From 209e3a4df4cd6f677fe6402aa5c2cbd28f0d66f7 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Mon, 11 Dec 2023 15:50:37 +0100
Subject: [PATCH] feat(metrics-server): adding metrics-server 0.6.4

---
 base/cert-manager/kustomization.yaml          |  4 +-
 base/kustomization.yaml                       |  1 +
 base/metrics/kustomization.yaml               | 10 +--
 .../resources/cluster-role-reader.yaml        | 19 ------
 .../resources/cluster-role-server.yaml        | 22 ------
 .../role-binding-auth-delegator.yaml          | 14 ----
 .../resources/role-binding-auth-reader.yaml   | 15 ----
 .../role-binding-metrics-server.yaml          | 14 ----
 base/metrics/resources/service-account.yaml   |  7 --
 base/metrics/resources/service-api.yaml       | 15 ----
 base/metrics/resources/service-app.yaml       | 68 -------------------
 base/metrics/resources/service.yaml           | 15 ----
 12 files changed, 5 insertions(+), 199 deletions(-)
 delete mode 100644 base/metrics/resources/cluster-role-reader.yaml
 delete mode 100644 base/metrics/resources/cluster-role-server.yaml
 delete mode 100644 base/metrics/resources/role-binding-auth-delegator.yaml
 delete mode 100644 base/metrics/resources/role-binding-auth-reader.yaml
 delete mode 100644 base/metrics/resources/role-binding-metrics-server.yaml
 delete mode 100644 base/metrics/resources/service-account.yaml
 delete mode 100644 base/metrics/resources/service-api.yaml
 delete mode 100644 base/metrics/resources/service-app.yaml
 delete mode 100644 base/metrics/resources/service.yaml

diff --git a/base/cert-manager/kustomization.yaml b/base/cert-manager/kustomization.yaml
index baa8549..764e312 100644
--- a/base/cert-manager/kustomization.yaml
+++ b/base/cert-manager/kustomization.yaml
@@ -3,4 +3,6 @@ kind: Kustomization
 namespace: cert-manager
 
 resources:
-- https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml
+- https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
+- ./resources/le-prod-issuer.yaml
+- ./resources/le-staging-issuer.yaml
diff --git a/base/kustomization.yaml b/base/kustomization.yaml
index 6e24d62..f1a47f4 100644
--- a/base/kustomization.yaml
+++ b/base/kustomization.yaml
@@ -8,5 +8,6 @@ bases:
 - ./postgresql
 - ./redis
 - ./minio
+- ./metrics
 - ./nginx
 - ./cloudnative-pg-operator
diff --git a/base/metrics/kustomization.yaml b/base/metrics/kustomization.yaml
index 81d59b1..ee7489b 100644
--- a/base/metrics/kustomization.yaml
+++ b/base/metrics/kustomization.yaml
@@ -2,12 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- resources/service-account.yaml
-- resources/cluster-role-reader.yaml
-- resources/cluster-role-server.yaml
-- resources/role-binding-auth-reader.yaml
-- resources/role-binding-auth-delegator.yaml
-- resources/role-binding-metrics-server.yaml
-- resources/service.yaml
-- resources/service-app.yaml
-- resources/service-api.yaml
+- https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.4/high-availability-1.21+.yaml
diff --git a/base/metrics/resources/cluster-role-reader.yaml b/base/metrics/resources/cluster-role-reader.yaml
deleted file mode 100644
index 972d3d0..0000000
--- a/base/metrics/resources/cluster-role-reader.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    k8s-app: metrics-server
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-  name: system:aggregated-metrics-reader
-rules:
-- apiGroups:
-  - metrics.k8s.io
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
diff --git a/base/metrics/resources/cluster-role-server.yaml b/base/metrics/resources/cluster-role-server.yaml
deleted file mode 100644
index 044db2d..0000000
--- a/base/metrics/resources/cluster-role-server.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: system:metrics-server
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - nodes/metrics
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
diff --git a/base/metrics/resources/role-binding-auth-delegator.yaml b/base/metrics/resources/role-binding-auth-delegator.yaml
deleted file mode 100644
index 3eae64b..0000000
--- a/base/metrics/resources/role-binding-auth-delegator.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server:system:auth-delegator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
diff --git a/base/metrics/resources/role-binding-auth-reader.yaml b/base/metrics/resources/role-binding-auth-reader.yaml
deleted file mode 100644
index a6e71b8..0000000
--- a/base/metrics/resources/role-binding-auth-reader.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server-auth-reader
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
diff --git a/base/metrics/resources/role-binding-metrics-server.yaml b/base/metrics/resources/role-binding-metrics-server.yaml
deleted file mode 100644
index a1d0fad..0000000
--- a/base/metrics/resources/role-binding-metrics-server.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: system:metrics-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:metrics-server
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
diff --git a/base/metrics/resources/service-account.yaml b/base/metrics/resources/service-account.yaml
deleted file mode 100644
index dac9ae6..0000000
--- a/base/metrics/resources/service-account.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
diff --git a/base/metrics/resources/service-api.yaml b/base/metrics/resources/service-api.yaml
deleted file mode 100644
index 65fdae9..0000000
--- a/base/metrics/resources/service-api.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: v1beta1.metrics.k8s.io
-spec:
-  group: metrics.k8s.io
-  groupPriorityMinimum: 100
-  insecureSkipTLSVerify: true
-  service:
-    name: metrics-server
-    namespace: kube-system
-  version: v1beta1
-  versionPriority: 100
diff --git a/base/metrics/resources/service-app.yaml b/base/metrics/resources/service-app.yaml
deleted file mode 100644
index ac23c1d..0000000
--- a/base/metrics/resources/service-app.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
-spec:
-  selector:
-    matchLabels:
-      k8s-app: metrics-server
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-  template:
-    metadata:
-      labels:
-        k8s-app: metrics-server
-    spec:
-      containers:
-      - args:
-        - --cert-dir=/tmp
-        - --secure-port=4443
-        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
-        - --kubelet-use-node-status-port
-        - --kubelet-insecure-tls=true
-        - --metric-resolution=15s
-        image: registry.k8s.io/metrics-server/metrics-server:v0.6.3
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /livez
-            port: https
-            scheme: HTTPS
-          periodSeconds: 10
-        name: metrics-server
-        ports:
-        - containerPort: 4443
-          name: https
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /readyz
-            port: https
-            scheme: HTTPS
-          initialDelaySeconds: 20
-          periodSeconds: 10
-        resources:
-          requests:
-            cpu: 100m
-            memory: 200Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          runAsUser: 1000
-        volumeMounts:
-        - mountPath: /tmp
-          name: tmp-dir
-      nodeSelector:
-        kubernetes.io/os: linux
-      priorityClassName: system-cluster-critical
-      serviceAccountName: metrics-server
-      volumes:
-      - emptyDir: {}
-        name: tmp-dir
diff --git a/base/metrics/resources/service.yaml b/base/metrics/resources/service.yaml
deleted file mode 100644
index e63ea9f..0000000
--- a/base/metrics/resources/service.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
-spec:
-  ports:
-  - name: https
-    port: 443
-    protocol: TCP
-    targetPort: https
-  selector:
-    k8s-app: metrics-server