[feat] Update metrics server to v0.6.3 (#10026)

1 year ago · a505a4c71f
5 changed files with 24 additions and 17 deletions
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@ -14,7 +14,7 @@ registry_enabled: false

 # Metrics Server deployment
 metrics_server_enabled: false
-# metrics_server_container_port: 4443
+# metrics_server_container_port: 10250
 # metrics_server_kubelet_insecure_tls: true
 # metrics_server_metric_resolution: 15s
 # metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname"
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -1079,7 +1079,7 @@ dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
 registry_version: "2.8.1"
 registry_image_repo: "{{ docker_image_repo }}/library/registry"
 registry_image_tag: "{{ registry_version }}"
-metrics_server_version: "v0.6.2"
+metrics_server_version: "v0.6.3"
 metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server/metrics-server"
 metrics_server_image_tag: "{{ metrics_server_version }}"
 local_volume_provisioner_version: "v2.5.0"
--- a/roles/kubernetes-apps/metrics_server/defaults/main.yml
+++ b/roles/kubernetes-apps/metrics_server/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-metrics_server_container_port: 4443
+metrics_server_container_port: 10250
 metrics_server_kubelet_insecure_tls: true
 metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname"
 metrics_server_metric_resolution: 15s
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@ -23,8 +23,6 @@ spec:
      labels:
        app.kubernetes.io/name: metrics-server
        version: {{ metrics_server_version }}
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      priorityClassName: system-cluster-critical
      serviceAccountName: metrics-server
@ -70,10 +68,14 @@ spec:
          initialDelaySeconds: 40
        securityContext:
          readOnlyRootFilesystem: true
-          runAsGroup: 10001
          runAsNonRoot: true
-          runAsUser: 10001
+          runAsUser: 1000
          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+              - ALL
        resources:
          limits:
            cpu: {{ metrics_server_limits_cpu }}
--- a/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2
@ -5,13 +5,18 @@ metadata:
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - nodes
-      - nodes/metrics
-    verbs:
-      - get
-      - list
-      - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes/metrics
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch