diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 2703e05933e6a..5432d1a6d24f2 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785cc38..658d9975d5dba 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 554642572b55b..5d5d625dd9279 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785cc38..658d9975d5dba 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index daa1516551ad5..2c3989330c156 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785cc38..658d9975d5dba 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index bd6c8ac67fee2..9e1ed4549a603 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -56,7 +56,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785cc38..658d9975d5dba 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index b5be21ae4f2e3..3a8548616fedc 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785cc38..658d9975d5dba 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 05c1b7bddaa57..e04e206ab3430 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: bc9afaa3bbf77cb6be3666cf2d048f21bed0003987ba01b75e5804703039aee9 + manifestHash: f5a15bd72ed37b6a3e36df1bddd77c6440f6b067c3b97f3d216e24d2ed014826 name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index e51278e2bab64..f577aac2f1f08 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=InternalIP - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content index 3086d7270564d..e69a36afd4aaa 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785cc38..658d9975d5dba 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/upup/models/cloudup/resources/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml.template b/upup/models/cloudup/resources/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml.template index 6d7485ac7a686..31cd9ae1def93 100644 --- a/upup/models/cloudup/resources/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml.template +++ b/upup/models/cloudup/resources/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml.template @@ -1,4 +1,4 @@ -# sourced from https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.5.0/components.yaml +# sourced from https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.7.1/components.yaml --- apiVersion: v1 kind: ServiceAccount @@ -35,14 +35,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -129,20 +132,20 @@ spec: spec: containers: - args: - - --secure-port=4443 - - --kubelet-use-node-status-port - - --metric-resolution=15s - - --kubelet-preferred-address-types={{ if or IsIPv6Only (not (eq GetCloudProvider "aws"))}}InternalIP{{ else }}Hostname{{ end }} + - --secure-port=4443 + - --kubelet-use-node-status-port + - --metric-resolution=15s + - --kubelet-preferred-address-types={{ if or IsIPv6Only (not (eq GetCloudProvider "aws"))}}InternalIP{{ else }}Hostname{{ end }} {{ if not (WithDefaultBool .MetricsServer.Insecure true) }} - - --tls-cert-file=/srv/tls.crt - - --tls-private-key-file=/srv/tls.key + - --tls-cert-file=/srv/tls.crt + - --tls-private-key-file=/srv/tls.key {{ else }} - - --cert-dir=/tmp + - --cert-dir=/tmp {{ end }} {{ if WithDefaultBool .MetricsServer.Insecure true }} - - --kubelet-insecure-tls + - --kubelet-insecure-tls {{ end }} - image: {{ or .MetricsServer.Image "registry.k8s.io/metrics-server/metrics-server:v0.6.4" }} + image: {{ or .MetricsServer.Image "registry.k8s.io/metrics-server/metrics-server:v0.7.1" }} imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -164,10 +167,20 @@ spec: scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: {{ if not (WithDefaultBool .MetricsServer.Insecure true) }} - name: certs @@ -175,10 +188,6 @@ spec: {{ end }} - mountPath: /tmp name: tmp-dir - resources: - requests: - cpu: 50m - memory: 128Mi nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml index 23496d3d4aca2..4862499a859c2 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io selector: k8s-app: metrics-server diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml index 5ab7ee785cc38..658d9975d5dba 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml index 32734a479b75f..2c601c238a781 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: c9046814cac007371319981f6521e43eefd7a9322d2a75247553b2bbb1dcfb9d + manifestHash: 1a15a7fb5f16c2df150971afbcf554671713453759fb0aaec2040369138d75b3 name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml index 020049e1e890f..28beea863b36d 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --tls-cert-file=/srv/tls.crt - --tls-private-key-file=/srv/tls.key - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /srv name: certs