From c06896a352ac126877106bbc3185062f2ff6ed8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9opold=20Jacquot?= <leopold.jacquot@gmail.com>
Date: Thu, 12 Aug 2021 17:19:48 +0200
Subject: [PATCH] Update metrics-server to 0.5.0 (#7864)
---
.../sample/group_vars/k8s_cluster/addons.yml | 2 +-
roles/download/defaults/main.yml | 2 +-
.../metrics_server/defaults/main.yml | 26 ++++++++---------
.../metrics-server-deployment.yaml.j2 | 29 ++++++++++---------
4 files changed, 31 insertions(+), 28 deletions(-)
diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml
index 1d08337a8..6c5ed80cb 100644
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@@ -15,7 +15,7 @@ registry_enabled: false
# Metrics Server deployment
metrics_server_enabled: false
# metrics_server_kubelet_insecure_tls: true
-# metrics_server_metric_resolution: 60s
+# metrics_server_metric_resolution: 15s
# metrics_server_kubelet_preferred_address_types: "InternalIP"
# Rancher Local Path Provisioner
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 577b65aba..93b4ecf27 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -603,7 +603,7 @@ registry_image_repo: "{{ docker_image_repo }}/library/registry"
registry_image_tag: "2.7.1"
registry_proxy_image_repo: "{{ kube_image_repo }}/kube-registry-proxy"
registry_proxy_image_tag: "0.4"
-metrics_server_version: "v0.4.2"
+metrics_server_version: "v0.5.0"
metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server/metrics-server"
metrics_server_image_tag: "{{ metrics_server_version }}"
local_volume_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/local-volume-provisioner"
diff --git a/roles/kubernetes-apps/metrics_server/defaults/main.yml b/roles/kubernetes-apps/metrics_server/defaults/main.yml
index a7f2360d2..812de3172 100644
--- a/roles/kubernetes-apps/metrics_server/defaults/main.yml
+++ b/roles/kubernetes-apps/metrics_server/defaults/main.yml
@@ -1,16 +1,16 @@
---
metrics_server_kubelet_insecure_tls: true
metrics_server_kubelet_preferred_address_types: "InternalIP"
-metrics_server_metric_resolution: 60s
-metrics_server_cpu: 40m
-metrics_server_memory: 35Mi
-metrics_server_memory_per_node: 4Mi
-metrics_server_min_cluster_size: 5
-metrics_server_limits_cpu: 43m
-metrics_server_limits_memory: 55Mi
-metrics_server_requests_cpu: 43m
-metrics_server_requests_memory: 55Mi
-addon_resizer_limits_cpu: 100m
-addon_resizer_limits_memory: 300Mi
-addon_resizer_requests_cpu: 5m
-addon_resizer_requests_memory: 50Mi
+metrics_server_metric_resolution: 15s
+metrics_server_cpu: 20m
+metrics_server_memory: 15Mi
+metrics_server_memory_per_node: 2Mi
+metrics_server_min_cluster_size: 10
+metrics_server_limits_cpu: 100m
+metrics_server_limits_memory: 200Mi
+metrics_server_requests_cpu: 100m
+metrics_server_requests_memory: 200Mi
+addon_resizer_limits_cpu: 40m
+addon_resizer_limits_memory: 25Mi
+addon_resizer_requests_cpu: 40m
+addon_resizer_requests_memory: 25Mi
diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
index 746d7c352..9be9c048e 100644
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@@ -13,6 +13,9 @@ spec:
matchLabels:
app.kubernetes.io/name: metrics-server
version: {{ metrics_server_version }}
+ strategy:
+ rollingUpdate:
+ maxUnavailable: 0
template:
metadata:
name: metrics-server
@@ -28,11 +31,10 @@ spec:
- name: metrics-server
image: {{ metrics_server_image_repo }}:{{ metrics_server_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
- command:
- - /metrics-server
+ args:
- --logtostderr
- --cert-dir=/tmp
- - --secure-port=8443
+ - --secure-port=443
{% if metrics_server_kubelet_preferred_address_types %}
- --kubelet-preferred-address-types={{ metrics_server_kubelet_preferred_address_types }}
{% endif %}
@@ -41,12 +43,8 @@ spec:
- --kubelet-insecure-tls
{% endif %}
- --metric-resolution={{ metrics_server_metric_resolution }}
- resources:
- requests:
- cpu: 100m
- memory: 300Mi
ports:
- - containerPort: 8443
+ - containerPort: 443
name: https
protocol: TCP
volumeMounts:
@@ -54,20 +52,25 @@ spec:
mountPath: /tmp
livenessProbe:
httpGet:
- path: /healthz?exclude=readyz
+ path: /livez
port: https
scheme: HTTPS
- timeoutSeconds: 10
+ periodSeconds: 10
+ failureThreshold: 3
+ initialDelaySeconds: 40
readinessProbe:
httpGet:
- path: /healthz?exclude=livez
+ path: /readyz
port: https
scheme: HTTPS
- timeoutSeconds: 10
+ periodSeconds: 10
+ failureThreshold: 3
+ initialDelaySeconds: 40
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["all"]
+ add: ["CAP_NET_BIND_SERVICE"]
readOnlyRootFilesystem: true
runAsGroup: 10001
runAsNonRoot: true
@@ -105,7 +108,7 @@ spec:
- /pod_nanny
- --config-dir=/etc/config
- --cpu={{ metrics_server_cpu }}
- - --extra-cpu=0.5m
+ - --extra-cpu=1m
- --memory={{ metrics_server_memory }}
- --extra-memory={{ metrics_server_memory_per_node }}
- --threshold=5
--
GitLab