andata
/
rke2-charts
mirror of https://git.rancher.io/rke2-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update files to autopopulate patch 

Signed-off-by: Brian Downs <brian.downs@gmail.com>
pull/16/head
Brian Downs 2020-09-08 12:34:34 -07:00
parent 741f0188dd
commit bbdaeb0a9f
21 changed files with 598 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz
View File

Binary file not shown.

22
packages/rke2-metrics-server/charts/.helmignore Executable file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
OWNERS
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

15
packages/rke2-metrics-server/charts/Chart.yaml Executable file
View File

@ -0,0 +1,15 @@
apiVersion: v1
appVersion: 0.3.6
description: Metrics Server is a cluster-wide aggregator of resource usage data.
home: https://github.com/kubernetes-incubator/metrics-server
keywords:
- metrics-server
maintainers:
- email: o.with@sportradar.com
name: olemarkus
- email: k.aasan@sportradar.com
name: kennethaasan
name: rke2-metrics-server
sources:
- https://github.com/kubernetes-incubator/metrics-server
version: 2.11.1

39
packages/rke2-metrics-server/charts/README.md Executable file
View File

@ -0,0 +1,39 @@
# metrics-server
[Metrics Server](https://github.com/kubernetes-incubator/metrics-server) is a cluster-wide aggregator of resource usage data. Resource metrics are used by components like `kubectl top` and the [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale) to scale workloads. To autoscale based upon a custom metric, see the [Prometheus Adapter chart](https://github.com/helm/charts/blob/master/stable/prometheus-adapter).
## Configuration
Parameter | Description | Default
--- | --- | ---
`rbac.create` | Enable Role-based authentication | `true`
`rbac.pspEnabled` | Enable pod security policy support | `false`
`serviceAccount.create` | If `true`, create a new service account | `true`
`serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | ``
`apiService.create` | Create the v1beta1.metrics.k8s.io API service | `true`
`hostNetwork.enabled` | Enable hostNetwork mode | `false`
`image.repository` | Image repository | `k8s.gcr.io/metrics-server-amd64`
`image.tag` | Image tag | `v0.3.2`
`image.pullPolicy` | Image pull policy | `IfNotPresent`
`imagePullSecrets` | Image pull secrets | `[]`
`args` | Command line arguments | `[]`
`resources` | CPU/Memory resource requests/limits. | `{}`
`tolerations` | List of node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`nodeSelector` | Node labels for pod assignment | `{}`
`affinity` | Node affinity | `{}`
`replicas` | Number of replicas | `1`
`extraVolumeMounts` | Ability to provide volume mounts to the pod | `[]`
`extraVolumes` | Ability to provide volumes to the pod | `[]`
`livenessProbe` | Container liveness probe | See values.yaml
`podLabels` | Labels to be added to pods | `{}`
`podAnnotations` | Annotations to be added to pods | `{}`
`priorityClassName` | Pod priority class | `""`
`readinessProbe` | Container readiness probe | See values.yaml
`service.annotations` | Annotations to add to the service | `{}`
`service.labels` | Labels to be added to the metrics-server service | `{}`
`service.port` | Service port to expose | `443`
`service.type` | Type of service to create | `ClusterIP`
`podDisruptionBudget.enabled` | Create a PodDisruptionBudget | `false`
`podDisruptionBudget.minAvailable` | Minimum available instances; ignored if there is no PodDisruptionBudget |
`podDisruptionBudget.maxUnavailable` | Maximum unavailable instances; ignored if there is no PodDisruptionBudget |
`extraContainers` | Add additional containers | `[]`

5
packages/rke2-metrics-server/charts/ci/ci-values.yaml Executable file
View File

@ -0,0 +1,5 @@
# CI is running on GKE, which already ships metrics-server. This cause
# conflicts on the apiService resource.
apiService:
create: false

11
packages/rke2-metrics-server/charts/templates/NOTES.txt Executable file
View File

@ -0,0 +1,11 @@
The metric server has been deployed.
{{ if .Values.apiService.create }}
In a few minutes you should be able to list metrics using the following
command:
kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"
{{ else }}
NOTE: You have disabled the API service creation for this release. The metrics
API will not work with this release unless you configure the metrics API
service outside of this Helm chart.
{{- end -}}

