Merge pull request #1015 from erikwilson/metrics-server

Add default multi-arch metrics-server deployment
5 years ago · 9cb7416913
parent 931f63073f c4eb6ea3ef
commit 9cb7416913
4 changed files with 170 additions and 12 deletions
--- a/manifests/metrics-server.yaml
+++ b/manifests/metrics-server.yaml
@ -0,0 +1,135 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  - nodes/stats
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:aggregated-metrics-reader
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["pods", "nodes"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+      # mount in tmp so we can safely use from-scratch images and/or read-only containers
+      - name: tmp-dir
+        emptyDir: {}
+      containers:
+      - name: metrics-server
+        image: rancher/metrics-server:v0.3.6
+        volumeMounts:
+        - name: tmp-dir
+          mountPath: /tmp
--- a/pkg/cli/cmds/server.go
+++ b/pkg/cli/cmds/server.go
@ -225,7 +225,7 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command {
 			},
 			cli.StringSliceFlag{
 				Name:  "no-deploy",
-				Usage: "(components) Do not deploy packaged components (valid items: coredns, servicelb, traefik, local-storage)",
+				Usage: "(components) Do not deploy packaged components (valid items: coredns, servicelb, traefik, local-storage, metrics-server)",
 			},
 			cli.BoolFlag{
 				Name:        "disable-scheduler",
--- a/pkg/deploy/zz_generated_bindata.go
+++ b/pkg/deploy/zz_generated_bindata.go
@ -3,6 +3,7 @@
 // manifests/ccm.yaml
 // manifests/coredns.yaml
 // manifests/local-storage.yaml
+// manifests/metrics-server.yaml
 // manifests/rolebindings.yaml
 // manifests/traefik.yaml
 package deploy
@ -141,6 +142,26 @@ func localStorageYaml() (*asset, error) {
 	return a, nil
 }

+var _metricsServerYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x55\x4d\x6f\x1b\x37\x10\xbd\xef\xaf\x18\x6c\xaf\xa5\xe4\x20\x41\x11\xf0\x96\x26\x40\x51\x20\x2e\x84\x38\xf0\xc5\xf0\x81\xe2\x8e\x56\xac\x96\x1f\x18\xce\xca\x55\x8b\xfe\xf7\x82\xfb\x25\xad\x3e\xb6\xb2\x0d\x03\x39\x69\x45\xf2\xcd\xbc\x79\x7c\x33\x14\x42\x64\x2a\x98\x7b\xa4\x68\xbc\x93\x40\x4b\xa5\x67\xaa\xe6\xb5\x27\xf3\xb7\x62\xe3\xdd\x6c\xf3\x31\xce\x8c\x9f\x6f\xdf\x65\x1b\xe3\x0a\x09\x9f\xab\x3a\x32\xd2\x37\x5f\x61\x66\x91\x55\xa1\x58\xc9\x0c\xc0\x29\x8b\x12\xe2\x2e\x32\x5a\x69\x91\xc9\xe8\x28\x22\xd2\x16\x29\xa3\xba\xc2\x28\x33\x01\x2a\x98\xdf\xc8\xd7\x21\x26\x84\x80\x3c\xcf\x00\x08\xa3\xaf\x49\x63\xb7\x16\x7c\x11\x9b\x0f\xe7\x0b\x3c\xf8\x9a\x47\x56\xdc\xfd\x57\x16\x63\x50\xba\xd9\xde\x22\x2d\x3b\x68\x89\xdc\xfc\x56\x26\xb6\x1f\x4f\x8a\xf5\x3a\x7b\x5d\x91\xbf\x1a\x57\x18\x57\x5e\x5f\xab\xaf\xf0\x1b\xae\xd2\xb1\xbe\xda\x89\x94\x19\xc0\xa9\xac\xd3\x09\x62\xbd\xfc\x13\x35\x37\x7a\xb6\xd8\x3b\xa4\xad\xd1\xf8\x49\x6b\x5f\x3b\x1e\xe0\x47\x38\xd8\xeb\x26\x61\x53\x2f\x51\xb4\xf1\x9f\xa5\xcf\x12\x59\xf5\x22\x4d\xab\x33\xce\x2e\x52\x3c\x41\xa8\x8a\x29\x26\x2f\xd4\x6e\x24\x1a\xfe\xc5\xe8\x52\x21\x42\x05\x73\x90\x1c\x1d\x1b\xdd\xc0\x7b\x1a\x3f\x8c\x90\x57\xb9\x6d\x4c\x42\x76\xde\x68\x64\x2d\xb0\xc2\x52\xb1\x7f\x0b\xf3\x1d\x25\x78\x13\xcd\x4e\x49\x5c\xdd\xae\x17\xbb\x52\x95\x25\x25\xce\x58\x88\x9e\xca\xe0\xbe\x4a\x2d\xb1\x6a\x66\x06\x4c\x44\x1f\x22\x08\xf6\x62\x6b\xf0\x49\x42\xce\x54\x63\xfe\x1c\x1c\x16\x86\x5f\x82\x53\x85\x35\x6e\x00\x9e\x99\x9f\xf0\x90\x77\x75\x75\xf8\xfc\x71\x34\x4b\xe1\x21\x4f\x93\x34\xff\x19\xf2\x66\x7c\x36\xdb\xed\xac\x84\x87\xbc\x44\x4e\x3b\x69\x50\xa6\xdf\x66\x4e\xe6\x8f\x27\x06\x56\xc1\x10\x96\x26\x32\x4d\xb8\xf7\xd3\xe2\xf7\xce\x03\x67\x6e\xa3\x3b\x3a\x1b\x73\xcd\x62\x40\x9d\x0e\xc5\x16\xd8\x5e\xc5\x05\xe3\x5c\xb4\x0e\x40\xd9\x1a\xfc\x28\x78\x53\x67\x5b\x40\xcf\x14\xc0\xb8\x88\xba\x26\xbc\xdb\x98\xf0\xfd\xeb\xdd\x3d\x92\x59\xed\x24\x24\x7d\xfb\x40\x0b\x32\x9e\x0c\xef\x6e\x8d\x33\xb6\xb6\x12\xde\xdd\xdc\xec\x83\xf5\xbb\xed\xf2\xb1\x52\xc3\xcb\x71\x59\x8a\x6b\x3b\x62\xec\xcf\xb4\x43\x0e\x19\x1b\xe5\xdb\x48\xf9\xed\x28\x54\x7e\xe6\xa0\x6e\x9b\x49\xf4\x02\xf7\x4e\xda\x0b\x5f\xa1\x66\x4f\x5d\x92\x8f\x51\xa8\x10\xce\x70\x0c\x9e\x78\x78\x98\x89\x25\x7c\xf8\xf0\xbe\x81\x04\xf2\xec\xb5\xaf\x24\x7c\xff\xbc\x68\x56\x58\x51\x89\xbc\x18\x4e\xfd\x9f\x44\xfd\xc4\x78\xb9\x52\xa7\x76\x0d\x71\xff\x86\x7f\xc1\x50\xf9\x9d\xc5\x57\xa5\x38\xba\x8c\x0b\x3a\x9d\x57\xd5\xa6\xae\xfa\x7a\x00\x9f\x12\x9a\xd1\x86\x4a\x71\xd7\x0a\x87\x84\x27\x5b\x63\xcc\x6f\x3a\x05\x40\xcf\xb3\xf9\x1e\xdd\xc2\x1f\x97\x13\x6c\x7d\x55\x5b\x1c\x32\xfc\x04\x36\x01\xc0\x38\x60\x1b\x20\x7a\x78\x42\xd0\xca\x41\x54\x2b\xac\x76\x50\x47\x84\x15\x79\x2b\xa2\xa6\x24\x00\x18\xab\x4a\x8c\xa0\x5c\x31\xf7\x04\x69\x08\x0b\xef\xaa\x1d\x68\xef\x58\x19\x87\x14\xbb\xc8\xa2\x2b\x93\x6d\x10\x85\xa1\xa1\x22\xb4\x81\x77\x5f\x0c\x49\xf8\xe7\xdf\x6e\x71\x8f\x95\x47\xe0\xb3\x25\x40\x4b\x42\x02\x29\xa7\xd7\x48\xf3\xa3\xc7\x74\x7b\x33\x7b\x3f\xfb\x65\x38\xdc\x56\x7c\x9b\xca\x3c\x10\xf6\x12\x3d\x68\x05\x59\x28\x5e\x4b\x98\xb3\x0d\xd9\x7f\x01\x00\x00\xff\xff\x67\x49\xf7\x31\x56\x0b\x00\x00")
+
+func metricsServerYamlBytes() ([]byte, error) {
+	return bindataRead(
+		_metricsServerYaml,
+		"metrics-server.yaml",
+	)
+}
+
+func metricsServerYaml() (*asset, error) {
+	bytes, err := metricsServerYamlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "metrics-server.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
 var _rolebindingsYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x92\x31\x6f\xe3\x30\x0c\x85\x77\xfd\x0a\x21\xbb\x72\x38\xdc\x72\xf0\xd8\x0e\xdd\x03\xb4\x3b\x6d\xb3\x09\x6b\x59\x14\x48\x2a\x41\xfb\xeb\x0b\xa7\x6e\x82\xa4\x76\x90\xb4\xdd\x24\x41\x7c\x1f\x1f\xf9\x20\xd3\x13\x8a\x12\xa7\xca\x4b\x0d\xcd\x12\x8a\x6d\x58\xe8\x0d\x8c\x38\x2d\xbb\xff\xba\x24\xfe\xb3\xfd\xeb\x3a\x4a\x6d\xe5\xef\x63\x51\x43\x59\x71\xc4\x3b\x4a\x2d\xa5\xb5\xeb\xd1\xa0\x05\x83\xca\x79\x9f\xa0\xc7\xca\x77\xa5\xc6\x00\x99\x14\x65\x8b\x12\x86\x6b\x44\x0b\xd0\xf6\x94\x9c\x70\xc4\x15\x3e\x0f\xbf\x21\xd3\x83\x70\xc9\x17\xc8\xce\xfb\x2f\xe0\x03\x47\x5f\xd5\xb0\xaf\x0e\xfa\x99\x46\x86\x96\xfa\x05\x1b\xd3\xca\x85\x9b\x20\x8f\x8a\x32\xe3\xc2\xb9\x10\x82\xfb\xfe\xb4\x26\xc6\xf4\xd9\xfe\x3f\x0d\x0d\x27\x13\x8e\x11\xc5\x49\x89\x78\xd2\xb8\x0e\x15\xc1\x2f\x16\xce\x7b\x41\xe5\x22\x0d\x8e\x6f\x89\x5b\x54\xe7\xfd\x16\xa5\x1e\x9f\xd6\x68\x57\xd6\x42\x8f\x9a\xa1\x39\x17\x88\xa4\xb6\x3f\xec\xc0\x9a\xcd\x84\x56\x42\xdb\xb1\x74\x94\xd6\xa3\xdf\x29\xf1\x8f\x3f\x99\x23\x35\x74\x33\x61\x42\x10\x53\x9b\x99\x92\xe9\xfe\x96\xb9\x9d\xd3\x1c\xfc\x1f\xb5\x7f\xb8\xb4\xf9\x88\xcf\xec\xee\xf7\xb3\x7d\x0a\x38\x06\x7b\xf0\x78\x1d\xe3\x2c\xdc\x97\x01\xef\x01\x00\x00\xff\xff\x46\xd3\x6d\x9d\x0f\x04\x00\x00")

 func rolebindingsYamlBytes() ([]byte, error) {
@ -233,11 +254,12 @@ func AssetNames() []string {

 // _bindata is a table, holding each asset generator, mapped to its name.
 var _bindata = map[string]func() (*asset, error){
-	"ccm.yaml":           ccmYaml,
-	"coredns.yaml":       corednsYaml,
-	"local-storage.yaml": localStorageYaml,
-	"rolebindings.yaml":  rolebindingsYaml,
-	"traefik.yaml":       traefikYaml,
+	"ccm.yaml":            ccmYaml,
+	"coredns.yaml":        corednsYaml,
+	"local-storage.yaml":  localStorageYaml,
+	"metrics-server.yaml": metricsServerYaml,
+	"rolebindings.yaml":   rolebindingsYaml,
+	"traefik.yaml":        traefikYaml,
 }

 // AssetDir returns the file names below a certain
@ -281,11 +303,12 @@ type bintree struct {
 }

 var _bintree = &bintree{nil, map[string]*bintree{
-	"ccm.yaml":           &bintree{ccmYaml, map[string]*bintree{}},
-	"coredns.yaml":       &bintree{corednsYaml, map[string]*bintree{}},
-	"local-storage.yaml": &bintree{localStorageYaml, map[string]*bintree{}},
-	"rolebindings.yaml":  &bintree{rolebindingsYaml, map[string]*bintree{}},
-	"traefik.yaml":       &bintree{traefikYaml, map[string]*bintree{}},
+	"ccm.yaml":            &bintree{ccmYaml, map[string]*bintree{}},
+	"coredns.yaml":        &bintree{corednsYaml, map[string]*bintree{}},
+	"local-storage.yaml":  &bintree{localStorageYaml, map[string]*bintree{}},
+	"metrics-server.yaml": &bintree{metricsServerYaml, map[string]*bintree{}},
+	"rolebindings.yaml":   &bintree{rolebindingsYaml, map[string]*bintree{}},
+	"traefik.yaml":        &bintree{traefikYaml, map[string]*bintree{}},
 }}

 // RestoreAsset restores an asset under the given directory
--- a/scripts/sonobuoy
+++ b/scripts/sonobuoy
@ -212,7 +212,7 @@ echo "Started ${K3S_AGENT}"
 # ---

 timeout --foreground 1m bash -c 'wait-for-nodes 2'
-timeout --foreground 1m bash -c 'wait-for-services coredns local-path-provisioner'
+timeout --foreground 1m bash -c 'wait-for-services coredns local-path-provisioner metrics-server'

 if [ "$ARCH" = 'arm' ]; then
    echo "Aborting sonobuoy tests, images not available for $ARCH"