mirror of https://github.com/k3s-io/k3s
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.5 KiB
90 lines
2.5 KiB
--- |
|
apiVersion: v1 |
|
kind: ServiceAccount |
|
metadata: |
|
name: metrics-server |
|
namespace: kube-system |
|
--- |
|
apiVersion: apps/v1 |
|
kind: Deployment |
|
metadata: |
|
name: metrics-server |
|
namespace: kube-system |
|
labels: |
|
k8s-app: metrics-server |
|
spec: |
|
revisionHistoryLimit: 0 |
|
strategy: |
|
type: RollingUpdate |
|
rollingUpdate: |
|
maxUnavailable: 1 |
|
selector: |
|
matchLabels: |
|
k8s-app: metrics-server |
|
template: |
|
metadata: |
|
name: metrics-server |
|
labels: |
|
k8s-app: metrics-server |
|
spec: |
|
priorityClassName: "system-node-critical" |
|
serviceAccountName: metrics-server |
|
tolerations: |
|
- key: "CriticalAddonsOnly" |
|
operator: "Exists" |
|
- key: "node-role.kubernetes.io/control-plane" |
|
operator: "Exists" |
|
effect: "NoSchedule" |
|
- key: "node-role.kubernetes.io/master" |
|
operator: "Exists" |
|
effect: "NoSchedule" |
|
volumes: |
|
# mount in tmp so we can safely use from-scratch images and/or read-only containers |
|
- name: tmp-dir |
|
emptyDir: {} |
|
containers: |
|
- name: metrics-server |
|
image: %{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.7.0 |
|
args: |
|
- --cert-dir=/tmp |
|
- --secure-port=10250 |
|
- --kubelet-preferred-address-types=%{PREFERRED_ADDRESS_TYPES}% |
|
- --kubelet-use-node-status-port |
|
- --metric-resolution=15s |
|
- --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 |
|
resources: |
|
requests: |
|
cpu: 100m |
|
memory: 70Mi |
|
ports: |
|
- name: https |
|
containerPort: 10250 |
|
protocol: TCP |
|
readinessProbe: |
|
httpGet: |
|
path: /readyz |
|
port: https |
|
scheme: HTTPS |
|
initialDelaySeconds: 0 |
|
periodSeconds: 2 |
|
timeoutSeconds: 1 |
|
successThreshold: 1 |
|
failureThreshold: 3 |
|
livenessProbe: |
|
httpGet: |
|
path: /livez |
|
port: https |
|
scheme: HTTPS |
|
initialDelaySeconds: 60 |
|
periodSeconds: 10 |
|
timeoutSeconds: 1 |
|
successThreshold: 1 |
|
failureThreshold: 3 |
|
securityContext: |
|
readOnlyRootFilesystem: true |
|
runAsNonRoot: true |
|
runAsUser: 1000 |
|
allowPrivilegeEscalation: false |
|
volumeMounts: |
|
- name: tmp-dir |
|
mountPath: /tmp
|
|
|