Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2022 from slashpai/metrics-server
MON-3211: Implement switching to metrics-server
- Loading branch information
Showing
26 changed files
with
1,115 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
Documentation/openshiftdocs/modules/metricsserverconfig.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
// DO NOT EDIT THE CONTENT IN THIS FILE. It is automatically generated from the | ||
// source code for the Cluster Monitoring Operator. Any changes made to this | ||
// file will be overwritten when the content is re-generated. If you wish to | ||
// make edits, read the docgen utility instructions in the source code for the | ||
// CMO. | ||
:_content-type: ASSEMBLY | ||
|
||
== MetricsServerConfig | ||
|
||
=== Description | ||
|
||
The `MetricsServerConfig` resource defines settings for the MetricsServer component. | ||
|
||
|
||
|
||
Appears in: link:clustermonitoringconfiguration.adoc[ClusterMonitoringConfiguration] | ||
|
||
[options="header"] | ||
|=== | ||
| Property | Type | Description | ||
|nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled. | ||
|
||
|tolerations|[]v1.Toleration|Defines tolerations for the pods. | ||
|
||
|resources|*v1.ResourceRequirements|Defines resource requests and limits for the Metrics Server container. | ||
|
||
|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines a pod's topology spread constraints. | ||
|
||
|=== | ||
|
||
link:../index.adoc[Back to TOC] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
apiVersion: apiregistration.k8s.io/v1 | ||
kind: APIService | ||
metadata: | ||
annotations: | ||
service.beta.openshift.io/inject-cabundle: "true" | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: v1beta1.metrics.k8s.io | ||
spec: | ||
group: metrics.k8s.io | ||
groupPriorityMinimum: 100 | ||
insecureSkipTLSVerify: false | ||
service: | ||
name: metrics-server | ||
namespace: openshift-monitoring | ||
version: v1beta1 | ||
versionPriority: 100 |
17 changes: 17 additions & 0 deletions
17
assets/metrics-server/cluster-role-binding-auth-delegator.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: auth-delegator | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: metrics-server:system:auth-delegator | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: system:auth-delegator | ||
subjects: | ||
- kind: ServiceAccount | ||
name: metrics-server | ||
namespace: openshift-monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
labels: | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: system:metrics-server | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: system:metrics-server | ||
subjects: | ||
- kind: ServiceAccount | ||
name: metrics-server | ||
namespace: openshift-monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: system:metrics-server | ||
rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- nodes/metrics | ||
verbs: | ||
- get | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- pods | ||
- nodes | ||
verbs: | ||
- get | ||
- list | ||
- watch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: metrics-server | ||
namespace: openshift-monitoring | ||
spec: | ||
replicas: 2 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
strategy: | ||
rollingUpdate: | ||
maxUnavailable: 1 | ||
template: | ||
metadata: | ||
annotations: | ||
target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
spec: | ||
affinity: | ||
podAntiAffinity: | ||
requiredDuringSchedulingIgnoredDuringExecution: | ||
- labelSelector: | ||
matchLabels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
namespaces: | ||
- openshift-monitoring | ||
topologyKey: kubernetes.io/hostname | ||
containers: | ||
- args: | ||
- --secure-port=10250 | ||
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname | ||
- --kubelet-use-node-status-port | ||
- --metric-resolution=15s | ||
- --kubelet-certificate-authority=/etc/tls/kubelet-serving-ca-bundle/ca-bundle.crt | ||
- --kubelet-client-certificate=/etc/tls/metrics-client-certs/tls.crt | ||
- --kubelet-client-key=/etc/tls/metrics-client-certs/tls.key | ||
- --tls-cert-file=/etc/tls/private/tls.crt | ||
- --tls-private-key-file=/etc/tls/private/tls.key | ||
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | ||
image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 | ||
imagePullPolicy: IfNotPresent | ||
livenessProbe: | ||
failureThreshold: 3 | ||
httpGet: | ||
path: /livez | ||
port: https | ||
scheme: HTTPS | ||
periodSeconds: 10 | ||
name: metrics-server | ||
ports: | ||
- containerPort: 10250 | ||
name: https | ||
protocol: TCP | ||
readinessProbe: | ||
failureThreshold: 3 | ||
httpGet: | ||
path: /readyz | ||
port: https | ||
scheme: HTTPS | ||
initialDelaySeconds: 20 | ||
periodSeconds: 10 | ||
resources: | ||
requests: | ||
cpu: 1m | ||
memory: 40Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
readOnlyRootFilesystem: true | ||
runAsNonRoot: true | ||
volumeMounts: | ||
- mountPath: /etc/tls/private | ||
name: secret-metrics-server-tls | ||
- mountPath: /etc/tls/metrics-client-certs | ||
name: secret-metrics-client-certs | ||
- mountPath: /etc/tls/kubelet-serving-ca-bundle | ||
name: configmap-kubelet-serving-ca-bundle | ||
nodeSelector: | ||
kubernetes.io/os: linux | ||
priorityClassName: system-cluster-critical | ||
serviceAccountName: metrics-server | ||
volumes: | ||
- name: secret-metrics-client-certs | ||
secret: | ||
secretName: metrics-client-certs | ||
- name: secret-metrics-server-tls | ||
secret: | ||
secretName: metrics-server-tls | ||
- configMap: | ||
name: kubelet-serving-ca-bundle | ||
name: configmap-kubelet-serving-ca-bundle |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: policy/v1 | ||
kind: PodDisruptionBudget | ||
metadata: | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: metrics-server | ||
namespace: openshift-monitoring | ||
spec: | ||
minAvailable: 1 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server-auth-reader | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: metrics-server-auth-reader | ||
namespace: kube-system | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: extension-apiserver-authentication-reader | ||
subjects: | ||
- kind: ServiceAccount | ||
name: metrics-server | ||
namespace: openshift-monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: metrics-server | ||
namespace: openshift-monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
apiVersion: monitoring.coreos.com/v1 | ||
kind: ServiceMonitor | ||
metadata: | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: metrics-server | ||
namespace: openshift-monitoring | ||
spec: | ||
endpoints: | ||
- bearerTokenFile: "" | ||
port: https | ||
scheme: https | ||
tlsConfig: | ||
caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt | ||
certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt | ||
insecureSkipVerify: false | ||
keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key | ||
serverName: metrics-server.openshift-monitoring.svc | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
annotations: | ||
service.beta.openshift.io/serving-cert-secret-name: metrics-server-tls | ||
labels: | ||
app.kubernetes.io/component: metrics-server | ||
app.kubernetes.io/managed-by: cluster-monitoring-operator | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring | ||
name: metrics-server | ||
namespace: openshift-monitoring | ||
spec: | ||
ports: | ||
- name: https | ||
port: 443 | ||
protocol: TCP | ||
targetPort: https | ||
selector: | ||
app.kubernetes.io/name: metrics-server | ||
app.kubernetes.io/part-of: openshift-monitoring |
Oops, something went wrong.