diff --git a/charts/qovery/Chart.yaml b/charts/qovery/Chart.yaml index c00886a..d8cd5a6 100644 --- a/charts/qovery/Chart.yaml +++ b/charts/qovery/Chart.yaml @@ -52,7 +52,7 @@ dependencies: repository: file://charts/qovery-cert-manager-webhook - name: metrics-server condition: services.observability.metrics-server.enabled - version: 3.11.0 + version: 3.12.1 repository: file://charts/metrics-server - name: qovery-cluster-agent condition: services.qovery.qovery-cluster-agent.enabled diff --git a/charts/qovery/charts/metrics-server/CHANGELOG.md b/charts/qovery/charts/metrics-server/CHANGELOG.md new file mode 100644 index 0000000..735a0e3 --- /dev/null +++ b/charts/qovery/charts/metrics-server/CHANGELOG.md @@ -0,0 +1,149 @@ +# Metrics Server Helm Chart Changelog + +> [!NOTE] +> All notable changes to this project will be documented in this file; the format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + + + +## [UNRELEASED] + +## [3.12.1] - TBC + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.7.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.1). ([#1461](https://github.com/kubernetes-sigs/metrics-server/pull/1461)) _@stevehipwell_ + +## [3.12.0] - 2024-02-07 + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.7.0](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0). ([#1414](https://github.com/kubernetes-sigs/metrics-server/pull/1414)) [@stevehipwell](https://github.com/stevehipwell) +- Updated the _addon-resizer_ OCI image to [v1.8.20](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.20). ([#1414](https://github.com/kubernetes-sigs/metrics-server/pull/1414)) [@stevehipwell](https://github.com/stevehipwell) + +## [3.11.0] - 2023-08-03 + +### Added + +- Added default _Metrics Server_ resource requests. + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.6.4](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.4). +- Updated the _addon-resizer_ OCI image to [v1.8.19](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.19). + +## [3.10.0] - 2023-04-12 + +### Added + +- Added support for running under PodSecurity restricted. + +### Fixed + +- Fixed `auth-reader` role binding namespace to always use `kube-system`. +- Fixed addon-resizer configuration. +- Fixed container port default not having been updated to `10250`. + +## [3.9.0] - 2023-03-28 + +### Added + +- Added autoscaling support via the addon-resizer. + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.6.3](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3). + +### Fixed + +- Fixed service labels/annotations. + +## [3.8.4] - 2023-03-06 + +### Changed + +- Changed the image registry location to `registry.k8s.io`. + +## [3.8.3] - 2022-12-08 + +### Added + +- Added support for topologySpreadConstraints. +- Always set resource namespaces explicitly. +- Allow configuring TLS on the APIService. +- Enabled service monitor relabelling. +- Added ability to set the scheduler name. +- Added support for common labels. + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.6.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2). + +## [3.8.2] - 2022-02-23 + +### Changed + +- Changed chart to allow probes to be turned off completely (this is not advised unless you know what you're doing). + +## [3.8.1] - 2022-02-09 + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.6.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.1). + +## [3.8.0] - 2022-02-08 + +### Added + +- Added support for unauthenticated access to the /metrics endpoint. +- Added optional _Prometheus Operator_ `ServiceMonitor`. + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.6.0](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.0). + +## [3.7.0] - 2021-11-18 + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.5.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.2). + +## [3.6.0] - 2021-10-18 + +### Added + +- Added new `defaultArgs`` value to enable overriding the default arguments. + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.5.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.5.1). + +## [3.5.0] - 2021-10-07 + +### Added + +- Added initial Helm chart release from official repo. + + +[UNRELEASED]: https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server +[3.12.1]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.12.1 +[3.12.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.12.0 +[3.11.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.11.0 +[3.10.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.10.0 +[3.9.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.9.0 +[3.8.4]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.8.4 +[3.8.3]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.8.3 +[3.8.2]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.8.2 +[3.8.1]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.8.1 +[3.8.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.8.0 +[3.7.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.7.0 +[3.6.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.6.0 +[3.5.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.5.0 diff --git a/charts/qovery/charts/metrics-server/Chart.yaml b/charts/qovery/charts/metrics-server/Chart.yaml index 7c0f77a..cc782e5 100644 --- a/charts/qovery/charts/metrics-server/Chart.yaml +++ b/charts/qovery/charts/metrics-server/Chart.yaml @@ -1,15 +1,9 @@ annotations: artifacthub.io/changes: | - - kind: added - description: "Added default Metrics Server resource requests." - kind: changed - description: "Updated the Metrics Server OCI image to v0.6.3." - - kind: changed - description: "Updated the addon resizer OCI image to v1.8.19." - - kind: changed - description: "Changed the default addon resizer nanny resource configuration to match the documented Metrics Server autoscaling values." + description: "Updated the _Metrics Server_ OCI image to [v0.7.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.1)." apiVersion: v2 -appVersion: 0.6.4 +appVersion: 0.7.1 description: Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. home: https://github.com/kubernetes-sigs/metrics-server @@ -29,4 +23,4 @@ name: metrics-server sources: - https://github.com/kubernetes-sigs/metrics-server type: application -version: 3.11.0 +version: 3.12.1 diff --git a/charts/qovery/charts/metrics-server/README.md b/charts/qovery/charts/metrics-server/README.md index 50956b9..0cbffc4 100644 --- a/charts/qovery/charts/metrics-server/README.md +++ b/charts/qovery/charts/metrics-server/README.md @@ -2,8 +2,6 @@ [Metrics Server](https://github.com/kubernetes-sigs/metrics-server/) is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. - - ## Installing the Chart Before you can install the chart you will need to add the `metrics-server` repo to [Helm](https://helm.sh/). @@ -33,12 +31,12 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `serviceAccount.create` | If `true`, create a new service account. | `true` | | `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | | `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | `nil` | -| `serviceAccount.secrets` | The list of secrets mountable by this service account. See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets | `[]` | +| `serviceAccount.secrets` | The list of secrets mountable by this service account. See | `[]` | | `rbac.create` | If `true`, create the RBAC resources. | `true` | | `rbac.pspEnabled` | If `true`, create a pod security policy resource. | `false` | | `apiService.create` | If `true`, create the `v1beta1.metrics.k8s.io` API service. You typically want this enabled! If you disable API service creation you have to manage it outside of this chart for e.g horizontal pod autoscaling to work with this release. | `true` | | `apiService.annotations` | Annotations to add to the API service | `{}` | -| `apiService.insecureSkipTLSVerify` | Specifies whether to skip TLS verification | `true` | +| `apiService.insecureSkipTLSVerify` | Specifies whether to skip TLS verification (NOTE: this setting is not a proxy for the `--kubelet-insecure-tls` metrics-server flag) | `true` | | `apiService.caBundle` | The PEM encoded CA bundle for TLS verification | `""` | | `commonLabels` | Labels to add to each object of the chart. | `{}` | | `podLabels` | Labels to add to the pod. | `{}` | @@ -49,10 +47,11 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `containerPort` | port for the _metrics-server_ container. | `10250` | | `hostNetwork.enabled` | If `true`, start _metric-server_ in hostNetwork mode. You would require this enabled if you use alternate overlay networking for pods and API server unable to communicate with metrics-server. As an example, this is required if you use Weave network on EKS. | `false` | | `replicas` | Number of replicas to run. | `1` | +| `revisionHistoryLimit` | Number of revisions to keep. | `nil` | | `updateStrategy` | Customise the default update strategy. | `{}` | | `podDisruptionBudget.enabled` | If `true`, create `PodDisruptionBudget` resource. | `{}` | -| `podDisruptionBudget.minAvailable` | Set the `PodDisruptionBugdet` minimum available pods. | `nil` | -| `podDisruptionBudget.maxUnavailable` | Set the `PodDisruptionBugdet` maximum unavailable pods. | `nil` | +| `podDisruptionBudget.minAvailable` | Set the `PodDisruptionBudget` minimum available pods. | `nil` | +| `podDisruptionBudget.maxUnavailable` | Set the `PodDisruptionBudget` maximum unavailable pods. | `nil` | | `defaultArgs` | Default arguments to pass to the _metrics-server_ command. | See _values.yaml_ | | `args` | Additional arguments to pass to the _metrics-server_ command. | `[]` | | `livenessProbe` | Liveness probe. | See _values.yaml_ | @@ -62,6 +61,7 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `service.annotations` | Annotations to add to the service. | `{}` | | `service.labels` | Labels to add to the service. | `{}` | | `addonResizer.enabled` | If `true`, run the addon-resizer as a sidecar to automatically scale resource requests with cluster size. | `false` | +| `addonResizer.securityContext` | Security context for the _metrics_server_container. | _See values.yaml | | `addonResizer.image.repository` | addon-resizer image repository | `registry.k8s.io/autoscaling/addon-resizer` | | `addonResizer.image.tag` | addon-resizer image tag | `1.8.19` | | `addonResizer.resources` | Resource requests and limits for the _nanny_ container. | `{ requests: { cpu: 40m, memory: 25Mi }, limits: { cpu: 40m, memory: 25Mi } }` | @@ -79,7 +79,7 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `serviceMonitor.relabelings` | _Prometheus_ relabeling. | `[]` | | `serviceMonitor.interval` | _Prometheus_ scrape frequency. | `1m` | | `serviceMonitor.scrapeTimeout` | _Prometheus_ scrape timeout. | `10s` | -| `resources` | Resource requests and limits for the _metrics-server_ container. See https://github.com/kubernetes-sigs/metrics-server#scaling | `{ requests: { cpu: 100m, memory: 200Mi }}` | +| `resources` | Resource requests and limits for the _metrics-server_ container. See | `{ requests: { cpu: 100m, memory: 200Mi }}` | | `extraVolumeMounts` | Additional volume mounts for the _metrics-server_ container. | `[]` | | `extraVolumes` | Additional volumes for the pod. | `[]` | | `nodeSelector` | Node labels for pod assignment. | `{}` | @@ -88,3 +88,5 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `topologySpreadConstraints` | Pod Topology Spread Constraints. | `[]` | | `deploymentAnnotations` | Annotations to add to the deployment. | `{}` | | `schedulerName` | scheduler to set to the deployment. | `""` | +| `dnsConfig` | Set the dns configuration options for the deployment. | `{}` | +| `tmpVolume` | Volume to be mounted in Pods for temporary files. | `{"emptyDir":{}}` | diff --git a/charts/qovery/charts/metrics-server/RELEASE.md b/charts/qovery/charts/metrics-server/RELEASE.md new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/charts/qovery/charts/metrics-server/RELEASE.md @@ -0,0 +1 @@ + diff --git a/charts/qovery/charts/metrics-server/templates/deployment.yaml b/charts/qovery/charts/metrics-server/templates/deployment.yaml index 1d656fc..48cda7f 100644 --- a/charts/qovery/charts/metrics-server/templates/deployment.yaml +++ b/charts/qovery/charts/metrics-server/templates/deployment.yaml @@ -11,6 +11,9 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicas }} + {{- if or (kindIs "float64" .Values.revisionHistoryLimit) (kindIs "int64" .Values.revisionHistoryLimit) }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit | int64 }} + {{- end }} {{- with .Values.updateStrategy }} strategy: {{- toYaml . | nindent 4 }} @@ -46,6 +49,10 @@ spec: {{- if .Values.hostNetwork.enabled }} hostNetwork: true {{- end }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: metrics-server {{- with .Values.securityContext }} @@ -89,6 +96,10 @@ spec: {{- end }} {{- if .Values.addonResizer.enabled }} - name: metrics-server-nanny + {{- with .Values.addonResizer.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} image: {{ include "metrics-server.addonResizer.image" . }} env: - name: MY_POD_NAME @@ -119,7 +130,7 @@ spec: {{- end }} volumes: - name: tmp - emptyDir: {} + {{- toYaml .Values.tmpVolume | nindent 10 }} {{- if .Values.addonResizer.enabled }} - name: nanny-config-volume configMap: diff --git a/charts/qovery/charts/metrics-server/values.yaml b/charts/qovery/charts/metrics-server/values.yaml index fba10aa..4f6b921 100644 --- a/charts/qovery/charts/metrics-server/values.yaml +++ b/charts/qovery/charts/metrics-server/values.yaml @@ -76,6 +76,8 @@ hostNetwork: replicas: 1 +revisionHistoryLimit: + updateStrategy: {} # type: RollingUpdate # rollingUpdate: @@ -127,7 +129,17 @@ addonResizer: enabled: false image: repository: registry.k8s.io/autoscaling/addon-resizer - tag: 1.8.19 + tag: 1.8.20 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL resources: requests: cpu: 40m @@ -176,7 +188,12 @@ affinity: {} topologySpreadConstraints: [] +dnsConfig: {} + # Annotations to add to the deployment deploymentAnnotations: {} schedulerName: "" + +tmpVolume: + emptyDir: {}