Fix broken metrics-server deployment not starting (#4651)

* Fix metrics-server deployment * Make metrics server work * Fix sample inventory
6 years ago · 3722acee85
3 changed files with 19 additions and 15 deletions
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -246,8 +246,8 @@ registry_image_repo: "docker.io/registry"
 registry_image_tag: "2.6"
 registry_proxy_image_repo: "gcr.io/google_containers/kube-registry-proxy"
 registry_proxy_image_tag: "0.4"
-metrics_server_version: "v0.3.1"
-metrics_server_image_repo: "k8s.gcr.io/metrics-server-amd64"
+metrics_server_version: "v0.3.2"
+metrics_server_image_repo: "gcr.io/google_containers/metrics-server-amd64"
 metrics_server_image_tag: "{{ metrics_server_version }}"
 local_volume_provisioner_image_repo: "quay.io/external_storage/local-volume-provisioner"
 local_volume_provisioner_image_tag: "v2.1.0"
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@ -32,6 +32,9 @@ spec:
        image: {{ metrics_server_image_repo }}:{{ metrics_server_image_tag }}
        command:
        - /metrics-server
+        - --logtostderr
+        - --cert-dir=/tmp
+        - --secure-port=8443
 {% if metrics_server_kubelet_preferred_address_types %}
        - --kubelet-preferred-address-types={{ metrics_server_kubelet_preferred_address_types }}
 {% endif %}
@ -40,9 +43,12 @@ spec:
 {% endif %}
        - --metric-resolution={{ metrics_server_metric_resolution }}
        ports:
-        - containerPort: 443
+        - containerPort: 8443
          name: https
          protocol: TCP
+        volumeMounts:
+        - name: tmp
+          mountPath: /tmp
        livenessProbe:
          httpGet:
            path: /healthz
@ -55,23 +61,20 @@ spec:
        readinessProbe:
          httpGet:
            path: /healthz
-            port: 443
+            port: https
            scheme: HTTPS
          successThreshold: 1
          initialDelaySeconds: 20
          failureThreshold: 3
          timeoutSeconds: 10
        securityContext:
-          # Currently non root is not supported:
-          #   https://github.com/kubernetes-incubator/metrics-server/issues/37
-          #
-          # runAsNonRoot: true
-          # runAsUser: 65534
+          allowPrivilegeEscalation: false
          capabilities:
-            drop:
-            - ALL
-            add:
-            - NET_BIND_SERVICE
+            drop: ["all"]
+          readOnlyRootFilesystem: true
+          runAsGroup: 10001
+          runAsNonRoot: true
+          runAsUser: 10001
      - name: metrics-server-nanny
        image: {{ addon_resizer_image_repo }}:{{ addon_resizer_image_tag }}
        resources:
@ -112,6 +115,8 @@ spec:
        - name: metrics-server-config-volume
          configMap:
            name: metrics-server-config
+        - name: tmp
+          emptyDir: {}
 {% if not masters_are_not_tainted %}
      tolerations:
        - key: node-role.kubernetes.io/master
--- a/tests/files/packet_centos7-flannel-addons.yml
+++ b/tests/files/packet_centos7-flannel-addons.yml
@ -17,8 +17,7 @@ dns_min_replicas: 1
 kube_encrypt_secret_data: true
 ingress_nginx_enabled: true
 cert_manager_enabled: true
-# Disabled temporarily
-metrics_server_enabled: false
+metrics_server_enabled: true
 metrics_server_kubelet_insecure_tls: true
 kube_token_auth: true
 kube_basic_auth: true