From a505a4c71fd45e42311a4c152253c9423017cb9b Mon Sep 17 00:00:00 2001
From: Mohamed Omar Zaian <mohamedzaian@gmail.com>
Date: Wed, 26 Apr 2023 13:10:16 +0200
Subject: [PATCH] [feat] Update metrics server to v0.6.3 (#10026)
---
.../sample/group_vars/k8s_cluster/addons.yml | 2 +-
roles/download/defaults/main.yml | 2 +-
.../metrics_server/defaults/main.yml | 2 +-
.../metrics-server-deployment.yaml.j2 | 10 +++++---
.../templates/resource-reader.yaml.j2 | 25 +++++++++++--------
5 files changed, 24 insertions(+), 17 deletions(-)
diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml
index cc4478c4c..32892923f 100644
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@@ -14,7 +14,7 @@ registry_enabled: false
# Metrics Server deployment
metrics_server_enabled: false
-# metrics_server_container_port: 4443
+# metrics_server_container_port: 10250
# metrics_server_kubelet_insecure_tls: true
# metrics_server_metric_resolution: 15s
# metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname"
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a3893d789..428e7ce62 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -1079,7 +1079,7 @@ dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
registry_version: "2.8.1"
registry_image_repo: "{{ docker_image_repo }}/library/registry"
registry_image_tag: "{{ registry_version }}"
-metrics_server_version: "v0.6.2"
+metrics_server_version: "v0.6.3"
metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server/metrics-server"
metrics_server_image_tag: "{{ metrics_server_version }}"
local_volume_provisioner_version: "v2.5.0"
diff --git a/roles/kubernetes-apps/metrics_server/defaults/main.yml b/roles/kubernetes-apps/metrics_server/defaults/main.yml
index 993eed6c1..934e67b75 100644
--- a/roles/kubernetes-apps/metrics_server/defaults/main.yml
+++ b/roles/kubernetes-apps/metrics_server/defaults/main.yml
@@ -1,5 +1,5 @@
---
-metrics_server_container_port: 4443
+metrics_server_container_port: 10250
metrics_server_kubelet_insecure_tls: true
metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname"
metrics_server_metric_resolution: 15s
diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
index 686cde0fc..db9498bfd 100644
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@@ -23,8 +23,6 @@ spec:
labels:
app.kubernetes.io/name: metrics-server
version: {{ metrics_server_version }}
- annotations:
- seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
@@ -70,10 +68,14 @@ spec:
initialDelaySeconds: 40
securityContext:
readOnlyRootFilesystem: true
- runAsGroup: 10001
runAsNonRoot: true
- runAsUser: 10001
+ runAsUser: 1000
allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
resources:
limits:
cpu: {{ metrics_server_limits_cpu }}
diff --git a/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2
index 3d9ea8118..9c4a3b752 100644
--- a/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2
@@ -5,13 +5,18 @@ metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
rules:
- - apiGroups:
- - ""
- resources:
- - pods
- - nodes
- - nodes/metrics
- verbs:
- - get
- - list
- - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes/metrics
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
--
GitLab