From 93f0c9d87b429fa913e6413f7677d1deedd1ceb0 Mon Sep 17 00:00:00 2001 From: quicksilver Date: Mon, 26 Jul 2021 19:05:21 +0800 Subject: [PATCH] Update metrics server to v0.5.0 (#6811) Signed-off-by: quicksilver --- .../metrics/aggregated-metrics-reader.yaml | 12 -- build/config/metrics/auth-delegator.yaml | 13 -- build/config/metrics/auth-reader.yaml | 14 -- build/config/metrics/metrics-apiservice.yaml | 14 -- .../metrics/metrics-server-deployment.yaml | 37 ---- .../metrics/metrics-server-service.yaml | 16 -- build/config/metrics/metrics.yaml | 195 ++++++++++++++++++ build/config/metrics/resource-reader.yaml | 29 --- 8 files changed, 195 insertions(+), 135 deletions(-) delete mode 100644 build/config/metrics/aggregated-metrics-reader.yaml delete mode 100644 build/config/metrics/auth-delegator.yaml delete mode 100644 build/config/metrics/auth-reader.yaml delete mode 100644 build/config/metrics/metrics-apiservice.yaml delete mode 100644 build/config/metrics/metrics-server-deployment.yaml delete mode 100644 build/config/metrics/metrics-server-service.yaml create mode 100644 build/config/metrics/metrics.yaml delete mode 100644 build/config/metrics/resource-reader.yaml diff --git a/build/config/metrics/aggregated-metrics-reader.yaml b/build/config/metrics/aggregated-metrics-reader.yaml deleted file mode 100644 index cdf3415fdd..0000000000 --- a/build/config/metrics/aggregated-metrics-reader.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: system:aggregated-metrics-reader - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: ["metrics.k8s.io"] - resources: ["pods"] - verbs: ["get", "list", "watch"] diff --git a/build/config/metrics/auth-delegator.yaml b/build/config/metrics/auth-delegator.yaml deleted file mode 100644 index e3442c5750..0000000000 --- a/build/config/metrics/auth-delegator.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: metrics-server:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system diff --git a/build/config/metrics/auth-reader.yaml b/build/config/metrics/auth-reader.yaml deleted file mode 100644 index f0616e1635..0000000000 --- a/build/config/metrics/auth-reader.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: metrics-server-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system diff --git a/build/config/metrics/metrics-apiservice.yaml b/build/config/metrics/metrics-apiservice.yaml deleted file mode 100644 index 08b0530d80..0000000000 --- a/build/config/metrics/metrics-apiservice.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1beta1.metrics.k8s.io -spec: - service: - name: metrics-server - namespace: kube-system - group: metrics.k8s.io - version: v1beta1 - insecureSkipTLSVerify: true - groupPriorityMinimum: 100 - versionPriority: 100 diff --git a/build/config/metrics/metrics-server-deployment.yaml b/build/config/metrics/metrics-server-deployment.yaml deleted file mode 100644 index 9fdc11139f..0000000000 --- a/build/config/metrics/metrics-server-deployment.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: metrics-server - namespace: kube-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: metrics-server - namespace: kube-system - labels: - k8s-app: metrics-server -spec: - selector: - matchLabels: - k8s-app: metrics-server - template: - metadata: - name: metrics-server - labels: - k8s-app: metrics-server - spec: - serviceAccountName: metrics-server - volumes: - # mount in tmp so we can safely use from-scratch images and/or read-only containers - - name: tmp-dir - emptyDir: {} - containers: - - name: metrics-server - image: k8s.gcr.io/metrics-server-amd64:v0.3.2 - imagePullPolicy: Always - volumeMounts: - - name: tmp-dir - mountPath: /tmp - diff --git a/build/config/metrics/metrics-server-service.yaml b/build/config/metrics/metrics-server-service.yaml deleted file mode 100644 index ddf6f4a8a0..0000000000 --- a/build/config/metrics/metrics-server-service.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: metrics-server - namespace: kube-system - labels: - kubernetes.io/name: "Metrics-server" - kubernetes.io/cluster-service: "true" -spec: - selector: - k8s-app: metrics-server - ports: - - port: 443 - protocol: TCP - targetPort: 443 diff --git a/build/config/metrics/metrics.yaml b/build/config/metrics/metrics.yaml new file mode 100644 index 0000000000..6bddccfcbe --- /dev/null +++ b/build/config/metrics/metrics.yaml @@ -0,0 +1,195 @@ +# Created with `curl -Ls https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.5.0/components.yaml > build/config/metrics/metrics.yaml` +# And special patches noted below +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + - namespaces + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=443 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --kubelet-insecure-tls + image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 + diff --git a/build/config/metrics/resource-reader.yaml b/build/config/metrics/resource-reader.yaml deleted file mode 100644 index 4f9877203f..0000000000 --- a/build/config/metrics/resource-reader.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:metrics-server -rules: -- apiGroups: - - "" - resources: - - pods - - nodes - - nodes/stats - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:metrics-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:metrics-server -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system