo: "quay.io/kube-aws/cluster-autoscaler", Tag: "b432362a70f925d94240fe0bb772bd05fb8ad8d6", RktPullDocker: false},
+			ClusterProportionalAutoscalerImage: model.Image{Repo: "gcr.io/google_containers/cluster-proportional-autoscaler-amd64", Tag: "1.1.1", RktPullDocker: false},
+			KubeDnsImage:                       model.Image{Repo: "gcr.io/google_containers/k8s-dns-kube-dns-amd64", Tag: "1.14.2", RktPullDocker: false},
+			KubeDnsMasqImage:                   model.Image{Repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64", Tag: "1.14.2", RktPullDocker: false},
+			KubeReschedulerImage:               model.Image{Repo: "gcr.io/google-containers/rescheduler", Tag: "v0.3.0", RktPullDocker: false},
+			DnsMasqMetricsImage:                model.Image{Repo: "gcr.io/google_containers/k8s-dns-sidecar-amd64", Tag: "1.14.2", RktPullDocker: false},
+			ExecHealthzImage:                   model.Image{Repo: "gcr.io/google_containers/exechealthz-amd64", Tag: "1.2", RktPullDocker: false},
+			HeapsterImage:                      model.Image{Repo: "gcr.io/google_containers/heapster", Tag: "v1.3.0", RktPullDocker: false},
+			AddonResizerImage:                  model.Image{Repo: "gcr.io/google_containers/addon-resizer", Tag: "1.7", RktPullDocker: false},
+			KubeDashboardImage:                 model.Image{Repo: "gcr.io/google_containers/kubernetes-dashboard-amd64", Tag: "v1.6.1", RktPullDocker: false},
+			PauseImage:                         model.Image{Repo: "gcr.io/google_containers/pause-amd64", Tag: "3.0", RktPullDocker: false},
+			FlannelImage:                       model.Image{Repo: "quay.io/coreos/flannel", Tag: "v0.7.1", RktPullDocker: false},
+			DexImage:                           model.Image{Repo: "quay.io/coreos/dex", Tag: "v2.4.1", RktPullDocker: false},
 		},
 		KubeClusterSettings: KubeClusterSettings{
 			DNSServiceIP: "10.3.0.10",
@@ -494,24 +495,25 @@ type DeploymentSettings struct {
 	WaitSignal             WaitSignal        `yaml:"waitSignal"`
 
