mirror of
https://github.com/marcel-dempers/docker-development-youtube-series.git
synced 2025-06-06 17:01:30 +00:00
Merge pull request #248 from marcel-dempers/XE6k7WXsNMPaQg==
upgrade VPA to latest for kubernetes 1.30
This commit is contained in:
Marcel Dempers
GitHub
commit
ab284e1ef8
@ -1,153 +1,202 @@
|
|||||||
---
|
apiVersion: v1
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
kind: ServiceAccount
|
||||||
kind: ClusterRole
|
metadata:
|
||||||
metadata:
|
labels:
|
||||||
name: system:aggregated-metrics-reader
|
k8s-app: metrics-server
|
||||||
labels:
|
name: metrics-server
|
||||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
namespace: kube-system
|
||||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
---
|
||||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
rules:
|
kind: ClusterRole
|
||||||
- apiGroups: ["metrics.k8s.io"]
|
metadata:
|
||||||
resources: ["pods", "nodes"]
|
labels:
|
||||||
verbs: ["get", "list", "watch"]
|
k8s-app: metrics-server
|
||||||
---
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
kind: ClusterRoleBinding
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||||
metadata:
|
name: system:aggregated-metrics-reader
|
||||||
name: metrics-server:system:auth-delegator
|
rules:
|
||||||
roleRef:
|
- apiGroups:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
- metrics.k8s.io
|
||||||
kind: ClusterRole
|
resources:
|
||||||
name: system:auth-delegator
|
- pods
|
||||||
subjects:
|
- nodes
|
||||||
- kind: ServiceAccount
|
verbs:
|
||||||
name: metrics-server
|
- get
|
||||||
namespace: kube-system
|
- list
|
||||||
---
|
- watch
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
---
|
||||||
kind: RoleBinding
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
metadata:
|
kind: ClusterRole
|
||||||
name: metrics-server-auth-reader
|
metadata:
|
||||||
namespace: kube-system
|
labels:
|
||||||
roleRef:
|
k8s-app: metrics-server
|
||||||
apiGroup: rbac.authorization.k8s.io
|
name: system:metrics-server
|
||||||
kind: Role
|
rules:
|
||||||
name: extension-apiserver-authentication-reader
|
- apiGroups:
|
||||||
subjects:
|
- ""
|
||||||
- kind: ServiceAccount
|
resources:
|
||||||
name: metrics-server
|
- nodes/metrics
|
||||||
namespace: kube-system
|
verbs:
|
||||||
---
|
- get
|
||||||
apiVersion: apiregistration.k8s.io/v1beta1
|
- apiGroups:
|
||||||
kind: APIService
|
- ""
|
||||||
metadata:
|
resources:
|
||||||
name: v1beta1.metrics.k8s.io
|
- pods
|
||||||
spec:
|
- nodes
|
||||||
service:
|
verbs:
|
||||||
name: metrics-server
|
- get
|
||||||
namespace: kube-system
|
- list
|
||||||
group: metrics.k8s.io
|
- watch
|
||||||
version: v1beta1
|
---
|
||||||
insecureSkipTLSVerify: true
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
groupPriorityMinimum: 100
|
kind: RoleBinding
|
||||||
versionPriority: 100
|
metadata:
|
||||||
---
|
labels:
|
||||||
apiVersion: v1
|
k8s-app: metrics-server
|
||||||
kind: ServiceAccount
|
name: metrics-server-auth-reader
|
||||||
metadata:
|
namespace: kube-system
|
||||||
name: metrics-server
|
roleRef:
|
||||||
namespace: kube-system
|
apiGroup: rbac.authorization.k8s.io
|
||||||
---
|
kind: Role
|
||||||
apiVersion: apps/v1
|
name: extension-apiserver-authentication-reader
|
||||||
kind: Deployment
|
subjects:
|
||||||
metadata:
|
- kind: ServiceAccount
|
||||||
name: metrics-server
|
name: metrics-server
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
labels:
|
---
|
||||||
k8s-app: metrics-server
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
spec:
|
kind: ClusterRoleBinding
|
||||||
selector:
|
metadata:
|
||||||
matchLabels:
|
labels:
|
||||||
k8s-app: metrics-server
|
k8s-app: metrics-server
|
||||||
template:
|
name: metrics-server:system:auth-delegator
|
||||||
metadata:
|
roleRef:
|
||||||
name: metrics-server
|
apiGroup: rbac.authorization.k8s.io
|
||||||
labels:
|
kind: ClusterRole
|
||||||
k8s-app: metrics-server
|
name: system:auth-delegator
|
||||||
spec:
|
subjects:
|
||||||
serviceAccountName: metrics-server
|
- kind: ServiceAccount
|
||||||
volumes:
|
name: metrics-server
|
||||||
# mount in tmp so we can safely use from-scratch images and/or read-only containers
|
namespace: kube-system
|
||||||