59
packages/rke2-metrics-server/charts/templates/_helpers.tpl Executable file
View File

@ -0,0 +1,59 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "metrics-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "metrics-server.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "metrics-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a service name that defaults to app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "metrics-server.service.fullname" -}}
{{- .Values.service.nameOverride | default .Chart.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "metrics-server.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "metrics-server.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "system_default_registry" -}}
{{- if .Values.global.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

18
packages/rke2-metrics-server/charts/templates/aggregated-metrics-reader-cluster-role.yaml Executable file
View File

@ -0,0 +1,18 @@
{{- if .Values.rbac.create -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:{{ template "metrics-server.name" . }}-aggregated-reader
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods","nodes"]
verbs: ["get", "list", "watch"]
{{- end -}}

19
packages/rke2-metrics-server/charts/templates/auth-delegator-crb.yaml Executable file
View File

@ -0,0 +1,19 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "metrics-server.fullname" . }}:system:auth-delegator
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

34
packages/rke2-metrics-server/charts/templates/cluster-role.yaml Executable file
View File

@ -0,0 +1,34 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:{{ template "metrics-server.fullname" . }}
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
verbs:
- get
- list
- watch
{{- if .Values.rbac.pspEnabled }}
- apiGroups:
- extensions
- policy
resources:
- podsecuritypolicies
resourceNames:
- privileged-{{ template "metrics-server.fullname" . }}
verbs:
- use
{{- end -}}
{{- end -}}

25
packages/rke2-metrics-server/charts/templates/metric-server-service.yaml Executable file
View File

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.service.labels -}}
{{ toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.service.annotations | trim | nindent 4 }}
spec:
ports:
- port: {{ .Values.service.port }}
protocol: TCP
targetPort: https
selector:
app: {{ template "metrics-server.name" . }}
release: {{ .Release.Name }}
type: {{ .Values.service.type }}

20
packages/rke2-metrics-server/charts/templates/metrics-api-service.yaml Executable file
View File

@ -0,0 +1,20 @@
{{- if .Values.apiService.create -}}
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
service:
name: {{ template "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100
{{- end -}}

19
packages/rke2-metrics-server/charts/templates/metrics-server-crb.yaml Executable file
View File

@ -0,0 +1,19 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:{{ template "metrics-server.fullname" . }}
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:{{ template "metrics-server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

88
packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml Executable file
View File

@ -0,0 +1,88 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
selector:
matchLabels:
app: {{ template "metrics-server.name" . }}
release: {{ .Release.Name }}
replicas: {{ .Values.replicas }}
template:
metadata:
labels:
app: {{ template "metrics-server.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- with .Values.podAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "metrics-server.serviceAccountName" . }}
{{- if .Values.hostNetwork.enabled }}
hostNetwork: true
{{- end }}
containers:
{{- if .Values.extraContainers }}
{{- ( tpl (toYaml .Values.extraContainers) . ) | nindent 8 }}
{{- end }}
- name: metrics-server
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /metrics-server
- --cert-dir=/tmp
- --logtostderr
- --secure-port=8443
{{- range .Values.args }}
- {{ . }}
{{- end }}
ports:
- containerPort: 8443
name: https
livenessProbe:
{{- toYaml .Values.livenessProbe | trim | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | trim | nindent 12 }}
resources:
{{- toYaml .Values.resources | trim | nindent 12 }}
securityContext:
{{- toYaml .Values.securityContext | trim | nindent 12 }}
volumeMounts:
- name: tmp
mountPath: /tmp
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
nodeSelector:
{{- toYaml .Values.nodeSelector | trim | nindent 8 }}
affinity:
{{- toYaml .Values.affinity | trim | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | trim | nindent 8 }}
volumes:
- name: tmp
emptyDir: {}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6}}
{{- end }}

12
packages/rke2-metrics-server/charts/templates/metrics-server-serviceaccount.yaml Executable file
View File

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end -}}

23
packages/rke2-metrics-server/charts/templates/pdb.yaml Executable file
View File

