diff --git a/deploy/base/inflated/metrics-server/templates/apiservice.yaml b/deploy/base/inflated/metrics-server/templates/apiservice.yaml new file mode 100644 index 0000000..943ef8f --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/apiservice.yaml @@ -0,0 +1,21 @@ +--- +# Source: metrics-server/templates/apiservice.yaml +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1beta1.metrics.k8s.io + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: default + version: v1beta1 + versionPriority: 100 diff --git a/deploy/base/inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml b/deploy/base/inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml new file mode 100644 index 0000000..aa2aab2 --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml @@ -0,0 +1,25 @@ +--- +# Source: metrics-server/templates/clusterrole-aggregated-reader.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:metrics-server-aggregated-reader + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/deploy/base/inflated/metrics-server/templates/clusterrole.yaml b/deploy/base/inflated/metrics-server/templates/clusterrole.yaml new file mode 100644 index 0000000..e72333d --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/clusterrole.yaml @@ -0,0 +1,30 @@ +--- +# Source: metrics-server/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:metrics-server + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - apiGroups: + - "" + resources: + - pods + - nodes + - namespaces + - configmaps + verbs: + - get + - list + - watch diff --git a/deploy/base/inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml b/deploy/base/inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml new file mode 100644 index 0000000..cf8b1a6 --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml @@ -0,0 +1,20 @@ +--- +# Source: metrics-server/templates/clusterrolebinding-auth-delegator.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-server:system:auth-delegator + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: metrics-server + namespace: default diff --git a/deploy/base/inflated/metrics-server/templates/clusterrolebinding.yaml b/deploy/base/inflated/metrics-server/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..8215a88 --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +--- +# Source: metrics-server/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:metrics-server + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: + - kind: ServiceAccount + name: metrics-server + namespace: default diff --git a/deploy/base/inflated/metrics-server/templates/deployment.yaml b/deploy/base/inflated/metrics-server/templates/deployment.yaml new file mode 100644 index 0000000..3515d9e --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/deployment.yaml @@ -0,0 +1,67 @@ +--- +# Source: metrics-server/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metrics-server + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + template: + metadata: + labels: + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + spec: + serviceAccountName: metrics-server + priorityClassName: "system-cluster-critical" + containers: + - name: metrics-server + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1 + imagePullPolicy: IfNotPresent + args: + - --secure-port=4443 + - --cert-dir=/tmp + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + ports: + - name: https + protocol: TCP + containerPort: 4443 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + initialDelaySeconds: 0 + periodSeconds: 10 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + volumeMounts: + - name: tmp + mountPath: /tmp + volumes: + - name: tmp + emptyDir: {} diff --git a/deploy/base/inflated/metrics-server/templates/rolebinding.yaml b/deploy/base/inflated/metrics-server/templates/rolebinding.yaml new file mode 100644 index 0000000..788c3ca --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/rolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: metrics-server/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metrics-server-auth-reader + namespace: kube-system + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: metrics-server + namespace: default diff --git a/deploy/base/inflated/metrics-server/templates/service.yaml b/deploy/base/inflated/metrics-server/templates/service.yaml new file mode 100644 index 0000000..0615a8b --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/service.yaml @@ -0,0 +1,22 @@ +--- +# Source: metrics-server/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: metrics-server + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server diff --git a/deploy/base/inflated/metrics-server/templates/serviceaccount.yaml b/deploy/base/inflated/metrics-server/templates/serviceaccount.yaml new file mode 100644 index 0000000..72580e4 --- /dev/null +++ b/deploy/base/inflated/metrics-server/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +--- +# Source: metrics-server/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metrics-server + labels: + helm.sh/chart: metrics-server-3.8.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.6.1" + app.kubernetes.io/managed-by: Helm diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 0304f37..d843fcf 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -1,5 +1,15 @@ --- resources: +# metrics-server +- inflated/metrics-server/templates/serviceaccount.yaml +- inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml +- inflated/metrics-server/templates/rolebinding.yaml +- inflated/metrics-server/templates/deployment.yaml +- inflated/metrics-server/templates/apiservice.yaml +- inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml +- inflated/metrics-server/templates/service.yaml +- inflated/metrics-server/templates/clusterrole.yaml +- inflated/metrics-server/templates/clusterrolebinding.yaml # ingress-nginx - inflated/ingress-nginx/templates/controller-deployment.yaml - inflated/ingress-nginx/templates/controller-serviceaccount.yaml diff --git a/deploy/dev/deploy-metrics-server.yaml b/deploy/dev/deploy-metrics-server.yaml new file mode 100644 index 0000000..e9fb61d --- /dev/null +++ b/deploy/dev/deploy-metrics-server.yaml @@ -0,0 +1,4 @@ +--- +- op: add + path: /spec/template/spec/containers/0/args/- + value: "--kubelet-insecure-tls" diff --git a/deploy/dev/kustomization.yaml b/deploy/dev/kustomization.yaml index 03ee0f6..d055bd2 100644 --- a/deploy/dev/kustomization.yaml +++ b/deploy/dev/kustomization.yaml @@ -46,6 +46,11 @@ secretGenerator: - database-password=testme patches: +# Patch the metrics-server to not require TLS in dev cluster. +- target: + kind: Deployment + name: metrics-server + path: deploy-metrics-server.yaml # Patch the ingress-nginx deployment to allow it to use a service with a # namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289. - target: