From ddfca24590a5d6d157025e2afbde054eeb3ac54c Mon Sep 17 00:00:00 2001 From: laverya <2318911+laverya@users.noreply.github.com> Date: Wed, 13 Mar 2024 04:01:19 +0000 Subject: [PATCH] Create new Metrics Server version --- addons/metrics-server/0.7.0/Manifest | 1 + addons/metrics-server/0.7.0/components.yaml | 201 ++++++++++++++++++ addons/metrics-server/0.7.0/install.sh | 13 ++ .../0.7.0/kubelet-insecure-tls.yaml | 16 ++ .../metrics-server/0.7.0/kustomization.yaml | 5 + web/src/installers/versions.js | 1 + 6 files changed, 237 insertions(+) create mode 100644 addons/metrics-server/0.7.0/Manifest create mode 100644 addons/metrics-server/0.7.0/components.yaml create mode 100644 addons/metrics-server/0.7.0/install.sh create mode 100644 addons/metrics-server/0.7.0/kubelet-insecure-tls.yaml create mode 100644 addons/metrics-server/0.7.0/kustomization.yaml diff --git a/addons/metrics-server/0.7.0/Manifest b/addons/metrics-server/0.7.0/Manifest new file mode 100644 index 0000000000..7e7cb6c10e --- /dev/null +++ b/addons/metrics-server/0.7.0/Manifest @@ -0,0 +1 @@ +image metrics-server-metrics-server registry.k8s.io/metrics-server/metrics-server:v0.7.0 diff --git a/addons/metrics-server/0.7.0/components.yaml b/addons/metrics-server/0.7.0/components.yaml new file mode 100644 index 0000000000..03bf85907c --- /dev/null +++ b/addons/metrics-server/0.7.0/components.yaml @@ -0,0 +1,201 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=10250 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + image: registry.k8s.io/metrics-server/metrics-server:v0.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 10250 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 diff --git a/addons/metrics-server/0.7.0/install.sh b/addons/metrics-server/0.7.0/install.sh new file mode 100644 index 0000000000..f16aeb8d3b --- /dev/null +++ b/addons/metrics-server/0.7.0/install.sh @@ -0,0 +1,13 @@ +metrics-server() { + local src="$DIR/addons/metrics-server/0.7.0" + local dst="$DIR/kustomize/metrics-server" + + cp "$src/components.yaml" "$dst" + cp "$src/kubelet-insecure-tls.yaml" "$dst" + cp "$src/kustomization.yaml" "$dst" + + kubectl apply -k "$dst" + + printf "awaiting metrics-server deployment\n" + spinner_until 120 deployment_fully_updated kube-system metrics-server +} diff --git a/addons/metrics-server/0.7.0/kubelet-insecure-tls.yaml b/addons/metrics-server/0.7.0/kubelet-insecure-tls.yaml new file mode 100644 index 0000000000..94ab5ed794 --- /dev/null +++ b/addons/metrics-server/0.7.0/kubelet-insecure-tls.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metrics-server + namespace: kube-system +spec: + template: + spec: + containers: + - name: metrics-server + args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-insecure-tls + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port diff --git a/addons/metrics-server/0.7.0/kustomization.yaml b/addons/metrics-server/0.7.0/kustomization.yaml new file mode 100644 index 0000000000..8bc55df306 --- /dev/null +++ b/addons/metrics-server/0.7.0/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- components.yaml + +patchesStrategicMerge: +- kubelet-insecure-tls.yaml diff --git a/web/src/installers/versions.js b/web/src/installers/versions.js index 230534edc5..c9d22aa25d 100644 --- a/web/src/installers/versions.js +++ b/web/src/installers/versions.js @@ -612,6 +612,7 @@ module.exports.InstallerVersions = { ], metricsServer: [ // cron-metrics-server-update + "0.7.0", "0.6.4", "0.6.3", "0.6.2",