- name: tmp-dir
|
---
|
||||||
emptyDir: {}
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
containers:
|
kind: ClusterRoleBinding
|
||||||
- name: metrics-server
|
metadata:
|
||||||
image: k8s.gcr.io/metrics-server/metrics-server:v0.3.7
|
labels:
|
||||||
imagePullPolicy: IfNotPresent
|
k8s-app: metrics-server
|
||||||
args:
|
name: system:metrics-server
|
||||||
- --cert-dir=/tmp
|
roleRef:
|
||||||
- --secure-port=4443
|
apiGroup: rbac.authorization.k8s.io
|
||||||
- --kubelet-insecure-tls #remove these for production: only used for kind
|
kind: ClusterRole
|
||||||
- --kubelet-preferred-address-types="InternalIP" #remove these for production: only used for kind
|
name: system:metrics-server
|
||||||
ports:
|
subjects:
|
||||||
- name: main-port
|
- kind: ServiceAccount
|
||||||
containerPort: 4443
|
name: metrics-server
|
||||||
protocol: TCP
|
namespace: kube-system
|
||||||
securityContext:
|
---
|
||||||
readOnlyRootFilesystem: true
|
apiVersion: v1
|
||||||
runAsNonRoot: true
|
kind: Service
|
||||||
runAsUser: 1000
|
metadata:
|
||||||
volumeMounts:
|
labels:
|
||||||
- name: tmp-dir
|
k8s-app: metrics-server
|
||||||
mountPath: /tmp
|
name: metrics-server
|
||||||
nodeSelector:
|
namespace: kube-system
|
||||||
kubernetes.io/os: linux
|
spec:
|
||||||
kubernetes.io/arch: "amd64"
|
ports:
|
||||||
---
|
- name: https
|
||||||
apiVersion: v1
|
port: 443
|
||||||
kind: Service
|
protocol: TCP
|
||||||
metadata:
|
targetPort: https
|
||||||
name: metrics-server
|
selector:
|
||||||
namespace: kube-system
|
k8s-app: metrics-server
|
||||||
labels:
|
---
|
||||||
kubernetes.io/name: "Metrics-server"
|
apiVersion: apps/v1
|
||||||
kubernetes.io/cluster-service: "true"
|
kind: Deployment
|
||||||
spec:
|
metadata:
|
||||||
selector:
|
labels:
|
||||||
k8s-app: metrics-server
|
k8s-app: metrics-server
|
||||||
ports:
|
name: metrics-server
|
||||||
- port: 443
|
namespace: kube-system
|
||||||
protocol: TCP
|
spec:
|
||||||
targetPort: main-port
|
selector:
|
||||||
---
|
matchLabels:
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
k8s-app: metrics-server
|
||||||
kind: ClusterRole
|
strategy:
|
||||||
metadata:
|
rollingUpdate:
|
||||||
name: system:metrics-server
|
maxUnavailable: 0
|
||||||
rules:
|
template:
|
||||||
- apiGroups:
|
metadata:
|
||||||
- ""
|
labels:
|
||||||
resources:
|
k8s-app: metrics-server
|
||||||
- pods
|
spec:
|
||||||
- nodes
|
containers:
|
||||||
- nodes/stats
|
- args:
|
||||||
- namespaces
|
- --cert-dir=/tmp
|
||||||
- configmaps
|
- --secure-port=10250
|
||||||
verbs:
|
- --kubelet-insecure-tls #remove these for production: only used for kind
|
||||||
- get
|
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
||||||
- list
|
- --kubelet-use-node-status-port
|
||||||
- watch
|
- --metric-resolution=15s
|
||||||
---
|
image: registry.k8s.io/metrics-server/metrics-server:v0.7.2
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
imagePullPolicy: IfNotPresent
|
||||||
kind: ClusterRoleBinding
|
livenessProbe:
|
||||||
metadata:
|
failureThreshold: 3
|
||||||
name: system:metrics-server
|
httpGet:
|
||||||
roleRef:
|
path: /livez
|
||||||
apiGroup: rbac.authorization.k8s.io
|
port: https
|
||||||
kind: ClusterRole
|
scheme: HTTPS
|
||||||
name: system:metrics-server
|
periodSeconds: 10
|
||||||
subjects:
|
name: metrics-server
|
||||||
- kind: ServiceAccount
|
ports:
|
||||||
name: metrics-server
|
- containerPort: 10250
|
||||||
namespace: kube-system
|
name: https
|
||||||
|
protocol: TCP
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /readyz
|
||||||
|
port: https
|
||||||
|
scheme: HTTPS
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
periodSeconds: 10
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp
|
||||||
|
name: tmp-dir
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
serviceAccountName: metrics-server
|
||||||
|
volumes:
|
||||||
|
- emptyDir: {}
|
||||||
|
name: tmp-dir
|
||||||
|
---
|
||||||
|
apiVersion: apiregistration.k8s.io/v1
|
||||||
|
kind: APIService
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: v1beta1.metrics.k8s.io
|
||||||
|
spec:
|
||||||
|
group: metrics.k8s.io
|
||||||
|
groupPriorityMinimum: 100
|
||||||
|
insecureSkipTLSVerify: true
|
