From dfe3f3a60e9527d6565c4b0eae2469efd0671715 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Fri, 7 May 2021 23:46:01 +0200 Subject: [PATCH] Update metrics-server from upstream --- bin/update.sh | 3 +- defaults/main.yml | 2 + files/metrics-server-Deployment.yaml | 54 ++++++++++++------- files/metrics-server-Service.yaml | 14 ++--- files/metrics-server-ServiceAccount.yaml | 2 + ...etrics-server-auth-reader-RoleBinding.yaml | 2 + ...tem:auth-delegator-ClusterRoleBinding.yaml | 2 + ...aggregated-metrics-reader-ClusterRole.yaml | 19 ++++--- files/system:metrics-server-ClusterRole.yaml | 2 + ...tem:metrics-server-ClusterRoleBinding.yaml | 2 + files/v1beta1.metrics.k8s.io-APIService.yaml | 10 ++-- vars/metrics_server_files_list.yml | 12 ++--- 12 files changed, 82 insertions(+), 42 deletions(-) diff --git a/bin/update.sh b/bin/update.sh index 0ff27b0..73e8599 100755 --- a/bin/update.sh +++ b/bin/update.sh @@ -2,7 +2,7 @@ METRICS_SERVER_FILE="vars/metrics_server_files_list.yml" -wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml +wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.4.4/components.yaml kubernetes-split-yaml components.yaml > generated.log rm -f files/*.yaml mv generated/*.yaml files/ @@ -10,3 +10,4 @@ echo -e "---\nmetrics_server_files:" > "${METRICS_SERVER_FILE}" cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> "${METRICS_SERVER_FILE}" rm -fr generated generated.log components.yaml +sed '/ args:/ a\ - --kubelet-insecure-tls' -i files/metrics-server-Deployment.yaml diff --git a/defaults/main.yml b/defaults/main.yml index e0624d3..ed82cbf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1 +1,3 @@ my_context: minikube +metrics_server_version: "v0.4.4" +metrics_server_url: "https://github.com/kubernetes-sigs/metrics-server/releases/download/{{ metrics_server_version }}/components.yaml" \ No newline at end of file diff --git a/files/metrics-server-Deployment.yaml b/files/metrics-server-Deployment.yaml index 17cad5e..cbcf5e8 100644 --- a/files/metrics-server-Deployment.yaml +++ b/files/metrics-server-Deployment.yaml @@ -1,43 +1,61 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: metrics-server - namespace: kube-system labels: k8s-app: metrics-server + name: metrics-server + namespace: kube-system spec: selector: matchLabels: k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 template: metadata: - name: metrics-server labels: k8s-app: metrics-server spec: - serviceAccountName: metrics-server - volumes: - # mount in tmp so we can safely use from-scratch images and/or read-only containers - - name: tmp-dir - emptyDir: {} containers: - - name: metrics-server - image: k8s.gcr.io/metrics-server-amd64:v0.3.6 + - args: + - --kubelet-insecure-tls + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + image: k8s.gcr.io/metrics-server/metrics-server:v0.4.4 imagePullPolicy: IfNotPresent - args: - - --cert-dir=/tmp - - --secure-port=4443 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server ports: - - name: main-port - containerPort: 4443 + - containerPort: 4443 + name: https protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + periodSeconds: 10 securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 volumeMounts: - - name: tmp-dir - mountPath: /tmp + - mountPath: /tmp + name: tmp-dir nodeSelector: kubernetes.io/os: linux - kubernetes.io/arch: "amd64" + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir diff --git a/files/metrics-server-Service.yaml b/files/metrics-server-Service.yaml index 19304e8..e63ea9f 100644 --- a/files/metrics-server-Service.yaml +++ b/files/metrics-server-Service.yaml @@ -1,15 +1,15 @@ apiVersion: v1 kind: Service metadata: + labels: + k8s-app: metrics-server name: metrics-server namespace: kube-system - labels: - kubernetes.io/name: "Metrics-server" - kubernetes.io/cluster-service: "true" spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https selector: k8s-app: metrics-server - ports: - - port: 443 - protocol: TCP - targetPort: main-port diff --git a/files/metrics-server-ServiceAccount.yaml b/files/metrics-server-ServiceAccount.yaml index ee205aa..dac9ae6 100644 --- a/files/metrics-server-ServiceAccount.yaml +++ b/files/metrics-server-ServiceAccount.yaml @@ -1,5 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + k8s-app: metrics-server name: metrics-server namespace: kube-system diff --git a/files/metrics-server-auth-reader-RoleBinding.yaml b/files/metrics-server-auth-reader-RoleBinding.yaml index 9eff129..a6e71b8 100644 --- a/files/metrics-server-auth-reader-RoleBinding.yaml +++ b/files/metrics-server-auth-reader-RoleBinding.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: diff --git a/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml b/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml index 109f55f..3eae64b 100644 --- a/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml +++ b/files/metrics-server:system:auth-delegator-ClusterRoleBinding.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/files/system:aggregated-metrics-reader-ClusterRole.yaml b/files/system:aggregated-metrics-reader-ClusterRole.yaml index 826455c..972d3d0 100644 --- a/files/system:aggregated-metrics-reader-ClusterRole.yaml +++ b/files/system:aggregated-metrics-reader-ClusterRole.yaml @@ -1,12 +1,19 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: system:aggregated-metrics-reader labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" + k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader rules: -- apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/files/system:metrics-server-ClusterRole.yaml b/files/system:metrics-server-ClusterRole.yaml index 30e3401..e3d29d5 100644 --- a/files/system:metrics-server-ClusterRole.yaml +++ b/files/system:metrics-server-ClusterRole.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: diff --git a/files/system:metrics-server-ClusterRoleBinding.yaml b/files/system:metrics-server-ClusterRoleBinding.yaml index dc63434..a1d0fad 100644 --- a/files/system:metrics-server-ClusterRoleBinding.yaml +++ b/files/system:metrics-server-ClusterRoleBinding.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/files/v1beta1.metrics.k8s.io-APIService.yaml b/files/v1beta1.metrics.k8s.io-APIService.yaml index a8860fb..65fdae9 100644 --- a/files/v1beta1.metrics.k8s.io-APIService.yaml +++ b/files/v1beta1.metrics.k8s.io-APIService.yaml @@ -1,13 +1,15 @@ -apiVersion: apiregistration.k8s.io/v1beta1 +apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: + labels: + k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true service: name: metrics-server namespace: kube-system - group: metrics.k8s.io version: v1beta1 - insecureSkipTLSVerify: true - groupPriorityMinimum: 100 versionPriority: 100 diff --git a/vars/metrics_server_files_list.yml b/vars/metrics_server_files_list.yml index 9b8173b..a2ec337 100644 --- a/vars/metrics_server_files_list.yml +++ b/vars/metrics_server_files_list.yml @@ -1,11 +1,11 @@ --- metrics_server_files: - - "system:aggregated-metrics-reader-ClusterRole.yaml" - - "metrics-server:system:auth-delegator-ClusterRoleBinding.yaml" - - "metrics-server-auth-reader-RoleBinding.yaml" - - "v1beta1.metrics.k8s.io-APIService.yaml" - "metrics-server-ServiceAccount.yaml" - - "metrics-server-Deployment.yaml" - - "metrics-server-Service.yaml" + - "system:aggregated-metrics-reader-ClusterRole.yaml" - "system:metrics-server-ClusterRole.yaml" + - "metrics-server-auth-reader-RoleBinding.yaml" + - "metrics-server:system:auth-delegator-ClusterRoleBinding.yaml" - "system:metrics-server-ClusterRoleBinding.yaml" + - "metrics-server-Service.yaml" + - "metrics-server-Deployment.yaml" + - "v1beta1.metrics.k8s.io-APIService.yaml"