diff --git a/charts/metrics-server/Chart.yaml b/charts/metrics-server/Chart.yaml index 6c6c27ebd..4bc26661d 100644 --- a/charts/metrics-server/Chart.yaml +++ b/charts/metrics-server/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: metrics-server description: Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. type: application -version: 3.7.0 -appVersion: 0.5.2 +version: 3.8.0 +appVersion: 0.6.0 keywords: - kubernetes - metrics-server @@ -21,5 +21,9 @@ maintainers: url: https://github.com/endrec annotations: artifacthub.io/changes: | + - kind: added + description: "Add support for unauthenticated access to /metrics." + - kind: added + description: "Add PrometheusOperator ServiceMonitor." - kind: changed - description: "Update Metrics Server image to v0.5.2." + description: "Update Metrics Server image to v0.6.0." diff --git a/charts/metrics-server/README.md b/charts/metrics-server/README.md index 518170691..7955e2e7a 100644 --- a/charts/metrics-server/README.md +++ b/charts/metrics-server/README.md @@ -56,6 +56,11 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `service.port` | Service port. | `443` | | `service.annotations` | Annotations to add to the service. | `{}` | | `service.labels` | Labels to add to the service. | `{}` | +| `metrics.enabled` | If `true`, allow unauthenticated access to `/metrics`. | `false` | +| `serviceMonitor.enabled` | If `true`, create a _Prometheus_ service monitor. This needs `metrics.enabled` to be `true`. | `false` | +| `serviceMonitor.additionalLabels` | Additional labels to be set on the ServiceMonitor. | `{}` | +| `serviceMonitor.interval` | _Prometheus_ scrape frequency. | `1m` | +| `serviceMonitor.scrapeTimeout` | _Prometheus_ scrape timeout. | `10s` | | `resources` | Resource requests and limits for the _metrics-server_ container. | `{}` | | `extraVolumeMounts` | Additional volume mounts for the _metrics-server_ container. | `[]` | | `extraVolumes` | Additional volumes for the pod. | `[]` | diff --git a/charts/metrics-server/templates/clusterrole.yaml b/charts/metrics-server/templates/clusterrole.yaml index 0636414f4..5d25c1e81 100644 --- a/charts/metrics-server/templates/clusterrole.yaml +++ b/charts/metrics-server/templates/clusterrole.yaml @@ -6,12 +6,17 @@ metadata: labels: {{- include "metrics-server.labels" . | nindent 4 }} rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/stats - namespaces - configmaps verbs: diff --git a/charts/metrics-server/templates/deployment.yaml b/charts/metrics-server/templates/deployment.yaml index c8ca76b44..4804ee772 100644 --- a/charts/metrics-server/templates/deployment.yaml +++ b/charts/metrics-server/templates/deployment.yaml @@ -50,12 +50,15 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} args: - {{ printf "--secure-port=%d" (int .Values.containerPort) }} - {{- range .Values.defaultArgs }} + {{- range .Values.defaultArgs }} - {{ . }} - {{- end }} - {{- range .Values.args }} + {{- end }} + {{- if .Values.metrics.enabled }} + - --authorization-always-allow-paths=/metrics + {{- end }} + {{- range .Values.args }} - {{ . }} - {{- end }} + {{- end }} ports: - name: https protocol: TCP diff --git a/charts/metrics-server/templates/servicemonitor.yaml b/charts/metrics-server/templates/servicemonitor.yaml new file mode 100644 index 000000000..52e6491c9 --- /dev/null +++ b/charts/metrics-server/templates/servicemonitor.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.serviceMonitor.enabled .Values.metrics.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "metrics-server.fullname" . }} + labels: + {{- include "metrics-server.labels" . | nindent 4 }} + {{- with .Values.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "metrics-server.selectorLabels" . | nindent 6 }} + endpoints: + - port: https + path: /metrics + scheme: https + tlsConfig: + insecureSkipVerify: true + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} +{{- end -}} diff --git a/charts/metrics-server/values.yaml b/charts/metrics-server/values.yaml index 0504399d8..6a97505e7 100644 --- a/charts/metrics-server/values.yaml +++ b/charts/metrics-server/values.yaml @@ -42,10 +42,10 @@ podAnnotations: {} podSecurityContext: {} securityContext: + allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 - allowPrivilegeEscalation: false priorityClassName: system-cluster-critical @@ -108,6 +108,15 @@ service: # kubernetes.io/cluster-service: "true" # kubernetes.io/name: "Metrics-server" +metrics: + enabled: false + +serviceMonitor: + enabled: false + additionalLabels: {} + interval: 1m + scrapeTimeout: 10s + resources: {} extraVolumeMounts: []