 	// Images repository
-	HyperkubeImage              model.Image `yaml:"hyperkubeImage,omitempty"`
-	AWSCliImage                 model.Image `yaml:"awsCliImage,omitempty"`
-	CalicoNodeImage             model.Image `yaml:"calicoNodeImage,omitempty"`
-	CalicoCniImage              model.Image `yaml:"calicoCniImage,omitempty"`
-	CalicoCtlImage              model.Image `yaml:"calicoCtlImage,omitempty"`
-	CalicoPolicyControllerImage model.Image `yaml:"calicoPolicyControllerImage,omitempty"`
-	ClusterAutoscalerImage      model.Image `yaml:"clusterAutoscalerImage,omitempty"`
-	KubeDnsImage                model.Image `yaml:"kubeDnsImage,omitempty"`
-	KubeDnsMasqImage            model.Image `yaml:"kubeDnsMasqImage,omitempty"`
-	KubeReschedulerImage        model.Image `yaml:"kubeReschedulerImage,omitempty"`
-	DnsMasqMetricsImage         model.Image `yaml:"dnsMasqMetricsImage,omitempty"`
-	ExecHealthzImage            model.Image `yaml:"execHealthzImage,omitempty"`
-	HeapsterImage               model.Image `yaml:"heapsterImage,omitempty"`
-	AddonResizerImage           model.Image `yaml:"addonResizerImage,omitempty"`
-	KubeDashboardImage          model.Image `yaml:"kubeDashboardImage,omitempty"`
-	PauseImage                  model.Image `yaml:"pauseImage,omitempty"`
-	FlannelImage                model.Image `yaml:"flannelImage,omitempty"`
-	DexImage                    model.Image `yaml:"dexImage,omitempty"`
+	HyperkubeImage                     model.Image `yaml:"hyperkubeImage,omitempty"`
+	AWSCliImage                        model.Image `yaml:"awsCliImage,omitempty"`
+	CalicoNodeImage                    model.Image `yaml:"calicoNodeImage,omitempty"`
+	CalicoCniImage                     model.Image `yaml:"calicoCniImage,omitempty"`
+	CalicoCtlImage                     model.Image `yaml:"calicoCtlImage,omitempty"`
+	CalicoPolicyControllerImage        model.Image `yaml:"calicoPolicyControllerImage,omitempty"`
+	ClusterAutoscalerImage             model.Image `yaml:"clusterAutoscalerImage,omitempty"`
+	ClusterProportionalAutoscalerImage model.Image `yaml:"clusterProportionalAutoscalerImage,omitempty"`
+	KubeDnsImage                       model.Image `yaml:"kubeDnsImage,omitempty"`
+	KubeDnsMasqImage                   model.Image `yaml:"kubeDnsMasqImage,omitempty"`
+	KubeReschedulerImage               model.Image `yaml:"kubeReschedulerImage,omitempty"`
+	DnsMasqMetricsImage                model.Image `yaml:"dnsMasqMetricsImage,omitempty"`
+	ExecHealthzImage                   model.Image `yaml:"execHealthzImage,omitempty"`
+	HeapsterImage                      model.Image `yaml:"heapsterImage,omitempty"`
+	AddonResizerImage                  model.Image `yaml:"addonResizerImage,omitempty"`
+	KubeDashboardImage                 model.Image `yaml:"kubeDashboardImage,omitempty"`
+	PauseImage                         model.Image `yaml:"pauseImage,omitempty"`
+	FlannelImage                       model.Image `yaml:"flannelImage,omitempty"`
+	DexImage                           model.Image `yaml:"dexImage,omitempty"`
 }
 
 // Part of configuration which is specific to worker nodes
@@ -673,24 +675,26 @@ type Cluster struct {
 }
 
