metrics-server
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
##
18
global:
19
imageRegistry: ""
20
## E.g.
21
## imagePullSecrets:
22
## - myRegistryKeySecretName
23
##
24
imagePullSecrets: []
25
## Security parameters
26
##
27
security:
28
## @param global.security.allowInsecureImages Allows skipping image verification
29
allowInsecureImages: false
30
## Compatibility adaptations for Kubernetes platforms
31
##
32
compatibility:
33
## Compatibility adaptations for Openshift
34
##
35
openshift:
36
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
37
##
38
adaptSecurityContext: auto
39
org: ""
40
## @section Common parameters
41
42
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
43
##
44
kubeVersion: ""
45
## @param apiVersions Override Kubernetes API versions reported by .Capabilities
46
##
47
apiVersions: []
48
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
49
##
50
nameOverride: ""
51
## @param fullnameOverride String to fully override common.names.fullname template
52
##
53
fullnameOverride: ""
54
## @param namespaceOverride String to fully override common.names.namespace
55
##
56
namespaceOverride: ""
57
## @param commonLabels Add labels to all the deployed resources
58
##
59
commonLabels: {}
60
## @param commonAnnotations Add annotations to all the deployed resources
61
##
62
commonAnnotations: {}
63
## @param extraDeploy Array of extra objects to deploy with the release
64
##
65
extraDeploy: []
66
## Enable diagnostic mode in the deployment(s)/statefulset(s)
67
##
68
diagnosticMode:
69
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
70
##
71
enabled: false
72
## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s)
73
##
74
command:
75
- sleep
76
## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s)
77
##
78
args:
79
- infinity
80
## @section Metrics Server parameters
81
82
## Iamguarded Metrics Server image version
83
## @param image.registry [default: REGISTRY_NAME] Metrics Server image registry
84
## @param image.repository [default: REPOSITORY_NAME/metrics-server] Metrics Server image repository
85
## @skip image.tag Metrics Server image tag (immutable tags are recommended)
86
## @param image.digest Metrics Server image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
87
## @param image.pullPolicy Metrics Server image pull policy
88
## @param image.pullSecrets Metrics Server image pull secrets
89
##
90
image:
91
registry: cgr.dev
92
repository: chainguard-private/metrics-server-iamguarded
93
tag: 0.8.1
94
digest: ""
95
## Specify a imagePullPolicy
96
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
97
##
98
pullPolicy: IfNotPresent
99
## Optionally specify an array of imagePullSecrets.
100
## Secrets must be manually created in the namespace.
101
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
102
## e.g:
103
## pullSecrets:
104
## - myRegistryKeySecretName
105
##
106
pullSecrets: []
107
## @param automountServiceAccountToken Mount Service Account token in pod
108
##
109
automountServiceAccountToken: true
110
## @param hostAliases Add deployment host aliases
111
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
112
##
113
hostAliases: []
114
## @param replicas Number of metrics-server nodes to deploy
115
##
116
replicas: 1
117
## @param updateStrategy.type Set up update strategy for metrics-server installation.
118
## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first.
119
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
120
## Example:
121
## updateStrategy:
122
## type: RollingUpdate
123
## rollingUpdate:
124
## maxSurge: 25%
125
## maxUnavailable: 25%
126
##
127
updateStrategy:
128
type: RollingUpdate
129
## Role Based Access
130
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
131
##
132
rbac:
133
## @param rbac.create Enable RBAC authentication
134
##
135
create: true
136
## Pods Service Account
137
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
138
##
139
serviceAccount:
140
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
141
##
142
create: true
143
## @param serviceAccount.name The name of the ServiceAccount to create
144
## If not set and create is true, a name is generated using the common.names.fullname template
145
name: ""
146
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account
147
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
148
##
149
automountServiceAccountToken: false
150
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
151
##
152
annotations: {}
153
## API service parameters
154
##
155
apiService:
156
## @param apiService.create Specifies whether the v1beta1.metrics.k8s.io API service should be created. You can check if it is needed with `kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"`.
