porkadot 0.1.0 → 0.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/lib/porkadot/assets.rb +24 -0
  3. data/lib/porkadot/assets/bootstrap.rb +2 -2
  4. data/lib/porkadot/assets/etcd.rb +4 -1
  5. data/lib/porkadot/assets/etcd/etcd-server.yaml.erb +2 -0
  6. data/lib/porkadot/assets/kubelet.rb +3 -0
  7. data/lib/porkadot/assets/kubelet/config.yaml.erb +2 -0
  8. data/lib/porkadot/assets/kubelet/install-deps.sh.erb +21 -3
  9. data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb +9 -1
  10. data/lib/porkadot/assets/kubernetes.rb +9 -0
  11. data/lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb +202 -0
  12. data/lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb +110 -0
  13. data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb +10 -10
  14. data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb +37 -0
  15. data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb +0 -36
  16. data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.secrets.yaml.erb +16 -0
  17. data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.yaml.erb +0 -15
  18. data/lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb +1 -1
  19. data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb +11 -2
  20. data/lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb +13 -0
  21. data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb +116 -26
  22. data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb +1 -1
  23. data/lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb +23 -1
  24. data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb +327 -0
  25. data/lib/porkadot/config.rb +8 -0
  26. data/lib/porkadot/configs/bootstrap.rb +13 -1
  27. data/lib/porkadot/configs/certs.rb +1 -1
  28. data/lib/porkadot/configs/certs/k8s.rb +6 -0
  29. data/lib/porkadot/configs/etcd.rb +7 -3
  30. data/lib/porkadot/configs/kubelet.rb +9 -1
  31. data/lib/porkadot/configs/kubernetes.rb +9 -0
  32. data/lib/porkadot/default.yaml +3 -2
  33. data/lib/porkadot/install/bootstrap.rb +7 -0
  34. data/lib/porkadot/install/kubelet.rb +4 -0
  35. data/lib/porkadot/install/kubernetes.rb +4 -0
  36. data/lib/porkadot/version.rb +1 -1
  37. metadata +8 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d234a54eadea75f593857f0d1a697af8be3cb74c5a4b48bb42b19ec966a905ae
4
- data.tar.gz: a62e0011627d9d7f5b93e34fadd8c76df6dc88496c7ff39b561d808880ac1570
3
+ metadata.gz: 9ee36f6490d8e4d8cfa07f29fae9b79a4a2eda35fe977f052f60ec7aa43ce802
4
+ data.tar.gz: 675c0c3679ee246844abfaaf39f0230c5b63fa2b661bcb21bb111f1ff7a0e6d5
5
5
  SHA512:
6
- metadata.gz: e359ab5f970e9ed84d82c1210a4c74215bec8fb878a42b736add72a2c27771ab1c8fe3d36125387694b3ea84c626f5b5bbdcbc9bbcb25e0f47dfa6c54484c651
7
- data.tar.gz: 1dda5458027c308e37832c74cd66b67422935c88968960b2ea017aa30aad2a6d39aa3ca2d3eaeb0d334431e4a2e50f4eb2e35bd43cca8b216eccab9c93a38c6b
6
+ metadata.gz: bef9c31a3f3371702948ad4c5b18df384387a42a2d363c0820a250227659b45db3c3a3260929c3821860f8eff9800c6fd983a52211bc5885b4b65af3962ece1f
7
+ data.tar.gz: 542e8cbeb5bd220ff9b6c12c109c55a88f1d1315cc3c17bf01ce2e8af9816293117bcf8002ab32330cf257b41285b35cfe43d30820f50ff7c2230f3027c49765
@@ -4,6 +4,15 @@ module Porkadot::Assets
4
4
  space = space.times.map{' '}.join('')
5
5
  text.lines.map{|line| "#{space}#{line}"}.join('')
6
6
  end
7
+
8
+ def to_yaml(obj, space=0)
9
+ h = Hashie::Mash.new({obj: obj})
10
+ h = h.to_hash
11
+ if h['obj'].size == 0
12
+ return ''
13
+ end
14
+ return self.indent(h['obj'].to_yaml(canonical: false, header: false).gsub(/---\n/, ''), space)
15
+ end
7
16
  end
8
17
 
9
18
  def render_erb file, opts={}
@@ -21,4 +30,19 @@ module Porkadot::Assets
21
30
  end
22
31
  end
23
32
 
33
+ def render_secrets_erb file, opts={}
34
+ file = file.to_s
35
+ opts[:config] = self.config
36
+ opts[:global_config] = self.global_config
37
+ opts[:certs] = Porkadot::Assets::Certs.new(self.global_config)
38
+ opts[:u] = ErbUtils.new
39
+
40
+ logger.info "----> #{file}"
41
+ open(File.join(self.class::TEMPLATE_DIR, "#{file}.erb")) do |io|
42
+ open(config.secrets_path(file), 'w') do |out|
43
+ out.write ERB.new(io.read, trim_mode: '-').result_with_hash(opts)
44
+ end
45
+ end
46
+ end
47
+
24
48
  end
@@ -18,8 +18,8 @@ module Porkadot; module Assets
18
18
 
19
19
  def render
20
20
  logger.info "--> Rendering bootstrap manifests"
21
- unless File.directory?(config.target_path)
22
- FileUtils.mkdir_p(config.target_path)
21
+ unless File.directory?(config.bootstrap_path)
22
+ FileUtils.mkdir_p(config.bootstrap_path)
23
23
  end
24
24
  render_secrets
25
25
  render_erb 'bootstrap/kubeconfig-bootstrap.yaml'
@@ -50,6 +50,9 @@ module Porkadot; module Assets
50
50
  unless File.directory?(config.target_path)
51
51
  FileUtils.mkdir_p(config.target_path)
52
52
  end
53
+ unless File.directory?(config.target_secrets_path)
54
+ FileUtils.mkdir_p(config.target_secrets_path)
55
+ end
53
56
  render_ca_crt
54
57
  render_etcd_crt
55
58
  render_erb 'etcd-server.yaml', etcd: global_config.etcd
@@ -83,7 +86,7 @@ module Porkadot; module Assets
83
86
  ca_key = self.certs.ca_key
84
87
  ca_cert = self.certs.ca_cert(false)
85
88
  @etcd_cert = certs.unsigned_cert(
86
- "/O=porkadot:etcd-servers/CN=porkadot:etcd-server-#{config.member_name}",
89
+ "/O=porkadot:etcd-servers/CN=#{config.member_name}",
87
90
  self.etcd_key, ca_cert,
88
91
  1 * 365 * 24 * 60 * 60
89
92
  )
@@ -30,6 +30,8 @@ spec:
30
30
  - --data-dir=/var/lib/etcd
31
31
  - --heartbeat-interval=1000
32
32
  - --election-timeout=10000
33
+ env:
34
+ <%= u.to_yaml(etcd.extra_env, 4) -%>
33
35
  volumeMounts:
34
36
  - mountPath: /var/lib/etcd
35
37
  name: etcd
@@ -50,6 +50,9 @@ module Porkadot; module Assets
50
50
  unless File.directory?(config.target_path)
51
51
  FileUtils.mkdir_p(config.target_path)
52
52
  end
53
+ unless File.directory?(config.target_secrets_path)
54
+ FileUtils.mkdir_p(config.target_secrets_path)
55
+ end
53
56
  ca_data = certs.ca_cert.to_pem
54
57
  ca_data = Base64.strict_encode64(ca_data)
55
58
 
@@ -32,5 +32,7 @@ streamingConnectionIdleTimeout: 0s
32
32
  syncFrequency: 0s
33
33
  volumeStatsAggPeriod: 0s
34
34
  serverTLSBootstrap: true
35
+ featureGates:
36
+ CSIMigration: false
35
37
 
36
38
  # vim:filetype=yaml
@@ -1,21 +1,39 @@
1
1
  #!/bin/bash
2
2
 
3
+ architecture="arm64"
4
+ case $(uname -m) in
5
+ x86_64) architecture="amd64" ;;
6
+ arm) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="arm" ;;
7
+ esac
8
+ echo $architecture
9
+
3
10
  CNI_VERSION="<%= global_config.k8s.networking.cni_version %>"
4
11
  mkdir -p /opt/cni/bin
5
- curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
12
+ curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${architecture}-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
6
13
 
7
14
  RELEASE="<%= global_config.k8s.kubernetes_version %>"
8
15
 
9
16
  mkdir -p /opt/bin
10
17
 
11
- curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/kubectl \
18
+ curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubectl \
12
19
  -o /opt/bin/kubectl-${RELEASE}
13
20
  chmod +x /opt/bin/kubectl-${RELEASE}
14
21
  rm -f /opt/bin/kubectl
15
22
  ln -s /opt/bin/kubectl-${RELEASE} /opt/bin/kubectl
16
23
 
17
- curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/kubelet \
24
+ curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubelet \
18
25
  -o /opt/bin/kubelet-${RELEASE}
19
26
  chmod +x /opt/bin/kubelet-${RELEASE}
20
27
  rm -f /opt/bin/kubelet
21
28
  ln -s /opt/bin/kubelet-${RELEASE} /opt/bin/kubelet
29
+
30
+ ETCD_VER="<%= global_config.etcd.image_tag.gsub(/\-\w+$/, '') %>"
31
+ ETCD_URL=https://storage.googleapis.com/etcd/${ETCD_VER}/etcd-${ETCD_VER}-linux-${architecture}.tar.gz
32
+ ETCD_TMP=$(mktemp -d)
33
+
34
+ curl -L ${ETCD_URL} -o ${ETCD_TMP}/etcd.tar.gz
35
+ tar zxvf ${ETCD_TMP}/etcd.tar.gz -C ${ETCD_TMP}/ --strip-components=1
36
+ chmod +x ${ETCD_TMP}/etcdctl
37
+ rm -f /opt/bin/etcdctl
38
+ mv ${ETCD_TMP}/etcdctl /opt/bin/etcdctl-${ETCD_VER}
39
+ ln -s /opt/bin/etcdctl-${ETCD_VER} /opt/bin/etcdctl
@@ -4,6 +4,7 @@ export LC_ALL=C
4
4
  ROOT=$(dirname "${BASH_SOURCE}")
5
5
 
6
6
  if type apt-get > /dev/null 2>&1 ;then
7
+ export DEBIAN_FRONTEND=noninteractive
7
8
  apt-get update
8
9
  apt-get install -y \
9
10
  ca-certificates \
@@ -22,7 +23,8 @@ if type apt-get > /dev/null 2>&1 ;then
22
23
  nfs-common \
23
24
  socat \
24
25
  udev \
25
- util-linux
26
+ util-linux \
27
+ open-iscsi
26
28
  fi
27
29
 
28
30
  cat <<EOF > /etc/sysctl.d/k8s.conf
@@ -30,4 +32,10 @@ net.bridge.bridge-nf-call-ip6tables = 1
30
32
  net.bridge.bridge-nf-call-iptables = 1
31
33
  EOF
32
34
 
35
+ cat <<EOF > /etc/iscsi/initiatorname.iscsi
36
+ InitiatorName=iqn.2020-04.cloud.unstable:<%= config.hostname %>
37
+ EOF
38
+
39
+ systemctl restart iscsid.service
40
+
33
41
  sysctl --system
@@ -20,18 +20,27 @@ module Porkadot; module Assets
20
20
  unless File.directory?(config.manifests_path)
21
21
  FileUtils.mkdir_p(config.manifests_path)
22
22
  end
23
+ unless File.directory?(config.manifests_secrets_path)
24
+ FileUtils.mkdir_p(config.manifests_secrets_path)
25
+ end
23
26
  lb = global_config.lb
24
27
  cni = global_config.cni
25
28
  render_erb 'manifests/porkadot.yaml'
26
29
  render_erb 'manifests/kubelet.yaml'
27
30
  render_erb "manifests/#{lb.type}.yaml"
31
+ render_secrets_erb "manifests/#{lb.type}.secrets.yaml"
28
32
  render_erb "manifests/#{cni.type}.yaml"
33
+ render_erb "manifests/coredns.yaml"
34
+ render_erb "manifests/dns-horizontal-autoscaler.yaml"
29
35
  render_erb "manifests/kube-apiserver.yaml"
36
+ render_secrets_erb "manifests/kube-apiserver.secrets.yaml"
30
37
  render_erb "manifests/kube-proxy.yaml"
31
38
  render_erb "manifests/kube-scheduler.yaml"
32
39
  render_erb "manifests/kube-controller-manager.yaml"
40
+ render_secrets_erb "manifests/kube-controller-manager.secrets.yaml"
33
41
  render_erb "manifests/pod-checkpointer.yaml"
34
42
  render_erb "manifests/kubelet-rubber-stamp.yaml"
43
+ render_erb "manifests/storage-version-migrator.yaml"
35
44
  render_erb 'install.sh'
36
45
  end
37
46
 
