diff --git a/base/metrics/kustomization.yaml b/base/metrics/kustomization.yaml new file mode 100644 index 0000000..81d59b1 --- /dev/null +++ b/base/metrics/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- resources/service-account.yaml +- resources/cluster-role-reader.yaml +- resources/cluster-role-server.yaml +- resources/role-binding-auth-reader.yaml +- resources/role-binding-auth-delegator.yaml +- resources/role-binding-metrics-server.yaml +- resources/service.yaml +- resources/service-app.yaml +- resources/service-api.yaml diff --git a/base/metrics/resources/cluster-role-reader.yaml b/base/metrics/resources/cluster-role-reader.yaml new file mode 100644 index 0000000..972d3d0 --- /dev/null +++ b/base/metrics/resources/cluster-role-reader.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/base/metrics/resources/cluster-role-server.yaml b/base/metrics/resources/cluster-role-server.yaml new file mode 100644 index 0000000..044db2d --- /dev/null +++ b/base/metrics/resources/cluster-role-server.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/base/metrics/resources/role-binding-auth-delegator.yaml b/base/metrics/resources/role-binding-auth-delegator.yaml new file mode 100644 index 0000000..3eae64b --- /dev/null +++ b/base/metrics/resources/role-binding-auth-delegator.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/base/metrics/resources/role-binding-auth-reader.yaml b/base/metrics/resources/role-binding-auth-reader.yaml new file mode 100644 index 0000000..a6e71b8 --- /dev/null +++ b/base/metrics/resources/role-binding-auth-reader.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/base/metrics/resources/role-binding-metrics-server.yaml b/base/metrics/resources/role-binding-metrics-server.yaml new file mode 100644 index 0000000..a1d0fad --- /dev/null +++ b/base/metrics/resources/role-binding-metrics-server.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/base/metrics/resources/service-account.yaml b/base/metrics/resources/service-account.yaml new file mode 100644 index 0000000..dac9ae6 --- /dev/null +++ b/base/metrics/resources/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system diff --git a/base/metrics/resources/service-api.yaml b/base/metrics/resources/service-api.yaml new file mode 100644 index 0000000..65fdae9 --- /dev/null +++ b/base/metrics/resources/service-api.yaml @@ -0,0 +1,15 @@ +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 diff --git a/base/metrics/resources/service-app.yaml b/base/metrics/resources/service-app.yaml new file mode 100644 index 0000000..ac23c1d --- /dev/null +++ b/base/metrics/resources/service-app.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --kubelet-insecure-tls=true + - --metric-resolution=15s + image: registry.k8s.io/metrics-server/metrics-server:v0.6.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 4443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir diff --git a/base/metrics/resources/service.yaml b/base/metrics/resources/service.yaml new file mode 100644 index 0000000..e63ea9f --- /dev/null +++ b/base/metrics/resources/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server