Move metrics-server manifests to sub-directory

This commit is contained in:
Erik Wilson 2019-11-05 14:30:50 -07:00
parent 2b760d5e1e
commit 47a94637dc
11 changed files with 151 additions and 144 deletions

View File

@ -1,135 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100
---
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: "Metrics-server"
kubernetes.io/cluster-service: "true"
spec:
selector:
k8s-app: metrics-server
ports:
- port: 443
protocol: TCP
targetPort: 443
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: rancher/metrics-server:v0.3.6
volumeMounts:
- name: tmp-dir
mountPath: /tmp

View File

@ -0,0 +1,12 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]

View File

@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system

View File

@ -0,0 +1,14 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system

View File

@ -0,0 +1,14 @@
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100

View File

@ -0,0 +1,36 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: rancher/metrics-server:v0.3.6
volumeMounts:
- name: tmp-dir
mountPath: /tmp

View File

@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: "Metrics-server"
kubernetes.io/cluster-service: "true"
spec:
selector:
k8s-app: metrics-server
ports:
- port: 443
protocol: TCP
targetPort: 443

View File

@ -0,0 +1,30 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system

View File

@ -158,10 +158,6 @@ func run(app *cli.Context, cfg *cmds.Server) error {
serverConfig.DisableServiceLB = true serverConfig.DisableServiceLB = true
continue continue
} }
if !strings.HasSuffix(noDeploy, ".yaml") {
noDeploy = noDeploy + ".yaml"
}
serverConfig.ControlConfig.Skips = append(serverConfig.ControlConfig.Skips, noDeploy) serverConfig.ControlConfig.Skips = append(serverConfig.ControlConfig.Skips, noDeploy)
} }

View File

@ -37,6 +37,7 @@ func main() {
Input: []bindata.InputConfig{ Input: []bindata.InputConfig{
{ {
Path: "manifests", Path: "manifests",
Recursive: true,
}, },
}, },
Package: "deploy", Package: "deploy",

View File

@ -5,23 +5,32 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"path/filepath" "path/filepath"
"strings"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
func Stage(dataDir string, templateVars map[string]string, skipList []string) error { func Stage(dataDir string, templateVars map[string]string, skipList []string) error {
os.MkdirAll(dataDir, 0700)
skips := map[string]bool{} skips := map[string]bool{}
for _, skip := range skipList { for _, skip := range skipList {
skips[skip] = true skips[skip] = true
} }
staging:
for _, name := range AssetNames() { for _, name := range AssetNames() {
if skips[name] { nameNoExtension := strings.TrimSuffix(name, filepath.Ext(name))
continue if skips[name] || skips[nameNoExtension] {
continue staging
} }
namePath := strings.Split(name, string(os.PathSeparator))
for i := 1; i < len(namePath); i++ {
subPath := filepath.Join(namePath[0:i]...)
if skips[subPath] {
continue staging
}
}
content, err := Asset(name) content, err := Asset(name)
if err != nil { if err != nil {
return err return err
@ -30,6 +39,7 @@ func Stage(dataDir string, templateVars map[string]string, skipList []string) er
content = bytes.Replace(content, []byte(k), []byte(v), -1) content = bytes.Replace(content, []byte(k), []byte(v), -1)
} }
p := filepath.Join(dataDir, name) p := filepath.Join(dataDir, name)
os.MkdirAll(filepath.Dir(p), 0700)
logrus.Info("Writing manifest: ", p) logrus.Info("Writing manifest: ", p)
if err := ioutil.WriteFile(p, content, 0600); err != nil { if err := ioutil.WriteFile(p, content, 0600); err != nil {
return errors.Wrapf(err, "failed to write to %s", name) return errors.Wrapf(err, "failed to write to %s", name)