From c4eb273641829db54bf49b7518c6dfc3c3927661 Mon Sep 17 00:00:00 2001
From: Farukh Khan <farukhkhan21@gmail.com>
Date: Wed, 5 Jan 2022 11:02:52 +0800
Subject: [PATCH] Upgrade: metrics server version bump from v0.5.0 to v0.5.2

Kubernetes Metrics Server version upgrade with the following changes:

Remove elevated permissions cap_net_bind_service from metrics-server

Fix bad architecture metadata

Fix reporting inconsistent number of nodes, caused by using invalid Kubelet node start time metric

Fix reporting partial container metrics for pod

Signed-off-by: Farukh Khan <farukhkhan21@gmail.com>
---
 .../metrics-server-deployment.yaml            | 43 +++++++++++++++++--
 .../metrics-server-service.yaml               |  3 +-
 scripts/airgap/image-list.txt                 |  2 +-
 3 files changed, 43 insertions(+), 5 deletions(-)

diff --git a/manifests/metrics-server/metrics-server-deployment.yaml b/manifests/metrics-server/metrics-server-deployment.yaml
index 11789755d9..3bad2cbc9b 100644
--- a/manifests/metrics-server/metrics-server-deployment.yaml
+++ b/manifests/metrics-server/metrics-server-deployment.yaml
@@ -39,9 +39,46 @@ spec:
         emptyDir: {}
       containers:
       - name: metrics-server
-        image: %{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.5.0
-        args: ['--cert-dir', '/tmp']
+        image: %{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.5.2
+        args:
+        - --cert-dir=/tmp
+        - --secure-port=4443
+        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
+        - --kubelet-use-node-status-port
+        - --metric-resolution=15s
+        resources:
+          requests:
+            cpu: 100m
+            memory: 70Mi
+        ports:
+        - name: https
+          containerPort: 4443
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 0
+          periodSeconds: 2
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /livez
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
         volumeMounts:
         - name: tmp-dir
           mountPath: /tmp
-
diff --git a/manifests/metrics-server/metrics-server-service.yaml b/manifests/metrics-server/metrics-server-service.yaml
index ddf6f4a8a0..f89a885ef0 100644
--- a/manifests/metrics-server/metrics-server-service.yaml
+++ b/manifests/metrics-server/metrics-server-service.yaml
@@ -12,5 +12,6 @@ spec:
     k8s-app: metrics-server
   ports:
   - port: 443
+    name: https
     protocol: TCP
-    targetPort: 443
+    targetPort: https
diff --git a/scripts/airgap/image-list.txt b/scripts/airgap/image-list.txt
index 9d8fae7329..79a7755c84 100644
--- a/scripts/airgap/image-list.txt
+++ b/scripts/airgap/image-list.txt
@@ -4,5 +4,5 @@ docker.io/rancher/local-path-provisioner:v0.0.20
 docker.io/rancher/mirrored-coredns-coredns:1.8.4
 docker.io/rancher/mirrored-library-busybox:1.32.1
 docker.io/rancher/mirrored-library-traefik:2.5.0
-docker.io/rancher/mirrored-metrics-server:v0.5.0
+docker.io/rancher/mirrored-metrics-server:v0.5.2
 docker.io/rancher/mirrored-pause:3.1