||||||
|
service:
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
version: v1beta1
|
||||||
|
versionPriority: 100
|
||||||
@ -7,7 +7,7 @@
|
|||||||
Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
|
Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
|
||||||
|
|
||||||
```
|
```
|
||||||
kind create cluster --name vpa --image kindest/node:v1.19.1
|
kind create cluster --name vpa --image kindest/node:v1.30.4
|
||||||
```
|
```
|
||||||
<hr/>
|
<hr/>
|
||||||
|
|
||||||
@ -20,8 +20,8 @@ kind create cluster --name vpa --image kindest/node:v1.19.1
|
|||||||
|
|
||||||
[Metric Server](https://github.com/kubernetes-sigs/metrics-server) provides container resource metrics for use in autoscaling pipelines <br/>
|
[Metric Server](https://github.com/kubernetes-sigs/metrics-server) provides container resource metrics for use in autoscaling pipelines <br/>
|
||||||
|
|
||||||
Because I run K8s `1.19` in `kind`, the Metric Server version i need is `0.3.7` <br/>
|
Because I run K8s `1.30` in `kind`, the Metric Server version i need is `0.7.2` <br/>
|
||||||
We will need to deploy Metric Server [0.3.7](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.3.7) <br/>
|
We will need to deploy Metric Server [0.7.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.2) <br/>
|
||||||
I used `components.yaml`from the release page link above. <br/>
|
I used `components.yaml`from the release page link above. <br/>
|
||||||
|
|
||||||
<b>Important Note</b> : For Demo clusters (like `kind`), you will need to disable TLS <br/>
|
<b>Important Note</b> : For Demo clusters (like `kind`), you will need to disable TLS <br/>
|
||||||
@ -31,15 +31,13 @@ You can disable TLS by adding the following to the metrics-server container args
|
|||||||
|
|
||||||
```
|
```
|
||||||
- --kubelet-insecure-tls
|
- --kubelet-insecure-tls
|
||||||
- --kubelet-preferred-address-types="InternalIP"
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Deployment: <br/>
|
Deployment: <br/>
|
||||||
|
|
||||||
```
|
```
|
||||||
cd kubernetes\autoscaling
|
cd kubernetes\autoscaling
|
||||||
kubectl -n kube-system apply -f .\components\metric-server\metricserver-0.3.7.yaml
|
kubectl -n kube-system apply -f .\components\metric-server\components.yaml
|
||||||
|
|
||||||
#test
|
#test
|
||||||
kubectl -n kube-system get pods
|
kubectl -n kube-system get pods
|
||||||
@ -51,12 +49,12 @@ kubectl top nodes
|
|||||||
|
|
||||||
## VPA
|
## VPA
|
||||||
|
|
||||||
VPA docs [here]("https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#install-command") <br/>
|
VPA docs [here](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#install-command) <br/>
|
||||||
Let's install the VPA from a container that can access our cluster
|
Let's install the VPA from a container that can access our cluster
|
||||||
|
|
||||||
```
|
```
|
||||||
cd kubernetes/autoscaling/vertical-pod-autoscaling
|
cd kubernetes/autoscaling/vertical-pod-autoscaling
|
||||||
docker run -it --rm -v ${HOME}:/root/ -v ${PWD}:/work -w /work --net host debian:buster bash
|
docker run -it --rm -v ${HOME}:/root/ -v ${PWD}:/work -w /work --net host debian:bookworm bash
|
||||||
|
|
||||||
# install git
|
# install git
|
||||||
apt-get update && apt-get install -y git curl nano
|
apt-get update && apt-get install -y git curl nano
|
||||||
@ -71,6 +69,10 @@ cd /tmp
|
|||||||
git clone https://github.com/kubernetes/autoscaler.git
|
git clone https://github.com/kubernetes/autoscaler.git
|
||||||
cd autoscaler/vertical-pod-autoscaler/
|
cd autoscaler/vertical-pod-autoscaler/
|
||||||
|
|
||||||
|
# you may need to generate VPA certificates
|
||||||
|
bash ./pkg/admission-controller/gencerts.sh
|
||||||
|
|
||||||
|
# deploy the VPA
|
||||||
./hack/vpa-up.sh
|
./hack/vpa-up.sh
|
||||||
|
|
||||||
# after few seconds, we can see the VPA components in:
|
# after few seconds, we can see the VPA components in:
|
||||||
|
|||||||
@ -8,4 +8,4 @@ spec:
|
|||||||
kind: Deployment
|
kind: Deployment
|
||||||
name: application-cpu
|
name: application-cpu
|
||||||
updatePolicy:
|
updatePolicy:
|
||||||
updateMode: "Off"
|
updateMode: "Off" # Auto for automatic updates, Off for manual updates
|
||||||
Loading…
x
Reference in New Issue
Block a user