@@ -0,0 +1,202 @@
1
+ <% k8s = global_config.k8s -%>
2
+ # __MACHINE_GENERATED_WARNING__
3
+
4
+ apiVersion: v1
5
+ kind: ServiceAccount
6
+ metadata:
7
+ name: coredns
8
+ namespace: kube-system
9
+ labels:
10
+ kubernetes.io/cluster-service: "true"
11
+ addonmanager.kubernetes.io/mode: Reconcile
12
+ ---
13
+ apiVersion: rbac.authorization.k8s.io/v1
14
+ kind: ClusterRole
15
+ metadata:
16
+ labels:
17
+ kubernetes.io/bootstrapping: rbac-defaults
18
+ addonmanager.kubernetes.io/mode: Reconcile
19
+ name: system:coredns
20
+ rules:
21
+ - apiGroups:
22
+ - ""
23
+ resources:
24
+ - endpoints
25
+ - services
26
+ - pods
27
+ - namespaces
28
+ verbs:
29
+ - list
30
+ - watch
31
+ - apiGroups:
32
+ - ""
33
+ resources:
34
+ - nodes
35
+ verbs:
36
+ - get
37
+ ---
38
+ apiVersion: rbac.authorization.k8s.io/v1
39
+ kind: ClusterRoleBinding
40
+ metadata:
41
+ annotations:
42
+ rbac.authorization.kubernetes.io/autoupdate: "true"
43
+ labels:
44
+ kubernetes.io/bootstrapping: rbac-defaults
45
+ addonmanager.kubernetes.io/mode: EnsureExists
46
+ name: system:coredns
47
+ roleRef:
48
+ apiGroup: rbac.authorization.k8s.io
49
+ kind: ClusterRole
50
+ name: system:coredns
51
+ subjects:
52
+ - kind: ServiceAccount
53
+ name: coredns
54
+ namespace: kube-system
55
+ ---
56
+ apiVersion: v1
57
+ kind: ConfigMap
58
+ metadata:
59
+ name: coredns
60
+ namespace: kube-system
61
+ labels:
62
+ addonmanager.kubernetes.io/mode: EnsureExists
63
+ data:
64
+ Corefile: |
65
+ .:53 {
66
+ errors
67
+ health {
68
+ lameduck 5s
69
+ }
70
+ ready
71
+ kubernetes <%= k8s.networking.dns_domain %> in-addr.arpa ip6.arpa {
72
+ pods insecure
73
+ fallthrough in-addr.arpa ip6.arpa
74
+ ttl 30
75
+ }
76
+ prometheus :9153
77
+ forward . /etc/resolv.conf
78
+ cache 30
79
+ loop
80
+ reload
81
+ loadbalance
82
+ }
83
+ ---
84
+ apiVersion: apps/v1
85
+ kind: Deployment
86
+ metadata:
87
+ name: coredns
88
+ namespace: kube-system
89
+ labels:
90
+ k8s-app: kube-dns
91
+ kubernetes.io/cluster-service: "true"
92
+ addonmanager.kubernetes.io/mode: Reconcile
93
+ kubernetes.io/name: "CoreDNS"
94
+ spec:
95
+ # replicas: not specified here:
96
+ # 1. In order to make Addon Manager do not reconcile this replicas parameter.
97
+ # 2. Default is 1.
98
+ # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
99
+ strategy:
100
+ type: RollingUpdate
101
+ rollingUpdate:
102
+ maxUnavailable: 1
103
+ selector:
104
+ matchLabels:
105
+ k8s-app: kube-dns
106
+ template:
107
+ metadata:
108
+ labels:
109
+ k8s-app: kube-dns
110
+ annotations:
111
+ seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
112
+ spec:
113
+ priorityClassName: system-cluster-critical
114
+ serviceAccountName: coredns
115
+ tolerations:
116
+ - key: "CriticalAddonsOnly"
117
+ operator: "Exists"
118
+ nodeSelector:
119
+ kubernetes.io/os: linux
120
+ containers:
121
+ - name: coredns
122
+ image: k8s.gcr.io/coredns:1.6.7
123
+ imagePullPolicy: IfNotPresent
124
+ resources:
125
+ limits:
126
+ memory: 170Mi
127
+ requests:
128
+ cpu: 100m
129
+ memory: 70Mi
130
+ args: [ "-conf", "/etc/coredns/Corefile" ]
131
+ volumeMounts:
132
+ - name: config-volume
133
+ mountPath: /etc/coredns
134
+ readOnly: true
135
+ ports:
136
+ - containerPort: 53
137
+ name: dns
138
+ protocol: UDP
139
+ - containerPort: 53
140
+ name: dns-tcp
141
+ protocol: TCP
142
+ - containerPort: 9153
143
+ name: metrics
144
+ protocol: TCP
145
+ livenessProbe:
146
+ httpGet:
147
+ path: /health
148
+ port: 8080
149
+ scheme: HTTP