 type Experimental struct {
-	Admission                   Admission                `yaml:"admission"`
-	AuditLog                    AuditLog                 `yaml:"auditLog"`
-	Authentication              Authentication           `yaml:"authentication"`
-	AwsEnvironment              AwsEnvironment           `yaml:"awsEnvironment"`
-	AwsNodeLabels               AwsNodeLabels            `yaml:"awsNodeLabels"`
-	ClusterAutoscalerSupport    ClusterAutoscalerSupport `yaml:"clusterAutoscalerSupport"`
-	TLSBootstrap                TLSBootstrap             `yaml:"tlsBootstrap"`
-	EphemeralImageStorage       EphemeralImageStorage    `yaml:"ephemeralImageStorage"`
-	Kube2IamSupport             Kube2IamSupport          `yaml:"kube2IamSupport,omitempty"`
-	LoadBalancer                LoadBalancer             `yaml:"loadBalancer"`
-	TargetGroup                 TargetGroup              `yaml:"targetGroup"`
-	NodeDrainer                 NodeDrainer              `yaml:"nodeDrainer"`
-	NodeLabels                  NodeLabels               `yaml:"nodeLabels"`
-	Plugins                     Plugins                  `yaml:"plugins"`
-	Dex                         model.Dex                `yaml:"dex"`
-	DisableSecurityGroupIngress bool                     `yaml:"disableSecurityGroupIngress"`
-	NodeMonitorGracePeriod      string                   `yaml:"nodeMonitorGracePeriod"`
-	Taints                      model.Taints             `yaml:"taints"`
+	Admission      Admission      `yaml:"admission"`
+	AuditLog       AuditLog       `yaml:"auditLog"`
+	Authentication Authentication `yaml:"authentication"`
+	AwsEnvironment AwsEnvironment `yaml:"awsEnvironment"`
+	AwsNodeLabels  AwsNodeLabels  `yaml:"awsNodeLabels"`
+	// When cluster-autoscaler support is enabled, not only controller nodes but this node pool is also given
+	// a node label and IAM permissions to run cluster-autoscaler
+	ClusterAutoscalerSupport    model.ClusterAutoscalerSupport `yaml:"clusterAutoscalerSupport"`
+	TLSBootstrap                TLSBootstrap                   `yaml:"tlsBootstrap"`
+	EphemeralImageStorage       EphemeralImageStorage          `yaml:"ephemeralImageStorage"`
+	Kube2IamSupport             Kube2IamSupport                `yaml:"kube2IamSupport,omitempty"`
+	LoadBalancer                LoadBalancer                   `yaml:"loadBalancer"`
+	TargetGroup                 TargetGroup                    `yaml:"targetGroup"`
+	NodeDrainer                 NodeDrainer                    `yaml:"nodeDrainer"`
+	NodeLabels                  model.NodeLabels               `yaml:"nodeLabels"`
+	Plugins                     Plugins                        `yaml:"plugins"`
+	Dex                         model.Dex                      `yaml:"dex"`
+	DisableSecurityGroupIngress bool                           `yaml:"disableSecurityGroupIngress"`
+	NodeMonitorGracePeriod      string                         `yaml:"nodeMonitorGracePeriod"`
+	Taints                      model.Taints                   `yaml:"taints"`
 	model.UnknownKeys           `yaml:",inline"`
 }
 
@@ -727,10 +731,6 @@ type AwsNodeLabels struct {
 	Enabled bool `yaml:"enabled"`
 }
 
-type ClusterAutoscalerSupport struct {
-	Enabled bool `yaml:"enabled"`
-}
-
 type TLSBootstrap struct {
 	Enabled bool `yaml:"enabled"`
 }
@@ -754,27 +754,6 @@ type NodeDrainer struct {
 	Enabled bool `yaml:"enabled"`
 }
 
-type NodeLabels map[string]string
-
-func (l NodeLabels) Enabled() bool {
-	return len(l) > 0
-}
-
-// Returns key=value pairs separated by ',' to be passed to kubelet's `--node-labels` flag
-func (l NodeLabels) String() string {
-	labels := []string{}
-	keys := []string{}
-	for k, _ := range l {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-	for _, k := range keys {
-		v := l[k]
-		labels = append(labels, fmt.Sprintf("%s=%s", k, v))
-	}
-	return strings.Join(labels, ",")
-}
-
 type LoadBalancer struct {
 	Enabled          bool     `yaml:"enabled"`
 	Names            []string `yaml:"names"`
@@ -1105,6 +1084,14 @@ func (c Cluster) NestedStackName() string {
 	return strings.Title(strings.Replace(c.StackName(), "-", "", -1))
 }
 
+func (c Cluster) NodeLabels() model.NodeLabels {
+	labels := c.Experimental.NodeLabels
+	if c.Addons.ClusterAutoscaler.Enabled {
+		labels["kube-aws.coreos.com/cluster-autoscaler-supported"] = "true"
+	}
+	return labels
+}
+
 // Etcdadm returns the content of the etcdadm script to be embedded into cloud-config-etcd
 func (c *Config) Etcdadm() (string, error) {
 	return gzipcompressor.CompressData(Etcdadm)
 
@@ -197,7 +197,7 @@ coreos:
         --container-runtime={{.ContainerRuntime}} \
         --rkt-path=/usr/bin/rkt \
         --rkt-stage1-image=coreos.com/rkt/stage1-coreos \
-        --node-labels node-role.kubernetes.io/master{{if .Experimental.NodeLabels.Enabled}},{{.Experimental.NodeLabels.String}} \
+        --node-labels node-role.kubernetes.io/master{{if .NodeLabels.Enabled}},{{.NodeLabels.String}} \
         {{end}} \
         --register-with-taints=node.alpha.kubernetes.io/role=master:NoSchedule \
         --allow-privileged=true \
@@ -578,7 +578,7 @@ write_files:
       kubectl apply -f "${mfdir}/kube-dns-sa.yaml"
 
       # Deployments
-      for manifest in {kube-dns-de,kube-dns-autoscaler-de,heapster-de{{ if .KubeResourcesAutosave.Enabled }},kube-resources-autosave{{ end }}}.yaml; do
+      for manifest in {kube-dns-de,kube-dns-autoscaler-de,cluster-autoscaler-de,heapster-de{{ if .KubeResourcesAutosave.Enabled }},kube-resources-autosave{{ end }}}.yaml; do
           kubectl apply -f "${mfdir}/$manifest"
       done
 
@@ -1530,7 +1530,7 @@ write_files:
                 operator: "Exists"
               containers:
               - name: autoscaler
-                image: {{ .ClusterAutoscalerImage.RepoWithTag }}
+                image: {{ .ClusterProportionalAutoscalerImage.RepoWithTag }}
                 resources:
                     requests:
                         cpu: "20m"
@@ -1795,6 +1795,64 @@ write_files:
                     - --poll-period=300000
                     - --estimator=exponential
 
+  {{if .Addons.ClusterAutoscaler.Enabled}}
+  - path: /srv/kubernetes/manifests/cluster-autoscaler-de.yaml
+    content: |
+        apiVersion: extensions/v1beta1
+        kind: Deployment
+        metadata:
+          name: cluster-autoscaler
+          namespace: kube-system
+          labels:
+            app: cluster-autoscaler
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              app: cluster-autoscaler
+          template:
+            metadata:
+              labels:
+                app: cluster-autoscaler
+            spec:
+              affinity:
+                nodeAffinity:
+                  requiredDuringSchedulingIgnoredDuringExecution:
+                    nodeSelectorTerms:
+                    - matchExpressions:
+                      - key: "kube-aws.coreos.com/cluster-autoscaler-supported"
+                        operator: "In"
+                        values:
+                        - "true"
+              tolerations:
+              - key: "node.alpha.kubernetes.io/role"
+                operator: "Equal"
+                value: "master"
+                effect: "NoSchedule"
+              containers:
+                - image: {{ .ClusterAutoscalerImage.RepoWithTag }}
+                  name: cluster-autoscaler
+                  resources:
+                    limits:
+                      cpu: 100m
+                      memory: 300Mi
+                    requests:
+                      cpu: 100m
+                      memory: 300Mi
+                  command:
+                    - ./cluster-autoscaler
+                    - --v=4
+                    - --stderrthreshold=info
+                    - --cloud-provider=aws
+                    - --skip-nodes-with-local-storage=false
+                    - --expander=least-waste
+                    - --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled
+                  env:
+                    - name: AWS_REGION
+                      value: {{.Region}}
+                  imagePullPolicy: "Always"
+  {{end}}
+
   - path: /srv/kubernetes/manifests/heapster-svc.yaml
     content: |
         kind: Service
 
@@ -192,7 +192,7 @@ coreos:
         --container-runtime={{.ContainerRuntime}} \
         --rkt-path=/usr/bin/rkt \
         --rkt-stage1-image=coreos.com/rkt/stage1-coreos \
-        {{if .Experimental.NodeLabels.Enabled}}--node-labels {{.Experimental.NodeLabels.String}} \
+        {{if .Experimental.NodeLabels.Enabled}}--node-labels {{.NodeLabels.String}} \
         {{end}}--register-node=true \
         {{if .Experimental.Taints}}--register-with-taints={{.Experimental.Taints.String}}\
         {{end}}--allow-privileged=true \