@ -0,0 +1,23 @@
{{- if .Values.podDisruptionBudget.enabled -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: {{ template "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
app: {{ template "metrics-server.name" . }}
{{- end -}}

26
packages/rke2-metrics-server/charts/templates/psp.yaml Executable file
View File

@ -0,0 +1,26 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: privileged-{{ template "metrics-server.fullname" . }}
spec:
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
hostPID: true
hostIPC: true
hostNetwork: true
hostPorts:
- min: 1
max: 65536
{{- end }}

20
packages/rke2-metrics-server/charts/templates/role-binding.yaml Executable file
View File

@ -0,0 +1,20 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "metrics-server.fullname" . }}-auth-reader
namespace: kube-system
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

21
packages/rke2-metrics-server/charts/templates/tests/test-version.yaml Executable file
View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ template "metrics-server.fullname" . }}-test
labels:
app: {{ template "metrics-server.name" . }}
chart: {{ template "metrics-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['/bin/sh']
args:
- -c
- 'wget -qO- https://{{ include "metrics-server.fullname" . }}:{{ .Values.service.port }}/version | grep -F {{ .Values.image.tag }}'
restartPolicy: Never

113
packages/rke2-metrics-server/charts/values.yaml Executable file
View File

@ -0,0 +1,113 @@
rbac:
# Specifies whether RBAC resources should be created
create: true
pspEnabled: false
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
apiService:
# Specifies if the v1beta1.metrics.k8s.io API service should be created.
#
# You typically want this enabled! If you disable API service creation you have to
# manage it outside of this chart for e.g horizontal pod autoscaling to
# work with this release.
create: true
hostNetwork:
# Specifies if metrics-server should be started in hostNetwork mode.
#
# You would require this enabled if you use alternate overlay networking for pods and
# API server unable to communicate with metrics-server. As an example, this is required
# if you use Weave network on EKS
enabled: false
image:
repository: rancher/k8s-metrics-server
tag: v0.3.6
pullPolicy: IfNotPresent
imagePullSecrets: []
# - registrySecretName
args:
# enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server
# - --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
replicas: 1
extraContainers: []
podLabels: {}
podAnnotations: {}
# The following annotations guarantee scheduling for critical add-on pods.
# See more at: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
# scheduler.alpha.kubernetes.io/critical-pod: ''
## Set a pod priorityClassName
# priorityClassName: system-node-critical
extraVolumeMounts: []
# - name: secrets
# mountPath: /etc/kubernetes/secrets
# readOnly: true
extraVolumes: []
# - name: secrets
# secret:
# secretName: kube-apiserver
livenessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
initialDelaySeconds: 20
readinessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
initialDelaySeconds: 20
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["all"]
readOnlyRootFilesystem: true
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
service:
annotations: {}
labels: {}
# Add these labels to have metrics-server show up in `kubectl cluster-info`
# kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Metrics-server"
port: 443
type: ClusterIP
podDisruptionBudget:
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
enabled: false
minAvailable:
maxUnavailable:
global:
systemDefaultRegistry: ""

11
packages/rke2-metrics-server/rke2-metrics-server.patch
View File

@ -37,7 +37,6 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/te
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
command: command:
- /metrics-server - /metrics-server
- --kubelet-preferred-address-types=InternalIP
diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/values.yaml packages/rke2-metrics-server/charts/values.yaml diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/values.yaml packages/rke2-metrics-server/charts/values.yaml
--- packages/rke2-metrics-server/charts-original/values.yaml --- packages/rke2-metrics-server/charts-original/values.yaml
+++ packages/rke2-metrics-server/charts/values.yaml +++ packages/rke2-metrics-server/charts/values.yaml
@ -50,7 +49,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/va
tag: v0.3.6 tag: v0.3.6
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@@ -107,3 +107,6 @@ @@ -37,6 +37,7 @@
args: []
# enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server
# - --kubelet-insecure-tls
+ - --kubelet-preferred-address-types=InternalIP
resources: {}
@@ -107,3 +108,6 @@
enabled: false enabled: false
minAvailable: minAvailable:
maxUnavailable: maxUnavailable: