github.com/tickoalcantara12/micro/v3@v3.0.0-20221007104245-9d75b9bcbab9/scripts/kind/metrics/components.yaml (about) 1 apiVersion: rbac.authorization.k8s.io/v1 2 kind: ClusterRole 3 metadata: 4 name: system:aggregated-metrics-reader 5 labels: 6 rbac.authorization.k8s.io/aggregate-to-view: "true" 7 rbac.authorization.k8s.io/aggregate-to-edit: "true" 8 rbac.authorization.k8s.io/aggregate-to-admin: "true" 9 rules: 10 - apiGroups: ["metrics.k8s.io"] 11 resources: ["pods", "nodes"] 12 verbs: ["get", "list", "watch"] 13 --- 14 apiVersion: rbac.authorization.k8s.io/v1 15 kind: ClusterRoleBinding 16 metadata: 17 name: metrics-server:system:auth-delegator 18 roleRef: 19 apiGroup: rbac.authorization.k8s.io 20 kind: ClusterRole 21 name: system:auth-delegator 22 subjects: 23 - kind: ServiceAccount 24 name: metrics-server 25 namespace: kube-system 26 --- 27 apiVersion: rbac.authorization.k8s.io/v1 28 kind: RoleBinding 29 metadata: 30 name: metrics-server-auth-reader 31 namespace: kube-system 32 roleRef: 33 apiGroup: rbac.authorization.k8s.io 34 kind: Role 35 name: extension-apiserver-authentication-reader 36 subjects: 37 - kind: ServiceAccount 38 name: metrics-server 39 namespace: kube-system 40 --- 41 apiVersion: apiregistration.k8s.io/v1beta1 42 kind: APIService 43 metadata: 44 name: v1beta1.metrics.k8s.io 45 spec: 46 service: 47 name: metrics-server 48 namespace: kube-system 49 group: metrics.k8s.io 50 version: v1beta1 51 insecureSkipTLSVerify: true 52 groupPriorityMinimum: 100 53 versionPriority: 100 54 --- 55 apiVersion: v1 56 kind: ServiceAccount 57 metadata: 58 name: metrics-server 59 namespace: kube-system 60 --- 61 apiVersion: apps/v1 62 kind: Deployment 63 metadata: 64 name: metrics-server 65 namespace: kube-system 66 labels: 67 k8s-app: metrics-server 68 spec: 69 selector: 70 matchLabels: 71 k8s-app: metrics-server 72 template: 73 metadata: 74 name: metrics-server 75 labels: 76 k8s-app: metrics-server 77 spec: 78 serviceAccountName: metrics-server 79 volumes: 80 - # mount in tmp so we can safely use from-scratch images and/or read-only containers 81 name: tmp-dir 82 emptyDir: {} 83 containers: 84 - name: metrics-server 85 image: k8s.gcr.io/metrics-server/metrics-server:v0.3.7 86 imagePullPolicy: IfNotPresent 87 args: 88 - --cert-dir=/tmp 89 - --secure-port=4443 90 - --kubelet-insecure-tls 91 ports: 92 - name: main-port 93 containerPort: 4443 94 protocol: TCP 95 securityContext: 96 readOnlyRootFilesystem: true 97 runAsNonRoot: true 98 runAsUser: 1000 99 volumeMounts: 100 - name: tmp-dir 101 mountPath: /tmp 102 nodeSelector: 103 kubernetes.io/os: linux 104 kubernetes.io/arch: "amd64" 105 --- 106 apiVersion: v1 107 kind: Service 108 metadata: 109 name: metrics-server 110 namespace: kube-system 111 labels: 112 kubernetes.io/name: "Metrics-server" 113 kubernetes.io/cluster-service: "true" 114 spec: 115 selector: 116 k8s-app: metrics-server 117 ports: 118 - port: 443 119 protocol: TCP 120 targetPort: main-port 121 --- 122 apiVersion: rbac.authorization.k8s.io/v1 123 kind: ClusterRole 124 metadata: 125 name: system:metrics-server 126 rules: 127 - apiGroups: 128 - "" 129 resources: 130 - pods 131 - nodes 132 - nodes/stats 133 - namespaces 134 - configmaps 135 verbs: 136 - get 137 - list 138 - watch 139 --- 140 apiVersion: rbac.authorization.k8s.io/v1 141 kind: ClusterRoleBinding 142 metadata: 143 name: system:metrics-server 144 roleRef: 145 apiGroup: rbac.authorization.k8s.io 146 kind: ClusterRole 147 name: system:metrics-server 148 subjects: 149 - kind: ServiceAccount 150 name: metrics-server 151 namespace: kube-system