diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml index 2a51fefdf..8ae1df7e5 100644 --- a/inventory/sample/group_vars/k8s_cluster/addons.yml +++ b/inventory/sample/group_vars/k8s_cluster/addons.yml @@ -14,10 +14,10 @@ registry_enabled: false # Metrics Server deployment metrics_server_enabled: false -# metrics_server_resizer: false +# metrics_server_container_port: 4443 # metrics_server_kubelet_insecure_tls: true # metrics_server_metric_resolution: 15s -# metrics_server_kubelet_preferred_address_types: "InternalIP" +# metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname" # Rancher Local Path Provisioner local_path_provisioner_enabled: false diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index e080efc46..a3267f4d6 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -572,7 +572,7 @@ dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}" registry_image_repo: "{{ docker_image_repo }}/library/registry" registry_image_tag: "2.7.1" -metrics_server_version: "v0.5.0" +metrics_server_version: "v0.5.2" metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server/metrics-server" metrics_server_image_tag: "{{ metrics_server_version }}" local_volume_provisioner_image_repo: "{{ kube_image_repo }}/sig-storage/local-volume-provisioner" diff --git a/roles/kubernetes-apps/metrics_server/defaults/main.yml b/roles/kubernetes-apps/metrics_server/defaults/main.yml index 07a7b227a..2dfad2737 100644 --- a/roles/kubernetes-apps/metrics_server/defaults/main.yml +++ b/roles/kubernetes-apps/metrics_server/defaults/main.yml @@ -1,18 +1,9 @@ --- -# metrics_server_resizer only effective in arch amd64 -metrics_server_resizer: false +metrics_server_container_port: 4443 metrics_server_kubelet_insecure_tls: true -metrics_server_kubelet_preferred_address_types: "InternalIP" +metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname" metrics_server_metric_resolution: 15s -metrics_server_cpu: 190m -metrics_server_memory: 180Mi -metrics_server_memory_per_node: 2Mi -metrics_server_min_cluster_size: 10 metrics_server_limits_cpu: 100m metrics_server_limits_memory: 200Mi metrics_server_requests_cpu: 100m metrics_server_requests_memory: 200Mi -addon_resizer_limits_cpu: 40m -addon_resizer_limits_memory: 25Mi -addon_resizer_requests_cpu: 40m -addon_resizer_requests_memory: 25Mi diff --git a/roles/kubernetes-apps/metrics_server/tasks/main.yml b/roles/kubernetes-apps/metrics_server/tasks/main.yml index d836f2032..8b5581479 100644 --- a/roles/kubernetes-apps/metrics_server/tasks/main.yml +++ b/roles/kubernetes-apps/metrics_server/tasks/main.yml @@ -4,12 +4,6 @@ set_fact: masters_are_not_tainted: "{{ groups['kube_node'] | intersect(groups['kube_control_plane']) == groups['kube_control_plane'] }}" -- name: check host_architecture is amd64 for metrics_server_resizer - assert: - that: host_architecture == "amd64" - msg: "metrics_server_resizer is not available on other architectures than amd64" - when: metrics_server_resizer - - name: Metrics Server | Delete addon dir file: path: "{{ kube_config_dir }}/addons/metrics_server" @@ -34,7 +28,6 @@ metrics_server_templates: - { name: auth-delegator, file: auth-delegator.yaml, type: clusterrolebinding } - { name: auth-reader, file: auth-reader.yaml, type: rolebinding } - - { name: metrics-server-cm, file: metrics-server-cm.yaml, type: cm } - { name: metrics-server-sa, file: metrics-server-sa.yaml, type: sa } - { name: metrics-server-deployment, file: metrics-server-deployment.yaml, type: deploy } - { name: metrics-server-service, file: metrics-server-service.yaml, type: service } diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-cm.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-cm.yaml.j2 deleted file mode 100644 index e95d96621..000000000 --- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-cm.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: metrics-server-config - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: EnsureExists -data: - NannyConfiguration: |- - apiVersion: nannyconfig/v1alpha1 - kind: NannyConfiguration diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 index 08b0fc3fa..ce107ec17 100644 --- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 +++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2 @@ -34,7 +34,7 @@ spec: args: - --logtostderr - --cert-dir=/tmp - - --secure-port=443 + - --secure-port={{ metrics_server_container_port }} {% if metrics_server_kubelet_preferred_address_types %} - --kubelet-preferred-address-types={{ metrics_server_kubelet_preferred_address_types }} {% endif %} @@ -44,7 +44,7 @@ spec: {% endif %} - --metric-resolution={{ metrics_server_metric_resolution }} ports: - - containerPort: 443 + - containerPort: {{ metrics_server_container_port }} name: https protocol: TCP volumeMounts: @@ -67,13 +67,11 @@ spec: failureThreshold: 3 initialDelaySeconds: 40 securityContext: - capabilities: - drop: ["all"] - add: ["NET_BIND_SERVICE"] readOnlyRootFilesystem: true runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 + allowPrivilegeEscalation: false resources: limits: cpu: {{ metrics_server_limits_cpu }} @@ -81,49 +79,7 @@ spec: requests: cpu: {{ metrics_server_requests_cpu }} memory: {{ metrics_server_requests_memory }} -{% if metrics_server_resizer %} - - name: metrics-server-nanny - image: {{ addon_resizer_image_repo }}:{{ addon_resizer_image_tag }} - imagePullPolicy: {{ k8s_image_pull_policy }} - resources: - limits: - cpu: {{ addon_resizer_limits_cpu }} - memory: {{ addon_resizer_limits_memory }} - requests: - cpu: {{ addon_resizer_requests_cpu }} - memory: {{ addon_resizer_requests_memory }} - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: metrics-server-config-volume - mountPath: /etc/config - command: - - /pod_nanny - - --config-dir=/etc/config - - --cpu={{ metrics_server_cpu }} - - --extra-cpu=1m - - --memory={{ metrics_server_memory }} - - --extra-memory={{ metrics_server_memory_per_node }} - - --threshold=5 - - --deployment=metrics-server - - --container=metrics-server - - --poll-period=300000 - - --estimator=exponential - # Specifies the smallest cluster (defined in number of nodes) - # resources will be scaled to. - - --minClusterSize={{ metrics_server_min_cluster_size }} -{% endif %} volumes: - - name: metrics-server-config-volume - configMap: - name: metrics-server-config - name: tmp emptyDir: {} {% if not masters_are_not_tainted %} diff --git a/roles/kubernetes-apps/metrics_server/templates/metrics-server-service.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/metrics-server-service.yaml.j2 index 50b114b70..f1c369163 100644 --- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-service.yaml.j2 +++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-service.yaml.j2 @@ -7,6 +7,7 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile app.kubernetes.io/name: "metrics-server" spec: + type: ClusterIP selector: app.kubernetes.io/name: metrics-server ports: diff --git a/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2 b/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2 index 37c72297b..c3e085c72 100644 --- a/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2 +++ b/roles/kubernetes-apps/metrics_server/templates/resource-reader.yaml.j2 @@ -17,12 +17,3 @@ rules: - get - list - watch - - apiGroups: - - "apps" - resources: - - deployments - verbs: - - get - - list - - update - - watch