istio.io/istio@v0.0.0-20240520182934-d79c90f27776/prow/config/metrics/metrics.yaml (about) 1 # Created with `curl -Ls https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.7.1/components.yaml > prow/config/metrics/metrics.yaml` 2 # With a startup probe and `--kubelet-insecure-tls` added. 3 apiVersion: v1 4 kind: ServiceAccount 5 metadata: 6 labels: 7 k8s-app: metrics-server 8 name: metrics-server 9 namespace: kube-system 10 --- 11 apiVersion: rbac.authorization.k8s.io/v1 12 kind: ClusterRole 13 metadata: 14 labels: 15 k8s-app: metrics-server 16 rbac.authorization.k8s.io/aggregate-to-admin: "true" 17 rbac.authorization.k8s.io/aggregate-to-edit: "true" 18 rbac.authorization.k8s.io/aggregate-to-view: "true" 19 name: system:aggregated-metrics-reader 20 rules: 21 - apiGroups: 22 - metrics.k8s.io 23 resources: 24 - pods 25 - nodes 26 verbs: 27 - get 28 - list 29 - watch 30 --- 31 apiVersion: rbac.authorization.k8s.io/v1 32 kind: ClusterRole 33 metadata: 34 labels: 35 k8s-app: metrics-server 36 name: system:metrics-server 37 rules: 38 - apiGroups: 39 - "" 40 resources: 41 - nodes/metrics 42 verbs: 43 - get 44 - apiGroups: 45 - "" 46 resources: 47 - pods 48 - nodes 49 verbs: 50 - get 51 - list 52 - watch 53 --- 54 apiVersion: rbac.authorization.k8s.io/v1 55 kind: RoleBinding 56 metadata: 57 labels: 58 k8s-app: metrics-server 59 name: metrics-server-auth-reader 60 namespace: kube-system 61 roleRef: 62 apiGroup: rbac.authorization.k8s.io 63 kind: Role 64 name: extension-apiserver-authentication-reader 65 subjects: 66 - kind: ServiceAccount 67 name: metrics-server 68 namespace: kube-system 69 --- 70 apiVersion: rbac.authorization.k8s.io/v1 71 kind: ClusterRoleBinding 72 metadata: 73 labels: 74 k8s-app: metrics-server 75 name: metrics-server:system:auth-delegator 76 roleRef: 77 apiGroup: rbac.authorization.k8s.io 78 kind: ClusterRole 79 name: system:auth-delegator 80 subjects: 81 - kind: ServiceAccount 82 name: metrics-server 83 namespace: kube-system 84 --- 85 apiVersion: rbac.authorization.k8s.io/v1 86 kind: ClusterRoleBinding 87 metadata: 88 labels: 89 k8s-app: metrics-server 90 name: system:metrics-server 91 roleRef: 92 apiGroup: rbac.authorization.k8s.io 93 kind: ClusterRole 94 name: system:metrics-server 95 subjects: 96 - kind: ServiceAccount 97 name: metrics-server 98 namespace: kube-system 99 --- 100 apiVersion: v1 101 kind: Service 102 metadata: 103 labels: 104 k8s-app: metrics-server 105 name: metrics-server 106 namespace: kube-system 107 spec: 108 ports: 109 - name: https 110 port: 443 111 protocol: TCP 112 targetPort: https 113 selector: 114 k8s-app: metrics-server 115 --- 116 apiVersion: apps/v1 117 kind: Deployment 118 metadata: 119 labels: 120 k8s-app: metrics-server 121 name: metrics-server 122 namespace: kube-system 123 spec: 124 selector: 125 matchLabels: 126 k8s-app: metrics-server 127 strategy: 128 rollingUpdate: 129 maxUnavailable: 0 130 template: 131 metadata: 132 labels: 133 k8s-app: metrics-server 134 spec: 135 containers: 136 - args: 137 - --cert-dir=/tmp 138 - --secure-port=10250 139 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 140 - --kubelet-use-node-status-port 141 - --metric-resolution=15s 142 - --kubelet-insecure-tls 143 image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 144 imagePullPolicy: IfNotPresent 145 livenessProbe: 146 failureThreshold: 3 147 httpGet: 148 path: /livez 149 port: https 150 scheme: HTTPS 151 periodSeconds: 10 152 name: metrics-server 153 ports: 154 - containerPort: 10250 155 name: https 156 protocol: TCP 157 readinessProbe: 158 failureThreshold: 3 159 httpGet: 160 path: /readyz 161 port: https 162 scheme: HTTPS 163 initialDelaySeconds: 0 164 periodSeconds: 10 165 startupProbe: 166 httpGet: 167 path: /readyz 168 port: https 169 scheme: HTTPS 170 failureThreshold: 600 171 initialDelaySeconds: 0 172 periodSeconds: 1 173 resources: 174 requests: 175 cpu: 100m 176 memory: 200Mi 177 securityContext: 178 allowPrivilegeEscalation: false 179 capabilities: 180 drop: 181 - ALL 182 readOnlyRootFilesystem: true 183 runAsNonRoot: true 184 runAsUser: 1000 185 seccompProfile: 186 type: RuntimeDefault 187 volumeMounts: 188 - mountPath: /tmp 189 name: tmp-dir 190 nodeSelector: 191 kubernetes.io/os: linux 192 priorityClassName: system-cluster-critical 193 serviceAccountName: metrics-server 194 volumes: 195 - emptyDir: {} 196 name: tmp-dir 197 --- 198 apiVersion: apiregistration.k8s.io/v1 199 kind: APIService 200 metadata: 201 labels: 202 k8s-app: metrics-server 203 name: v1beta1.metrics.k8s.io 204 spec: 205 group: metrics.k8s.io 206 groupPriorityMinimum: 100 207 insecureSkipTLSVerify: true 208 service: 209 name: metrics-server 210 namespace: kube-system 211 version: v1beta1 212 versionPriority: 100