From 3722acee85ec4a5b68761b8821666cb585637411 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <ak@patientsky.com>
Date: Fri, 26 Apr 2019 09:44:26 +0200
Subject: [PATCH] Fix broken metrics-server deployment not starting (#4651)
* Fix metrics-server deployment
* Make metrics server work
* Fix sample inventory
---
roles/download/defaults/main.yml | 4 +--
.../metrics-server-deployment.yaml.j2 | 27 +++++++++++--------
tests/files/packet_centos7-flannel-addons.yml | 3 +--
3 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a5080d97e..ae897c6e5 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -246,8 +246,8 @@ registry_image_repo: "docker.io/registry"
registry_image_tag: "2.6"
registry_proxy_image_repo: "gcr.io/google_containers/kube-registry-proxy"
registry_proxy_image_tag: "0.4"
-metrics_server_version: "v0.3.1"
-metrics_server_image_repo: "k8s.gcr.io/metrics-server-amd64"
+metrics_server_version: "v0.3.2"
+metrics_server_image_repo: "gcr.io/google_containers/metrics-server-amd64"
metrics_server_image_tag: "{{ metrics_server_version }}"
local_volume_provisioner_image_repo: "quay.io/external_storage/local-volume-provisioner"
local_volume_provisioner_image_tag: "v2.1.0"
diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
index 69bb0f7ab..126bb37cd 100644
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@@ -32,6 +32,9 @@ spec:
image: {{ metrics_server_image_repo }}:{{ metrics_server_image_tag }}
command:
- /metrics-server
+ - --logtostderr
+ - --cert-dir=/tmp
+ - --secure-port=8443
{% if metrics_server_kubelet_preferred_address_types %}
- --kubelet-preferred-address-types={{ metrics_server_kubelet_preferred_address_types }}
{% endif %}
@@ -40,9 +43,12 @@ spec:
{% endif %}
- --metric-resolution={{ metrics_server_metric_resolution }}
ports:
- - containerPort: 443
+ - containerPort: 8443
name: https
protocol: TCP
+ volumeMounts:
+ - name: tmp
+ mountPath: /tmp
livenessProbe:
httpGet:
path: /healthz
@@ -55,23 +61,20 @@ spec:
readinessProbe:
httpGet:
path: /healthz
- port: 443
+ port: https
scheme: HTTPS
successThreshold: 1
initialDelaySeconds: 20
failureThreshold: 3
timeoutSeconds: 10
securityContext:
- # Currently non root is not supported:
- # https://github.com/kubernetes-incubator/metrics-server/issues/37
- #
- # runAsNonRoot: true
- # runAsUser: 65534
+ allowPrivilegeEscalation: false
capabilities:
- drop:
- - ALL
- add:
- - NET_BIND_SERVICE
+ drop: ["all"]
+ readOnlyRootFilesystem: true
+ runAsGroup: 10001
+ runAsNonRoot: true
+ runAsUser: 10001
- name: metrics-server-nanny
image: {{ addon_resizer_image_repo }}:{{ addon_resizer_image_tag }}
resources:
@@ -112,6 +115,8 @@ spec:
- name: metrics-server-config-volume
configMap:
name: metrics-server-config
+ - name: tmp
+ emptyDir: {}
{% if not masters_are_not_tainted %}
tolerations:
- key: node-role.kubernetes.io/master
diff --git a/tests/files/packet_centos7-flannel-addons.yml b/tests/files/packet_centos7-flannel-addons.yml
index 2979e6b14..9e71f32e5 100644
--- a/tests/files/packet_centos7-flannel-addons.yml
+++ b/tests/files/packet_centos7-flannel-addons.yml
@@ -17,8 +17,7 @@ dns_min_replicas: 1
kube_encrypt_secret_data: true
ingress_nginx_enabled: true
cert_manager_enabled: true
-# Disabled temporarily
-metrics_server_enabled: false
+metrics_server_enabled: true
metrics_server_kubelet_insecure_tls: true
kube_token_auth: true
kube_basic_auth: true
--
GitLab