From 3d6966af2ae2636f2667fe8581fd18e4b10de387 Mon Sep 17 00:00:00 2001 From: Jayapriya Pai Date: Thu, 27 Jul 2023 19:53:51 +0530 Subject: [PATCH] assets: regenerate Signed-off-by: Jayapriya Pai --- assets/metrics-server/api-service.yaml | 20 ++++ ...luster-role-aggregated-metrics-reader.yaml | 22 ++++ .../cluster-role-binding-auth-delegator.yaml | 17 +++ .../metrics-server/cluster-role-binding.yaml | 16 +++ assets/metrics-server/cluster-role.yaml | 25 +++++ assets/metrics-server/deployment.yaml | 101 ++++++++++++++++++ .../metrics-server/pod-disruption-budget.yaml | 15 +++ .../role-binding-auth-reader.yaml | 18 ++++ assets/metrics-server/service-account.yaml | 10 ++ assets/metrics-server/service-monitor.yaml | 26 +++++ assets/metrics-server/service.yaml | 21 ++++ ...0_cluster-monitoring-operator_02-role.yaml | 24 +++++ 12 files changed, 315 insertions(+) create mode 100644 assets/metrics-server/api-service.yaml create mode 100644 assets/metrics-server/cluster-role-aggregated-metrics-reader.yaml create mode 100644 assets/metrics-server/cluster-role-binding-auth-delegator.yaml create mode 100644 assets/metrics-server/cluster-role-binding.yaml create mode 100644 assets/metrics-server/cluster-role.yaml create mode 100644 assets/metrics-server/deployment.yaml create mode 100644 assets/metrics-server/pod-disruption-budget.yaml create mode 100644 assets/metrics-server/role-binding-auth-reader.yaml create mode 100644 assets/metrics-server/service-account.yaml create mode 100644 assets/metrics-server/service-monitor.yaml create mode 100644 assets/metrics-server/service.yaml diff --git a/assets/metrics-server/api-service.yaml b/assets/metrics-server/api-service.yaml new file mode 100644 index 0000000000..bbfef65f94 --- /dev/null +++ b/assets/metrics-server/api-service.yaml @@ -0,0 +1,20 @@ +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: "true" + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: false + service: + name: metrics-server + namespace: openshift-monitoring + version: v1beta1 + versionPriority: 100 diff --git a/assets/metrics-server/cluster-role-aggregated-metrics-reader.yaml b/assets/metrics-server/cluster-role-aggregated-metrics-reader.yaml new file mode 100644 index 0000000000..55ceae8ab5 --- /dev/null +++ b/assets/metrics-server/cluster-role-aggregated-metrics-reader.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: aggregated-metrics-reader + app.kubernetes.io/part-of: openshift-monitoring + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/assets/metrics-server/cluster-role-binding-auth-delegator.yaml b/assets/metrics-server/cluster-role-binding-auth-delegator.yaml new file mode 100644 index 0000000000..fad58afef1 --- /dev/null +++ b/assets/metrics-server/cluster-role-binding-auth-delegator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: auth-delegator + app.kubernetes.io/part-of: openshift-monitoring + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: openshift-monitoring diff --git a/assets/metrics-server/cluster-role-binding.yaml b/assets/metrics-server/cluster-role-binding.yaml new file mode 100644 index 0000000000..fe5405295c --- /dev/null +++ b/assets/metrics-server/cluster-role-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: openshift-monitoring diff --git a/assets/metrics-server/cluster-role.yaml b/assets/metrics-server/cluster-role.yaml new file mode 100644 index 0000000000..19be5ca4b0 --- /dev/null +++ b/assets/metrics-server/cluster-role.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/assets/metrics-server/deployment.yaml b/assets/metrics-server/deployment.yaml new file mode 100644 index 0000000000..f15792fef4 --- /dev/null +++ b/assets/metrics-server/deployment.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: metrics-server + namespace: openshift-monitoring +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + annotations: + target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + namespaces: + - openshift-monitoring + topologyKey: kubernetes.io/hostname + containers: + - args: + - --secure-port=10250 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + - --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt + - --kubelet-client-certificate=/etc/tls/metrics-client-certs/tls.crt + - --kubelet-client-key=/etc/tls/metrics-client-certs/tls.key + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + image: registry.k8s.io/metrics-server/metrics-server:v0.6.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 10250 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /etc/tls/private + name: secret-metrics-server-tls + - mountPath: /etc/tls/metrics-client-certs + name: secret-metrics-client-certs + - mountPath: /etc/tls/kubelet-serving-ca-bundle + name: configmap-kubelet-serving-ca-bundle + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - name: secret-metrics-client-certs + secret: + secretName: metrics-client-certs + - name: secret-metrics-server-tls + secret: + secretName: metrics-server-tls + - configMap: + name: kubelet-serving-ca-bundle + name: configmap-kubelet-serving-ca-bundle diff --git a/assets/metrics-server/pod-disruption-budget.yaml b/assets/metrics-server/pod-disruption-budget.yaml new file mode 100644 index 0000000000..dfd09de408 --- /dev/null +++ b/assets/metrics-server/pod-disruption-budget.yaml @@ -0,0 +1,15 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: metrics-server + namespace: openshift-monitoring +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: metrics-server diff --git a/assets/metrics-server/role-binding-auth-reader.yaml b/assets/metrics-server/role-binding-auth-reader.yaml new file mode 100644 index 0000000000..6b11a238ce --- /dev/null +++ b/assets/metrics-server/role-binding-auth-reader.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server-auth-reader + app.kubernetes.io/part-of: openshift-monitoring + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: openshift-monitoring diff --git a/assets/metrics-server/service-account.yaml b/assets/metrics-server/service-account.yaml new file mode 100644 index 0000000000..310685e790 --- /dev/null +++ b/assets/metrics-server/service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: metrics-server + namespace: openshift-monitoring diff --git a/assets/metrics-server/service-monitor.yaml b/assets/metrics-server/service-monitor.yaml new file mode 100644 index 0000000000..e3a6761e4e --- /dev/null +++ b/assets/metrics-server/service-monitor.yaml @@ -0,0 +1,26 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: metrics-server + namespace: openshift-monitoring +spec: + endpoints: + - bearerTokenFile: "" + port: https + scheme: https + tlsConfig: + caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt + certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt + insecureSkipVerify: false + keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key + serverName: metrics-server.openshift-monitoring.svc + selector: + matchLabels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring diff --git a/assets/metrics-server/service.yaml b/assets/metrics-server/service.yaml new file mode 100644 index 0000000000..c2d2d6c0e1 --- /dev/null +++ b/assets/metrics-server/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: metrics-server-tls + labels: + app.kubernetes.io/component: metrics-server + app.kubernetes.io/managed-by: cluster-monitoring-operator + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring + name: metrics-server + namespace: openshift-monitoring +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: metrics-server + app.kubernetes.io/part-of: openshift-monitoring diff --git a/manifests/0000_50_cluster-monitoring-operator_02-role.yaml b/manifests/0000_50_cluster-monitoring-operator_02-role.yaml index 9d587026d8..fef6a4f13f 100644 --- a/manifests/0000_50_cluster-monitoring-operator_02-role.yaml +++ b/manifests/0000_50_cluster-monitoring-operator_02-role.yaml @@ -439,6 +439,30 @@ rules: - nodes/metrics verbs: - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - nonResourceURLs: - /metrics verbs: