diff --git a/assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz b/assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz deleted file mode 100644 index 1ce6fc8..0000000 Binary files a/assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz and /dev/null differ diff --git a/packages/rke2-metrics-server/charts/.helmignore b/packages/rke2-metrics-server/charts/.helmignore new file mode 100755 index 0000000..37ea1d7 --- /dev/null +++ b/packages/rke2-metrics-server/charts/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +OWNERS +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packages/rke2-metrics-server/charts/Chart.yaml b/packages/rke2-metrics-server/charts/Chart.yaml new file mode 100755 index 0000000..11fb612 --- /dev/null +++ b/packages/rke2-metrics-server/charts/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +appVersion: 0.3.6 +description: Metrics Server is a cluster-wide aggregator of resource usage data. +home: https://github.com/kubernetes-incubator/metrics-server +keywords: +- metrics-server +maintainers: +- email: o.with@sportradar.com + name: olemarkus +- email: k.aasan@sportradar.com + name: kennethaasan +name: rke2-metrics-server +sources: +- https://github.com/kubernetes-incubator/metrics-server +version: 2.11.1 diff --git a/packages/rke2-metrics-server/charts/README.md b/packages/rke2-metrics-server/charts/README.md new file mode 100755 index 0000000..678f084 --- /dev/null +++ b/packages/rke2-metrics-server/charts/README.md @@ -0,0 +1,39 @@ +# metrics-server + +[Metrics Server](https://github.com/kubernetes-incubator/metrics-server) is a cluster-wide aggregator of resource usage data. Resource metrics are used by components like `kubectl top` and the [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale) to scale workloads. To autoscale based upon a custom metric, see the [Prometheus Adapter chart](https://github.com/helm/charts/blob/master/stable/prometheus-adapter). + +## Configuration + +Parameter | Description | Default +--- | --- | --- +`rbac.create` | Enable Role-based authentication | `true` +`rbac.pspEnabled` | Enable pod security policy support | `false` +`serviceAccount.create` | If `true`, create a new service account | `true` +`serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` +`apiService.create` | Create the v1beta1.metrics.k8s.io API service | `true` +`hostNetwork.enabled` | Enable hostNetwork mode | `false` +`image.repository` | Image repository | `k8s.gcr.io/metrics-server-amd64` +`image.tag` | Image tag | `v0.3.2` +`image.pullPolicy` | Image pull policy | `IfNotPresent` +`imagePullSecrets` | Image pull secrets | `[]` +`args` | Command line arguments | `[]` +`resources` | CPU/Memory resource requests/limits. | `{}` +`tolerations` | List of node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`nodeSelector` | Node labels for pod assignment | `{}` +`affinity` | Node affinity | `{}` +`replicas` | Number of replicas | `1` +`extraVolumeMounts` | Ability to provide volume mounts to the pod | `[]` +`extraVolumes` | Ability to provide volumes to the pod | `[]` +`livenessProbe` | Container liveness probe | See values.yaml +`podLabels` | Labels to be added to pods | `{}` +`podAnnotations` | Annotations to be added to pods | `{}` +`priorityClassName` | Pod priority class | `""` +`readinessProbe` | Container readiness probe | See values.yaml +`service.annotations` | Annotations to add to the service | `{}` +`service.labels` | Labels to be added to the metrics-server service | `{}` +`service.port` | Service port to expose | `443` +`service.type` | Type of service to create | `ClusterIP` +`podDisruptionBudget.enabled` | Create a PodDisruptionBudget | `false` +`podDisruptionBudget.minAvailable` | Minimum available instances; ignored if there is no PodDisruptionBudget | +`podDisruptionBudget.maxUnavailable` | Maximum unavailable instances; ignored if there is no PodDisruptionBudget | +`extraContainers` | Add additional containers | `[]` diff --git a/packages/rke2-metrics-server/charts/ci/ci-values.yaml b/packages/rke2-metrics-server/charts/ci/ci-values.yaml new file mode 100755 index 0000000..a9d81b4 --- /dev/null +++ b/packages/rke2-metrics-server/charts/ci/ci-values.yaml @@ -0,0 +1,5 @@ +# CI is running on GKE, which already ships metrics-server. This cause +# conflicts on the apiService resource. + +apiService: + create: false diff --git a/packages/rke2-metrics-server/charts/templates/NOTES.txt b/packages/rke2-metrics-server/charts/templates/NOTES.txt new file mode 100755 index 0000000..1034c12 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/NOTES.txt @@ -0,0 +1,11 @@ +The metric server has been deployed. +{{ if .Values.apiService.create }} +In a few minutes you should be able to list metrics using the following +command: + + kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes" +{{ else }} +NOTE: You have disabled the API service creation for this release. The metrics +API will not work with this release unless you configure the metrics API +service outside of this Helm chart. +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/_helpers.tpl b/packages/rke2-metrics-server/charts/templates/_helpers.tpl new file mode 100755 index 0000000..b59ca03 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/_helpers.tpl @@ -0,0 +1,59 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "metrics-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "metrics-server.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "metrics-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a service name that defaults to app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "metrics-server.service.fullname" -}} +{{- .Values.service.nameOverride | default .Chart.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "metrics-server.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "metrics-server.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/aggregated-metrics-reader-cluster-role.yaml b/packages/rke2-metrics-server/charts/templates/aggregated-metrics-reader-cluster-role.yaml new file mode 100755 index 0000000..e91a3d8 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/aggregated-metrics-reader-cluster-role.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:{{ template "metrics-server.name" . }}-aggregated-reader + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["metrics.k8s.io"] + resources: ["pods","nodes"] + verbs: ["get", "list", "watch"] +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/auth-delegator-crb.yaml b/packages/rke2-metrics-server/charts/templates/auth-delegator-crb.yaml new file mode 100755 index 0000000..e82fca0 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/auth-delegator-crb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "metrics-server.fullname" . }}:system:auth-delegator + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: {{ template "metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/cluster-role.yaml b/packages/rke2-metrics-server/charts/templates/cluster-role.yaml new file mode 100755 index 0000000..8763acd --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/cluster-role.yaml @@ -0,0 +1,34 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:{{ template "metrics-server.fullname" . }} + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + - namespaces + verbs: + - get + - list + - watch + {{- if .Values.rbac.pspEnabled }} + - apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + resourceNames: + - privileged-{{ template "metrics-server.fullname" . }} + verbs: + - use + {{- end -}} +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/metric-server-service.yaml b/packages/rke2-metrics-server/charts/templates/metric-server-service.yaml new file mode 100755 index 0000000..0d64cd1 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/metric-server-service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "metrics-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.service.labels -}} + {{ toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.service.annotations | trim | nindent 4 }} +spec: + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: https + selector: + app: {{ template "metrics-server.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} + diff --git a/packages/rke2-metrics-server/charts/templates/metrics-api-service.yaml b/packages/rke2-metrics-server/charts/templates/metrics-api-service.yaml new file mode 100755 index 0000000..552ffea --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/metrics-api-service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.apiService.create -}} +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + name: v1beta1.metrics.k8s.io + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + service: + name: {{ template "metrics-server.fullname" . }} + namespace: {{ .Release.Namespace }} + group: metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: true + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/metrics-server-crb.yaml b/packages/rke2-metrics-server/charts/templates/metrics-server-crb.yaml new file mode 100755 index 0000000..eb04c6f --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/metrics-server-crb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:{{ template "metrics-server.fullname" . }} + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:{{ template "metrics-server.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml b/packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml new file mode 100755 index 0000000..2e54f27 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "metrics-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ template "metrics-server.name" . }} + release: {{ .Release.Name }} + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: {{ template "metrics-server.name" . }} + release: {{ .Release.Name }} + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "metrics-server.serviceAccountName" . }} +{{- if .Values.hostNetwork.enabled }} + hostNetwork: true +{{- end }} + containers: + {{- if .Values.extraContainers }} + {{- ( tpl (toYaml .Values.extraContainers) . ) | nindent 8 }} + {{- end }} + - name: metrics-server + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /metrics-server + - --cert-dir=/tmp + - --logtostderr + - --secure-port=8443 + {{- range .Values.args }} + - {{ . }} + {{- end }} + ports: + - containerPort: 8443 + name: https + livenessProbe: + {{- toYaml .Values.livenessProbe | trim | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | trim | nindent 12 }} + resources: + {{- toYaml .Values.resources | trim | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContext | trim | nindent 12 }} + volumeMounts: + - name: tmp + mountPath: /tmp + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + nodeSelector: + {{- toYaml .Values.nodeSelector | trim | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | trim | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | trim | nindent 8 }} + volumes: + - name: tmp + emptyDir: {} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 6}} + {{- end }} diff --git a/packages/rke2-metrics-server/charts/templates/metrics-server-serviceaccount.yaml b/packages/rke2-metrics-server/charts/templates/metrics-server-serviceaccount.yaml new file mode 100755 index 0000000..4d748ed --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/metrics-server-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/pdb.yaml b/packages/rke2-metrics-server/charts/templates/pdb.yaml new file mode 100755 index 0000000..3831097 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/pdb.yaml @@ -0,0 +1,23 @@ +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "metrics-server.fullname" . }} + namespace: {{ .Release.Namespace }} + +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: {{ template "metrics-server.name" . }} +{{- end -}} \ No newline at end of file diff --git a/packages/rke2-metrics-server/charts/templates/psp.yaml b/packages/rke2-metrics-server/charts/templates/psp.yaml new file mode 100755 index 0000000..b5cb7da --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/psp.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: privileged-{{ template "metrics-server.fullname" . }} +spec: + allowedCapabilities: + - '*' + fsGroup: + rule: RunAsAny + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - '*' + hostPID: true + hostIPC: true + hostNetwork: true + hostPorts: + - min: 1 + max: 65536 +{{- end }} diff --git a/packages/rke2-metrics-server/charts/templates/role-binding.yaml b/packages/rke2-metrics-server/charts/templates/role-binding.yaml new file mode 100755 index 0000000..3169f24 --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/role-binding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "metrics-server.fullname" . }}-auth-reader + namespace: kube-system + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: {{ template "metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/packages/rke2-metrics-server/charts/templates/tests/test-version.yaml b/packages/rke2-metrics-server/charts/templates/tests/test-version.yaml new file mode 100755 index 0000000..3648e6d --- /dev/null +++ b/packages/rke2-metrics-server/charts/templates/tests/test-version.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "metrics-server.fullname" . }}-test + labels: + app: {{ template "metrics-server.name" . }} + chart: {{ template "metrics-server.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['/bin/sh'] + args: + - -c + - 'wget -qO- https://{{ include "metrics-server.fullname" . }}:{{ .Values.service.port }}/version | grep -F {{ .Values.image.tag }}' + restartPolicy: Never + diff --git a/packages/rke2-metrics-server/charts/values.yaml b/packages/rke2-metrics-server/charts/values.yaml new file mode 100755 index 0000000..7138bed --- /dev/null +++ b/packages/rke2-metrics-server/charts/values.yaml @@ -0,0 +1,113 @@ +rbac: + # Specifies whether RBAC resources should be created + create: true + pspEnabled: false + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +apiService: + # Specifies if the v1beta1.metrics.k8s.io API service should be created. + # + # You typically want this enabled! If you disable API service creation you have to + # manage it outside of this chart for e.g horizontal pod autoscaling to + # work with this release. + create: true + +hostNetwork: + # Specifies if metrics-server should be started in hostNetwork mode. + # + # You would require this enabled if you use alternate overlay networking for pods and + # API server unable to communicate with metrics-server. As an example, this is required + # if you use Weave network on EKS + enabled: false + +image: + repository: rancher/k8s-metrics-server + tag: v0.3.6 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - registrySecretName + +args: +# enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server +# - --kubelet-insecure-tls + - --kubelet-preferred-address-types=InternalIP + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +replicas: 1 + +extraContainers: [] + +podLabels: {} + +podAnnotations: {} +# The following annotations guarantee scheduling for critical add-on pods. +# See more at: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ +# scheduler.alpha.kubernetes.io/critical-pod: '' + +## Set a pod priorityClassName +# priorityClassName: system-node-critical + +extraVolumeMounts: [] +# - name: secrets +# mountPath: /etc/kubernetes/secrets +# readOnly: true + +extraVolumes: [] +# - name: secrets +# secret: +# secretName: kube-apiserver + +livenessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + +readinessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + +service: + annotations: {} + labels: {} + # Add these labels to have metrics-server show up in `kubectl cluster-info` + # kubernetes.io/cluster-service: "true" + # kubernetes.io/name: "Metrics-server" + port: 443 + type: ClusterIP + +podDisruptionBudget: + # https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + enabled: false + minAvailable: + maxUnavailable: + +global: + systemDefaultRegistry: "" diff --git a/packages/rke2-metrics-server/rke2-metrics-server.patch b/packages/rke2-metrics-server/rke2-metrics-server.patch index ebf4ed9..7e3f9e1 100644 --- a/packages/rke2-metrics-server/rke2-metrics-server.patch +++ b/packages/rke2-metrics-server/rke2-metrics-server.patch @@ -37,7 +37,6 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/te imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /metrics-server - - --kubelet-preferred-address-types=InternalIP diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/values.yaml packages/rke2-metrics-server/charts/values.yaml --- packages/rke2-metrics-server/charts-original/values.yaml +++ packages/rke2-metrics-server/charts/values.yaml @@ -50,7 +49,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/va tag: v0.3.6 pullPolicy: IfNotPresent -@@ -107,3 +107,6 @@ +@@ -37,6 +37,7 @@ + args: [] + # enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server + # - --kubelet-insecure-tls ++ - --kubelet-preferred-address-types=InternalIP + + resources: {} + +@@ -107,3 +108,6 @@ enabled: false minAvailable: maxUnavailable: