update manifests for v0.2

Signed-off-by: Zach Zhu <[email protected]>

config/default/kustomization.yaml

@@ -28,7 +28,7 @@ patchesStrategicMerge:
 # Protect the /metrics endpoint by putting it behind auth.
 # If you want your controller-manager to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+#- manager_auth_proxy_patch.yaml
 
 
 

config/manager/config.yaml

@@ -15,8 +15,18 @@ data:
   prometheus-metrics-config.yaml: |
     resourceRules:
       cpu:
-        containerQuery: sum by (<<.GroupBy>>) (irate(container_cpu_usage_seconds_total{container!="",container!="POD",<<.LabelMatchers>>}[3m]))
-        readyPodsOnlyContainerQuery: sum by (<<.GroupBy>>) ((kube_pod_status_ready{condition="true"} == 1) * on (namespace, pod) group_left sum by (namespace, pod) (irate(container_cpu_usage_seconds_total{container!="",container!="POD",<<.LabelMatchers>>}[3m])))
+        containerQuery: |-
+          sum by (<<.GroupBy>>) (
+            irate(container_cpu_usage_seconds_total{container!="",container!="POD",<<.LabelMatchers>>}[3m])
+          )
+        readyPodsOnlyContainerQuery: |-
+          sum by (<<.GroupBy>>) (
+              (kube_pod_status_ready{condition="true"} == 1)
+            * on (namespace, pod) group_left ()
+              sum by (namespace, pod) (
+                irate(container_cpu_usage_seconds_total{container!="",container!="POD",<<.LabelMatchers>>}[3m])
+              )
+          )
         resources:
           overrides:
             namespace:
@@ -25,8 +35,18 @@ data:
               resource: pod
         containerLabel: container
       memory:
-        containerQuery: sum by (<<.GroupBy>>) (container_memory_working_set_bytes{container!="",container!="POD",<<.LabelMatchers>>})
-        readyPodsOnlyContainerQuery: sum by (<<.GroupBy>>) ((kube_pod_status_ready{condition="true"} == 1) * on (namespace, pod) group_left sum by (namespace, pod) (container_memory_working_set_bytes{container!="",container!="POD",<<.LabelMatchers>>}))
+        containerQuery: |-
+          sum by (<<.GroupBy>>) (
+            container_memory_working_set_bytes{container!="",container!="POD",<<.LabelMatchers>>}
+          )
+        readyPodsOnlyContainerQuery: |-
+          sum by (<<.GroupBy>>) (
+              (kube_pod_status_ready{condition="true"} == 1)
+            * on (namespace, pod) group_left ()
+              sum by (namespace, pod) (
+                container_memory_working_set_bytes{container!="",container!="POD",<<.LabelMatchers>>}
+              )
+          )
         resources:
           overrides:
             namespace:

config/manager/kustomization.yaml

@@ -1,3 +1,4 @@
 resources:
 - config.yaml
 - manager.yaml
+- service.yaml

config/manager/manager.yaml

@@ -46,6 +46,9 @@ spec:
         - --zap-log-level=1
         - --leader-elect
         - --prometheus-metrics-config=/etc/kapacity/prometheus-metrics-config.yaml
+        - --algorithm-job-namespace=kapacity-system
+        - --algorithm-job-default-service-account=kapacity-algorithm-job
+        - --algorithm-job-default-metrics-server-addr=kapacity-grpc-service:9090
         image: controller:latest
         name: manager
         securityContext:
@@ -65,6 +68,10 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
+        ports:
+        - containerPort: 9090
+          name: grpc-server
+          protocol: TCP
         volumeMounts:
         - name: config
           mountPath: /etc/kapacity

config/manager/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: service
+    app.kubernetes.io/instance: grpc-service
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: kapacity
+    app.kubernetes.io/part-of: kapacity
+    app.kubernetes.io/managed-by: kustomize
+  name: grpc-service
+  namespace: system
+spec:
+  ports:
+  - port: 9090
+    protocol: TCP
+    targetPort: 9090
+  selector:
+    control-plane: controller-manager

config/rbac/algorithm_job_role.yaml

@@ -0,0 +1,44 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: algorithm-job-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: kapacity
+    app.kubernetes.io/part-of: kapacity
+    app.kubernetes.io/managed-by: kustomize
+  name: algorithm-job-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - '*'
+  resources:
+  - '*/scale'
+  verbs:
+  - get
+- apiGroups:
+  - autoscaling.kapacitystack.io
+  resources:
+  - horizontalportraits
+  verbs:
+  - get
+  - list
+  - watch

config/rbac/algorithm_job_role_binding.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/instance: algorithm-job-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: kapacity
+    app.kubernetes.io/part-of: kapacity
+    app.kubernetes.io/managed-by: kustomize
+  name: algorithm-job-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: algorithm-job-role
+subjects:
+- kind: ServiceAccount
+  name: algorithm-job
+  namespace: system

config/rbac/kustomization.yaml

@@ -9,6 +9,8 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+- algorithm_job_role.yaml
+- algorithm_job_role_binding.yaml
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.

config/rbac/service_account.yaml

@@ -10,3 +10,17 @@ metadata:
     app.kubernetes.io/managed-by: kustomize
   name: controller-manager
   namespace: system
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: serviceaccount
+    app.kuberentes.io/instance: algorithm-job
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: kapacity
+    app.kubernetes.io/part-of: kapacity
+    app.kubernetes.io/managed-by: kustomize
+  name: algorithm-job
+  namespace: system