diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a5080d97e53565859b4afbd4c19919b2c6b9b9a5..ae897c6e5832d1125470f7ee9dc061cc31118c89 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -246,8 +246,8 @@ registry_image_repo: "docker.io/registry"
registry_image_tag: "2.6"
registry_proxy_image_repo: "gcr.io/google_containers/kube-registry-proxy"
registry_proxy_image_tag: "0.4"
-metrics_server_version: "v0.3.1"
-metrics_server_image_repo: "k8s.gcr.io/metrics-server-amd64"
+metrics_server_version: "v0.3.2"
+metrics_server_image_repo: "gcr.io/google_containers/metrics-server-amd64"
metrics_server_image_tag: "{{ metrics_server_version }}"
local_volume_provisioner_image_repo: "quay.io/external_storage/local-volume-provisioner"
local_volume_provisioner_image_tag: "v2.1.0"
diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
index 69bb0f7ab1e9008e675979abe4a20247951119d9..126bb37cdcca33709734d166baad9c1b52f2a31e 100644
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@@ -32,6 +32,9 @@ spec:
image: {{ metrics_server_image_repo }}:{{ metrics_server_image_tag }}
command:
- /metrics-server
+ - --logtostderr
+ - --cert-dir=/tmp
+ - --secure-port=8443
{% if metrics_server_kubelet_preferred_address_types %}
- --kubelet-preferred-address-types={{ metrics_server_kubelet_preferred_address_types }}
{% endif %}
@@ -40,9 +43,12 @@ spec:
{% endif %}
- --metric-resolution={{ metrics_server_metric_resolution }}
ports:
- - containerPort: 443
+ - containerPort: 8443
name: https
protocol: TCP
+ volumeMounts:
+ - name: tmp
+ mountPath: /tmp
livenessProbe:
httpGet:
path: /healthz
@@ -55,23 +61,20 @@ spec:
readinessProbe:
httpGet:
path: /healthz
- port: 443
+ port: https
scheme: HTTPS
successThreshold: 1
initialDelaySeconds: 20
failureThreshold: 3
timeoutSeconds: 10
securityContext:
- # Currently non root is not supported:
- # https://github.com/kubernetes-incubator/metrics-server/issues/37
- #
- # runAsNonRoot: true
- # runAsUser: 65534
+ allowPrivilegeEscalation: false
capabilities:
- drop:
- - ALL
- add:
- - NET_BIND_SERVICE
+ drop: ["all"]
+ readOnlyRootFilesystem: true
+ runAsGroup: 10001
+ runAsNonRoot: true
+ runAsUser: 10001
- name: metrics-server-nanny
image: {{ addon_resizer_image_repo }}:{{ addon_resizer_image_tag }}
resources:
@@ -112,6 +115,8 @@ spec:
- name: metrics-server-config-volume
configMap:
name: metrics-server-config
+ - name: tmp
+ emptyDir: {}
{% if not masters_are_not_tainted %}
tolerations:
- key: node-role.kubernetes.io/master
diff --git a/tests/files/packet_centos7-flannel-addons.yml b/tests/files/packet_centos7-flannel-addons.yml
index 2979e6b141b1ed187ad6e8b65dd5d86c286eeada..9e71f32e5653554a9e25c3e10c3472618bc9d986 100644
--- a/tests/files/packet_centos7-flannel-addons.yml
+++ b/tests/files/packet_centos7-flannel-addons.yml
@@ -17,8 +17,7 @@ dns_min_replicas: 1
kube_encrypt_secret_data: true
ingress_nginx_enabled: true
cert_manager_enabled: true
-# Disabled temporarily
-metrics_server_enabled: false
+metrics_server_enabled: true
metrics_server_kubelet_insecure_tls: true
kube_token_auth: true
kube_basic_auth: true