157
## This is still necessary up to at least k8s version >= 1.21, but depends on vendors and cloud providers.
158
##
159
create: false
160
## @param apiService.insecureSkipTLSVerify Specifies whether to skip self-verifying self-signed TLS certificates. Set to "false" if you are providing your own certificates.
161
## Note that "false" MUST be in quotation marks (cf. https://github.com/helm/helm/issues/3308), since false without quotation marks will render to true
162
insecureSkipTLSVerify: true
163
## @param apiService.caBundle A base64-encoded string of concatenated certificates for the CA chain for the APIService.
164
caBundle: ""
165
## @param containerPorts.https Port where metrics-server will be running
166
##
167
containerPorts:
168
https: 8443
169
## @param hostNetwork Enable hostNetwork mode
170
## You would require this enabled if you use alternate overlay networking for pods and
171
## API server unable to communicate with metrics-server. As an example, this is required
172
## if you use Weave network on EKS
173
##
174
hostNetwork: false
175
## @param dnsPolicy Default dnsPolicy setting
176
## If you enable hostNetwork then you may need to set your dnsPolicy to something other
177
## than "ClusterFirst" depending on your requirements.
178
dnsPolicy: "ClusterFirst"
179
## @param command Override default container command (useful when using custom images)
180
##
181
command: []
182
## @param args Override default container args (useful when using custom images)
183
##
184
args: []
185
## @param lifecycleHooks for the metrics-server container(s) to automate configuration before or after startup
186
##
187
lifecycleHooks: {}
188
## @param extraEnvVars Array with extra environment variables to add to metrics-server nodes
189
## e.g:
190
## extraEnvVars:
191
## - name: FOO
192
## value: "bar"
193
##
194
extraEnvVars: []
195
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for metrics-server nodes
196
##
197
extraEnvVarsCM: ""
198
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for metrics-server nodes
199
##
200
extraEnvVarsSecret: ""
201
## @param extraArgs Extra arguments to pass to metrics-server on start up
202
## ref: https://github.com/kubernetes-incubator/metrics-server#flags
203
##
204
## extraArgs:
205
## - --kubelet-insecure-tls=true
206
## - --kubelet-preferred-address-types=InternalIP
207
##
208
extraArgs: []
209
## @param sidecars Add additional sidecar containers to the metrics-server pod(s)
210
## e.g:
211
## sidecars:
212
## - name: your-image-name
213
## image: your-image
214
## imagePullPolicy: Always
215
## ports:
216
## - name: portname
217
## containerPort: 1234
218
##
219
sidecars: []
220
## @param initContainers Add additional init containers to the metrics-server pod(s)
221
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
222
## e.g:
223
## initContainers:
224
## - name: your-image-name
225
## image: your-image
226
## imagePullPolicy: Always
227
## command: ['sh', '-c', 'echo "hello world"']
228
##
229
initContainers: []
230
## @param podLabels Pod labels
231
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
232
##
233
podLabels: {}
234
## @param podAnnotations Pod annotations
235
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
236
##
237
podAnnotations: {}
238
## @param priorityClassName Priority class for pod scheduling
239
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
240
priorityClassName: ""
241
## @param schedulerName Name of the k8s scheduler (other than default)
242
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
243
##
244
schedulerName: ""
245
## @param terminationGracePeriodSeconds In seconds, time the given to the metrics-server pod needs to terminate gracefully
246
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
247
##
248
terminationGracePeriodSeconds: ""
249
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
250
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
251
##
252
podAffinityPreset: ""
253
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
254
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
255
##
256
podAntiAffinityPreset: soft
257
## Pod disruption budget
258
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
259
## @param pdb.create Create a PodDisruptionBudget
260
## @param pdb.minAvailable Minimum available instances
261
## @param pdb.maxUnavailable Maximum unavailable instances
262
##
263
pdb:
264
create: true
265
minAvailable: ""
266
maxUnavailable: ""
267
## Node affinity preset
268
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
269
##
270
nodeAffinityPreset:
271
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
272
##
273
type: ""
274
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
275
## E.g.
276
## key: "kubernetes.io/e2e-az-name"
277
##
278
key: ""
279
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
280
## E.g.
281
## values:
282
## - e2e-az1
283
## - e2e-az2
284
##
285
values: []
286
## @param affinity Affinity for pod assignment
287
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
288
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
289
##
290
affinity: {}
291
## @param topologySpreadConstraints Topology spread constraints for pod
292
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints
293
##
294
topologySpreadConstraints: []
295
## @param nodeSelector Node labels for pod assignment
296
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
297
##
298
nodeSelector: {}
299
## @param tolerations Tolerations for pod assignment
300
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
301
##
302
tolerations: []
303
## Metrics Server K8s svc properties
304
##
305
service:
306
## @param service.type Kubernetes Service type
307
##
308
type: ClusterIP
309
## @param service.ports.https Kubernetes Service port
310
##
311
ports:
312
https: 443
313
## @param service.nodePorts.https Kubernetes Service port
314
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
315
## e.g:
316
## nodePort: 30001
317
##
318
nodePorts:
319
https: ""
320
## @param service.clusterIP metrics-server service Cluster IP
321
## e.g.:
322
## clusterIP: None
323
##
324
clusterIP: ""
325
## @param service.loadBalancerIP LoadBalancer IP if Service type is `LoadBalancer`
326
## Set the LoadBalancer service type to internal only.
327
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
328
##
329
loadBalancerIP: ""
330
## @param service.loadBalancerSourceRanges metrics-server service Load Balancer sources
331
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
332
## e.g:
333
## loadBalancerSourceRanges:
334
## - 10.10.10.0/24
335
##
336
loadBalancerSourceRanges: []
337
## @param service.externalTrafficPolicy metrics-server service external traffic policy
338
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
339
##
340
externalTrafficPolicy: Cluster
341
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
342
##
343
extraPorts: []
344
## @param service.annotations Annotations for the Service
345
## set the LoadBalancer service type to internal only.
346
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
347
##
348
annotations: {}
349
## @param service.labels Labels for the Service
350
## have metrics-server show up in `kubectl cluster-info`
351
## kubernetes.io/cluster-service: "true"
352
## kubernetes.io/name: "Metrics-server"
353
##
354
labels: {}
355
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
356
## If "ClientIP", consecutive client requests will be directed to the same Pod
357
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
358
##
359
sessionAffinity: None
360
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
361
## sessionAffinityConfig:
362
## clientIP:
363
## timeoutSeconds: 300
364
##
365
sessionAffinityConfig: {}
366
## Network Policy configuration
367
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
368
##
369
networkPolicy:
370
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
371
##
372
enabled: true
373
## @param networkPolicy.allowExternal The Policy model to apply
374
## When set to false, only pods with the correct client label will have network access to the ports Metrics Server is
375
## listening on. When true, Metrics Server will accept connections from any source (with the correct destination port).
376
##
377
allowExternal: true
378
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
379
##
380
allowExternalEgress: true
381
## @param networkPolicy.kubernetesPorts [array] List of possible endpoints to kubernetes components like kube-apiserver or kubelet (limit to your cluster settings to increase security)
382
##
383
kubernetesPorts: [443, 6443, 8443, 10250]
384
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
385
## e.g:
386
## extraIngress:
387
## - ports:
388
## - port: 1234
389
## from:
390
## - podSelector:
391
## - matchLabels:
392
## - role: frontend
393
## - podSelector:
394
## - matchExpressions:
395
## - key: role
396
## operator: In
397
## values:
398
## - frontend
399
##
400
extraIngress: []
401
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
402
## e.g:
403
## extraEgress:
404
## - ports:
405
## - port: 1234
406
## to:
407
## - podSelector:
408
## - matchLabels:
409
## - role: frontend
410
## - podSelector:
411
## - matchExpressions:
412
## - key: role
413
## operator: In
414
## values:
415
## - frontend
416
##
417
extraEgress: []
418
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
419
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
420
##
421
ingressNSMatchLabels: {}
422
ingressNSPodMatchLabels: {}
423
## Metric Server containers' resource requests and limits
424
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
425
## We usually recommend not to specify default resources and to leave this as a conscious
426
## choice for the user. This also increases chances charts run on environments with little
427
## resources, such as Minikube. If you do want to specify resources, uncomment the following
428
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
429
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
430
##
431
resourcesPreset: "nano"
432
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
433
## Example:
434
## resources:
435
## requests:
436
## cpu: 2
437
## memory: 512Mi
438
## limits:
439
## cpu: 3
440
## memory: 1024Mi
441
##
442
resources: {}
443
## Configure extra options for metrics-server containers' liveness, readiness and startup probes
444
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
445
## @param startupProbe.enabled Enable startupProbe
446
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
447
## @param startupProbe.periodSeconds Period seconds for startupProbe
448
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
449
## @param startupProbe.failureThreshold Failure threshold for startupProbe
450
## @param startupProbe.successThreshold Success threshold for startupProbe
451
startupProbe:
452
enabled: false
453
initialDelaySeconds: 0
454
periodSeconds: 10
455
timeoutSeconds: 1
456
failureThreshold: 3
457
successThreshold: 1
458
## @param livenessProbe.enabled Enable livenessProbe
459
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
460
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
461
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
462
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
463
## @param livenessProbe.successThreshold Success threshold for livenessProbe
464
##
465
livenessProbe:
466
enabled: true
467
initialDelaySeconds: 0
468
periodSeconds: 10
469
timeoutSeconds: 1
470
failureThreshold: 3
471
successThreshold: 1
472
## @param readinessProbe.enabled Enable readinessProbe
473
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
474
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
475
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
476
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
477
## @param readinessProbe.successThreshold Success threshold for readinessProbe
478
##
479
readinessProbe:
480
enabled: true
481
initialDelaySeconds: 0
482
periodSeconds: 10
483
timeoutSeconds: 1
484
failureThreshold: 3
485
successThreshold: 1
486
## @param customStartupProbe Custom liveness probe for the Web component
487
##
488
customStartupProbe: {}
489
## @param customLivenessProbe Custom Liveness probes for metrics-server
490
##
491
customLivenessProbe: {}
492
## @param customReadinessProbe Custom Readiness probes metrics-server
493
##
494
customReadinessProbe: {}
495
## Container security context
496
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
497
## @param containerSecurityContext.enabled Enabled containers' Security Context
498
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
499
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
500
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
501
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
502
## @param containerSecurityContext.privileged Set container's Security Context privileged
503
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
504
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
505
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
506
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
507
##
508
containerSecurityContext:
509
enabled: true
510
seLinuxOptions: {}
511
runAsUser: 1001
512
runAsGroup: 1001
513
runAsNonRoot: true
514
privileged: false
515
readOnlyRootFilesystem: true
516
allowPrivilegeEscalation: false
517
capabilities:
518
drop: ["ALL"]
519
seccompProfile:
520
type: "RuntimeDefault"
521
## Pod security context
522
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
523
## @param podSecurityContext.enabled Pod security context
524
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
525
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
526
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
527
## @param podSecurityContext.fsGroup Set %%MAIN_CONTAINER_NAME%% pod's Security Context fsGroup
528
##
529
podSecurityContext:
530
enabled: true
531
fsGroupChangePolicy: Always
532
sysctls: []
533
supplementalGroups: []
534
fsGroup: 1001
535
## Extra volumes to mount
536
## @param extraVolumes Extra volumes
537
## @param extraVolumeMounts Mount extra volume(s)
538
## Example Use Case: mount an `emptyDir` to allow running with a `readOnlyRootFilesystem: true`
539
## extraVolumes:
540
## - name: tmpdir
541
## emptyDir: {}
542
##
543
extraVolumes: []
544
## extraVolumeMounts:
545
## - name: tmpdir
546
## mountPath: /tmp
547
##
548
extraVolumeMounts: []
549