mirror of https://github.com/k3s-io/k3s
85 lines
2.2 KiB
YAML
85 lines
2.2 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: metrics-server
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: metrics-server
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: metrics-server
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: metrics-server
|
|
template:
|
|
metadata:
|
|
name: metrics-server
|
|
labels:
|
|
k8s-app: metrics-server
|
|
spec:
|
|
priorityClassName: "system-node-critical"
|
|
serviceAccountName: metrics-server
|
|
tolerations:
|
|
- key: "CriticalAddonsOnly"
|
|
operator: "Exists"
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
volumes:
|
|
# mount in tmp so we can safely use from-scratch images and/or read-only containers
|
|
- name: tmp-dir
|
|
emptyDir: {}
|
|
containers:
|
|
- name: metrics-server
|
|
image: %{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.6.1
|
|
args:
|
|
- --cert-dir=/tmp
|
|
- --secure-port=10250
|
|
- --kubelet-preferred-address-types=%{PREFERRED_ADDRESS_TYPES}%
|
|
- --kubelet-use-node-status-port
|
|
- --metric-resolution=15s
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 70Mi
|
|
ports:
|
|
- name: https
|
|
containerPort: 10250
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: https
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 2
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /livez
|
|
port: https
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 10
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
allowPrivilegeEscalation: false
|
|
volumeMounts:
|
|
- name: tmp-dir
|
|
mountPath: /tmp
|