From 6a54444104eb8d72c277be047758a80a1024a27e Mon Sep 17 00:00:00 2001 From: Erik Wilson Date: Wed, 10 Apr 2019 18:10:31 +0000 Subject: [PATCH] Add recipes Create initial recipes directory with metrics-server modified for deployment in current k3s configuration. --- .../aggregated-metrics-reader.yaml | 12 +++++ recipes/metrics-server/auth-delegator.yaml | 13 ++++++ recipes/metrics-server/auth-reader.yaml | 14 ++++++ .../metrics-server/metrics-apiservice.yaml | 14 ++++++ .../metrics-server-deployment.yaml | 44 +++++++++++++++++++ .../metrics-server-service.yaml | 15 +++++++ recipes/metrics-server/resource-reader.yaml | 29 ++++++++++++ 7 files changed, 141 insertions(+) create mode 100644 recipes/metrics-server/aggregated-metrics-reader.yaml create mode 100644 recipes/metrics-server/auth-delegator.yaml create mode 100644 recipes/metrics-server/auth-reader.yaml create mode 100644 recipes/metrics-server/metrics-apiservice.yaml create mode 100644 recipes/metrics-server/metrics-server-deployment.yaml create mode 100644 recipes/metrics-server/metrics-server-service.yaml create mode 100644 recipes/metrics-server/resource-reader.yaml diff --git a/recipes/metrics-server/aggregated-metrics-reader.yaml b/recipes/metrics-server/aggregated-metrics-reader.yaml new file mode 100644 index 0000000000..cdf3415fdd --- /dev/null +++ b/recipes/metrics-server/aggregated-metrics-reader.yaml @@ -0,0 +1,12 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:aggregated-metrics-reader + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: ["metrics.k8s.io"] + resources: ["pods"] + verbs: ["get", "list", "watch"] diff --git a/recipes/metrics-server/auth-delegator.yaml b/recipes/metrics-server/auth-delegator.yaml new file mode 100644 index 0000000000..e3442c5750 --- /dev/null +++ b/recipes/metrics-server/auth-delegator.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/recipes/metrics-server/auth-reader.yaml b/recipes/metrics-server/auth-reader.yaml new file mode 100644 index 0000000000..f0616e1635 --- /dev/null +++ b/recipes/metrics-server/auth-reader.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system diff --git a/recipes/metrics-server/metrics-apiservice.yaml b/recipes/metrics-server/metrics-apiservice.yaml new file mode 100644 index 0000000000..08b0530d80 --- /dev/null +++ b/recipes/metrics-server/metrics-apiservice.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + name: v1beta1.metrics.k8s.io +spec: + service: + name: metrics-server + namespace: kube-system + group: metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: true + groupPriorityMinimum: 100 + versionPriority: 100 diff --git a/recipes/metrics-server/metrics-server-deployment.yaml b/recipes/metrics-server/metrics-server-deployment.yaml new file mode 100644 index 0000000000..4bedde4561 --- /dev/null +++ b/recipes/metrics-server/metrics-server-deployment.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metrics-server + namespace: kube-system +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: metrics-server + namespace: kube-system + labels: + k8s-app: metrics-server +spec: + selector: + matchLabels: + k8s-app: metrics-server + template: + metadata: + name: metrics-server + labels: + k8s-app: metrics-server + spec: + serviceAccountName: metrics-server + volumes: + # mount in tmp so we can safely use from-scratch images and/or read-only containers + - name: tmp-dir + emptyDir: {} + containers: + - name: metrics-server + command: + - /metrics-server + - --logtostderr + # - --v=2 + # - --metric-resolution=10s + - --kubelet-insecure-tls + - --kubelet-preferred-address-types=InternalIP + image: k8s.gcr.io/metrics-server-amd64:v0.3.1 + imagePullPolicy: Always + volumeMounts: + - name: tmp-dir + mountPath: /tmp + diff --git a/recipes/metrics-server/metrics-server-service.yaml b/recipes/metrics-server/metrics-server-service.yaml new file mode 100644 index 0000000000..082b00c199 --- /dev/null +++ b/recipes/metrics-server/metrics-server-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: metrics-server + namespace: kube-system + labels: + kubernetes.io/name: "Metrics-server" +spec: + selector: + k8s-app: metrics-server + ports: + - port: 443 + protocol: TCP + targetPort: 443 diff --git a/recipes/metrics-server/resource-reader.yaml b/recipes/metrics-server/resource-reader.yaml new file mode 100644 index 0000000000..4f9877203f --- /dev/null +++ b/recipes/metrics-server/resource-reader.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system