kubernetes-retired · mumoshu · Nov 24, 2017 · Oct 10, 2017 · Nov 22, 2017 · Nov 22, 2017
diff --git a/core/controlplane/config/config.go b/core/controlplane/config/config.go
@@ -152,6 +152,7 @@ func NewDefaultCluster() *Cluster {
 			HelmImage:                          model.Image{Repo: "quay.io/kube-aws/helm", Tag: "v2.6.0", RktPullDocker: false},
 			TillerImage:                        model.Image{Repo: "gcr.io/kubernetes-helm/tiller", Tag: "v2.6.2", RktPullDocker: false},
 			HeapsterImage:                      model.Image{Repo: "gcr.io/google_containers/heapster", Tag: "v1.4.3", RktPullDocker: false},
+			MetricsServerImage:                 model.Image{Repo: "gcr.io/google_containers/metrics-server-amd64", Tag: "v0.2.0", RktPullDocker: false},
 			AddonResizerImage:                  model.Image{Repo: "gcr.io/google_containers/addon-resizer", Tag: "2.1", RktPullDocker: false},
 			KubeDashboardImage:                 model.Image{Repo: "gcr.io/google_containers/kubernetes-dashboard-amd64", Tag: "v1.7.1", RktPullDocker: false},
 			KubeDashboardInitImage:             model.Image{Repo: "gcr.io/google_containers/kubernetes-dashboard-init-amd64", Tag: "v1.0.1", RktPullDocker: false},
@@ -440,6 +441,7 @@ type DeploymentSettings struct {
 	HelmImage                          model.Image `yaml:"helmImage,omitempty"`
 	TillerImage                        model.Image `yaml:"tillerImage,omitempty"`
 	HeapsterImage                      model.Image `yaml:"heapsterImage,omitempty"`
+	MetricsServerImage                 model.Image `yaml:"metricsServerImage,omitempty"`
 	AddonResizerImage                  model.Image `yaml:"addonResizerImage,omitempty"`
 	KubeDashboardImage                 model.Image `yaml:"kubeDashboardImage,omitempty"`
 	KubeDashboardInitImage             model.Image `yaml:"kubeDashboardInitImage,omitempty"`

diff --git a/core/controlplane/config/templates/cloud-config-controller b/core/controlplane/config/templates/cloud-config-controller
@@ -809,7 +809,7 @@ write_files:
       done
 
       # Service Accounts
-      for manifest in {kube-dns,heapster,kube-proxy,kubernetes-dashboard}; do
+      for manifest in {kube-dns,heapster,kube-proxy,kubernetes-dashboard,metrics-server}; do
           kubectl apply -f "${mfdir}/$manifest-sa.yaml"
       done
 
@@ -840,13 +840,18 @@ write_files:
       kubectl apply -f "${mfdir}/kube-rescheduler-de.yaml"
       {{- end }}
 
+      # API Services
+      for manifest in {metrics-server}; do
+          kubectl apply -f "${mfdir}/$manifest-apisvc.yaml"
+      done
+
       mfdir=/srv/kubernetes/rbac
 
       # Cluster roles and bindings
-      for manifest in {node-extensions,}; do
+      for manifest in {node-extensions,metrics-server}; do
           kubectl apply -f "${mfdir}/cluster-roles/$manifest.yaml"
       done
-      for manifest in {kube-admin,system-worker,node,node-proxier,node-extensions,heapster}; do
+      for manifest in {kube-admin,system-worker,node,node-proxier,node-extensions,heapster,metrics-server}; do
           kubectl apply -f "${mfdir}/cluster-role-bindings/$manifest.yaml"
       done
 
@@ -858,7 +863,7 @@ write_files:
       for manifest in {pod-nanny,kubernetes-dashboard}; do
           kubectl apply -f "${mfdir}/roles/$manifest.yaml"
       done
-      for manifest in {heapster-nanny,kubernetes-dashboard}; do
+      for manifest in {heapster-nanny,kubernetes-dashboard,metrics-server}; do
           kubectl apply -f "${mfdir}/role-bindings/$manifest.yaml"
       done
 
@@ -1640,6 +1645,77 @@ write_files:
           name: heapster
           namespace: kube-system
 
