diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 2703e05933..5432d1a6d2 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785c..658d9975d5 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 554642572b..5d5d625dd9 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785c..658d9975d5 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index daa1516551..2c3989330c 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785c..658d9975d5 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index bd6c8ac67f..9e1ed4549a 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -56,7 +56,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785c..658d9975d5 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index b5be21ae4f..3a8548616f 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785c..658d9975d5 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 05c1b7bdda..e04e206ab3 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: bc9afaa3bbf77cb6be3666cf2d048f21bed0003987ba01b75e5804703039aee9 + manifestHash: f5a15bd72ed37b6a3e36df1bddd77c6440f6b067c3b97f3d216e24d2ed014826 name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index e51278e2ba..f577aac2f1 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=InternalIP - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content index 3086d72705..e69a36afd4 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content index 5ab7ee785c..658d9975d5 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml index 23496d3d4a..4862499a85 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 2a581e64f6b6655b7108a06a668e37dcf1140c426faa66a9e76369519ba54e11 + manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f name: metrics-server.addons.k8s.io selector: k8s-app: metrics-server diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml index 5ab7ee785c..658d9975d5 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --cert-dir=/tmp - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml index 32734a479b..2c601c238a 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.11 manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: c9046814cac007371319981f6521e43eefd7a9322d2a75247553b2bbb1dcfb9d + manifestHash: 1a15a7fb5f16c2df150971afbcf554671713453759fb0aaec2040369138d75b3 name: metrics-server.addons.k8s.io needsPKI: true selector: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml index 020049e1e8..28beea863b 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/metrics-server.addons.k8s.io-k8s-1.11.yaml @@ -46,14 +46,17 @@ metadata: k8s-app: metrics-server name: system:metrics-server rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get - apiGroups: - "" resources: - pods - nodes - - nodes/metrics - - namespaces - - configmaps verbs: - get - list @@ -173,7 +176,7 @@ spec: - --kubelet-preferred-address-types=Hostname - --tls-cert-file=/srv/tls.crt - --tls-private-key-file=/srv/tls.key - image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 + image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -197,12 +200,18 @@ spec: periodSeconds: 10 resources: requests: - cpu: 50m - memory: 128Mi + cpu: 100m + memory: 200Mi securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /srv name: certs