Update metrics-server to 0.5.0 (#7864)

2026-02-28 09:39:12 +03:00 · 2021-08-12 17:19:48 +02:00
parent c119620f7c
commit c06896a352
4 changed files with 31 additions and 28 deletions
--- a/roles/kubernetes-apps/metrics_server/defaults/main.yml
+++ b/roles/kubernetes-apps/metrics_server/defaults/main.yml
@@ -1,16 +1,16 @@
 ---
 metrics_server_kubelet_insecure_tls: true
 metrics_server_kubelet_preferred_address_types: "InternalIP"
-metrics_server_metric_resolution: 60s
-metrics_server_cpu: 40m
-metrics_server_memory: 35Mi
-metrics_server_memory_per_node: 4Mi
-metrics_server_min_cluster_size: 5
-metrics_server_limits_cpu: 43m
-metrics_server_limits_memory: 55Mi
-metrics_server_requests_cpu: 43m
-metrics_server_requests_memory: 55Mi
-addon_resizer_limits_cpu: 100m
-addon_resizer_limits_memory: 300Mi
-addon_resizer_requests_cpu: 5m
-addon_resizer_requests_memory: 50Mi
+metrics_server_metric_resolution: 15s
+metrics_server_cpu: 20m
+metrics_server_memory: 15Mi
+metrics_server_memory_per_node: 2Mi
+metrics_server_min_cluster_size: 10
+metrics_server_limits_cpu: 100m
+metrics_server_limits_memory: 200Mi
+metrics_server_requests_cpu: 100m
+metrics_server_requests_memory: 200Mi
+addon_resizer_limits_cpu: 40m
+addon_resizer_limits_memory: 25Mi
+addon_resizer_requests_cpu: 40m
+addon_resizer_requests_memory: 25Mi
--- a/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
+++ b/roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
@@ -13,6 +13,9 @@ spec:
    matchLabels:
      app.kubernetes.io/name: metrics-server
      version: {{ metrics_server_version }}
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 0
  template:
    metadata:
      name: metrics-server
@@ -28,11 +31,10 @@ spec:
      - name: metrics-server
        image: {{ metrics_server_image_repo }}:{{ metrics_server_image_tag }}
        imagePullPolicy: {{ k8s_image_pull_policy }}
-        command:
-        - /metrics-server
+        args:
        - --logtostderr
        - --cert-dir=/tmp
-        - --secure-port=8443
+        - --secure-port=443
 {% if metrics_server_kubelet_preferred_address_types %}
        - --kubelet-preferred-address-types={{ metrics_server_kubelet_preferred_address_types }}
 {% endif %}
@@ -41,12 +43,8 @@ spec:
        - --kubelet-insecure-tls
 {% endif %}
        - --metric-resolution={{ metrics_server_metric_resolution }}
-        resources:
-          requests:
-            cpu: 100m
-            memory: 300Mi
        ports:
-        - containerPort: 8443
+        - containerPort: 443
          name: https
          protocol: TCP
        volumeMounts:
@@ -54,20 +52,25 @@ spec:
          mountPath: /tmp
        livenessProbe:
          httpGet:
-            path: /healthz?exclude=readyz
+            path: /livez
            port: https
            scheme: HTTPS
-          timeoutSeconds: 10
+          periodSeconds: 10
+          failureThreshold: 3
+          initialDelaySeconds: 40
        readinessProbe:
          httpGet:
-            path: /healthz?exclude=livez
+            path: /readyz
            port: https
            scheme: HTTPS
-          timeoutSeconds: 10
+          periodSeconds: 10
+          failureThreshold: 3
+          initialDelaySeconds: 40
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ["all"]
+            add: ["CAP_NET_BIND_SERVICE"]
          readOnlyRootFilesystem: true
          runAsGroup: 10001
          runAsNonRoot: true
@@ -105,7 +108,7 @@ spec:
          - /pod_nanny
          - --config-dir=/etc/config
          - --cpu={{ metrics_server_cpu }}
-          - --extra-cpu=0.5m
+          - --extra-cpu=1m
          - --memory={{ metrics_server_memory }}
          - --extra-memory={{ metrics_server_memory_per_node }}
          - --threshold=5