+  # metrics-server
+  - path: /srv/kubernetes/rbac/cluster-role-bindings/metrics-server.yaml
+    content: |
+        apiVersion: rbac.authorization.k8s.io/v1beta1
+        kind: ClusterRoleBinding
+        metadata:
+          name: metrics-server:system:auth-delegator
+        roleRef:
+          apiGroup: rbac.authorization.k8s.io
+          kind: ClusterRole
+          name: system:auth-delegator
+        subjects:
+        - kind: ServiceAccount
+          name: metrics-server
+          namespace: kube-system
+        ---
+        apiVersion: rbac.authorization.k8s.io/v1
+        kind: ClusterRoleBinding
+        metadata:
+          name: system:metrics-server
+        roleRef:
+          apiGroup: rbac.authorization.k8s.io
+          kind: ClusterRole
+          name: system:metrics-server
+        subjects:
+        - kind: ServiceAccount
+          name: metrics-server
+          namespace: kube-system
+
+  - path: /srv/kubernetes/rbac/role-bindings/metrics-server.yaml
+    content: |
+        apiVersion: rbac.authorization.k8s.io/v1beta1
+        kind: RoleBinding
+        metadata:
+          name: metrics-server-auth-reader
+          namespace: kube-system
+        roleRef:
+          apiGroup: rbac.authorization.k8s.io
+          kind: Role
+          name: extension-apiserver-authentication-reader
+        subjects:
+        - kind: ServiceAccount
+          name: metrics-server
+          namespace: kube-system
+
+  - path: /srv/kubernetes/rbac/cluster-roles/metrics-server.yaml
+    content: |
+        apiVersion: rbac.authorization.k8s.io/v1
+        kind: ClusterRole
+        metadata:
+          name: system:metrics-server
+        rules:
+        - apiGroups:
+          - ""
+          resources:
+          - pods
+          - nodes
+          - namespaces
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - "extensions"
+          resources:
+          - deployments
+          verbs:
+          - get
+          - list
+          - watch
+
   # Heapster's pod_nanny monitors the heapster deployment & its pod(s), and scales
   # the resources of the deployment if necessary.
   - path: /srv/kubernetes/rbac/roles/pod-nanny.yaml
@@ -2578,6 +2654,89 @@ write_files:
                     - --container=heapster
                     - --poll-period=300000
 
+  - path: /srv/kubernetes/manifests/metrics-server-sa.yaml
+    content: |
+        apiVersion: v1
+        kind: ServiceAccount
+        metadata:
+          name: metrics-server
+          namespace: kube-system
+          labels:
+
+  - path: /srv/kubernetes/manifests/metrics-server-de.yaml
+    content: |
+        apiVersion: extensions/v1beta1
+        kind: Deployment
+        metadata:
+          name: metrics-server
+          namespace: kube-system
+          labels:
+            k8s-app: metrics-server
+          annotations:
+            scheduler.alpha.kubernetes.io/critical-pod: ''
+        spec:
+          selector:
+            matchLabels:
+              k8s-app: metrics-server
+          template:
+            metadata:
+              name: metrics-server
+              labels:
+                k8s-app: metrics-server
+            spec:
+              serviceAccountName: metrics-server
+              containers:
+              - name: metrics-server
+                image: gcr.io/google_containers/metrics-server-amd64:v0.2.0
+                imagePullPolicy: Always
+                command:
+                - /metrics-server
+                - --source=kubernetes.summary_api:''
+                - --requestheader-client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+                - --requestheader-username-headers=X-Remote-User
+                - --requestheader-group-headers=X-Remote-Group
+                - --requestheader-extra-headers-prefix=X-Remote-Extra
+                resources:
+                  limits:
+                    cpu: 80m
+                    memory: 200Mi
+                  requests:
+                    cpu: 80m
+                    memory: 200Mi
+
+  - path: /srv/kubernetes/manifests/metrics-server-apisvc.yaml
+    content: |
+        apiVersion: apiregistration.k8s.io/v1beta1
+        kind: APIService
+        metadata:
+          name: v1beta1.metrics.k8s.io
+        spec:
+          service:
+            name: metrics-server
+            namespace: kube-system
+          group: metrics.k8s.io
+          version: v1beta1
+          insecureSkipTLSVerify: true
+          groupPriorityMinimum: 100
+          versionPriority: 100
+
+  - path: /srv/kubernetes/manifests/metrics-server-svc.yaml
+    content: |
+        apiVersion: v1
+        kind: Service
+        metadata:
+          name: metrics-server
+          namespace: kube-system
+          labels:
+            kubernetes.io/name: "Metrics-server"
+        spec:
+          selector:
+            k8s-app: metrics-server
+          ports:
+          - port: 443
+            protocol: TCP
+            targetPort: 443
+
   {{if .Addons.ClusterAutoscaler.Enabled}}
   - path: /srv/kubernetes/manifests/cluster-autoscaler-de.yaml
     content: |

diff --git a/core/controlplane/config/templates/cluster.yaml b/core/controlplane/config/templates/cluster.yaml
@@ -1035,6 +1035,12 @@ worker:
 #  tag: v1.4.3
 #  rktPullDocker: false
 
+# Metrics Server image repository to use.
+#metricsServerImage:
+#  repo: gcr.io/google_containers/metrics-server-amd64
+#  tag: v0.2.0
+#  rktPullDocker: false
+
 # Addon Resizer image repository to use.
 #addonResizerImage:
 #  repo: gcr.io/google_containers/addon-resizer