150
+ initialDelaySeconds: 60
151
+ timeoutSeconds: 5
152
+ successThreshold: 1
153
+ failureThreshold: 5
154
+ readinessProbe:
155
+ httpGet:
156
+ path: /ready
157
+ port: 8181
158
+ scheme: HTTP
159
+ securityContext:
160
+ allowPrivilegeEscalation: false
161
+ capabilities:
162
+ add:
163
+ - NET_BIND_SERVICE
164
+ drop:
165
+ - all
166
+ readOnlyRootFilesystem: true
167
+ dnsPolicy: Default
168
+ volumes:
169
+ - name: config-volume
170
+ configMap:
171
+ name: coredns
172
+ items:
173
+ - key: Corefile
174
+ path: Corefile
175
+ ---
176
+ apiVersion: v1
177
+ kind: Service
178
+ metadata:
179
+ name: kube-dns
180
+ namespace: kube-system
181
+ annotations:
182
+ prometheus.io/port: "9153"
183
+ prometheus.io/scrape: "true"
184
+ labels:
185
+ k8s-app: kube-dns
186
+ kubernetes.io/cluster-service: "true"
187
+ addonmanager.kubernetes.io/mode: Reconcile
188
+ kubernetes.io/name: "CoreDNS"
189
+ spec:
190
+ selector:
191
+ k8s-app: kube-dns
192
+ clusterIP: <%= k8s.networking.dns_ip %>
193
+ ports:
194
+ - name: dns
195
+ port: 53
196
+ protocol: UDP
197
+ - name: dns-tcp
198
+ port: 53
199
+ protocol: TCP
200
+ - name: metrics
201
+ port: 9153
202
+ protocol: TCP
@@ -0,0 +1,110 @@
1
+ # Copyright 2016 The Kubernetes Authors.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ kind: ServiceAccount
16
+ apiVersion: v1
17
+ metadata:
18
+ name: kube-dns-autoscaler
19
+ namespace: kube-system
20
+ labels:
21
+ addonmanager.kubernetes.io/mode: Reconcile
22
+ ---
23
+ kind: ClusterRole
24
+ apiVersion: rbac.authorization.k8s.io/v1
25
+ metadata:
26
+ name: system:kube-dns-autoscaler
27
+ labels:
28
+ addonmanager.kubernetes.io/mode: Reconcile
29
+ rules:
30
+ - apiGroups: [""]
31
+ resources: ["nodes"]
32
+ verbs: ["list", "watch"]
33
+ - apiGroups: [""]
34
+ resources: ["replicationcontrollers/scale"]
35
+ verbs: ["get", "update"]
36
+ - apiGroups: ["apps"]
37
+ resources: ["deployments/scale", "replicasets/scale"]
38
+ verbs: ["get", "update"]
39
+ # Remove the configmaps rule once below issue is fixed:
40
+ # kubernetes-incubator/cluster-proportional-autoscaler#16
41
+ - apiGroups: [""]
42
+ resources: ["configmaps"]
43
+ verbs: ["get", "create"]
44
+ ---
45
+ kind: ClusterRoleBinding
46
+ apiVersion: rbac.authorization.k8s.io/v1
47
+ metadata:
48
+ name: system:kube-dns-autoscaler
49
+ labels:
50
+ addonmanager.kubernetes.io/mode: Reconcile
51
+ subjects:
52
+ - kind: ServiceAccount
53
+ name: kube-dns-autoscaler
54
+ namespace: kube-system
55
+ roleRef:
56
+ kind: ClusterRole
57
+ name: system:kube-dns-autoscaler
58
+ apiGroup: rbac.authorization.k8s.io
59
+
60
+ ---
61
+ apiVersion: apps/v1
62
+ kind: Deployment
63
+ metadata:
64
+ name: kube-dns-autoscaler
65
+ namespace: kube-system
66
+ labels:
67
+ k8s-app: kube-dns-autoscaler
68
+ kubernetes.io/cluster-service: "true"
69
+ addonmanager.kubernetes.io/mode: Reconcile
70
+ spec:
71
+ selector:
72
+ matchLabels:
73
+ k8s-app: kube-dns-autoscaler
74
+ template:
75
+ metadata:
76
+ labels:
77
+ k8s-app: kube-dns-autoscaler
78
+ annotations:
79
+ seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
80
+ spec:
81
+ priorityClassName: system-cluster-critical
82
+ securityContext:
83
+ supplementalGroups: [ 65534 ]
84
+ fsGroup: 65534
85
+ nodeSelector:
86
+ kubernetes.io/os: linux
87
+ containers:
88
+ - name: autoscaler
89
+ image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.7.1
90
+ resources:
91
+ requests:
92
+ cpu: "20m"
93
+ memory: "10Mi"
94
+ command:
95
+ - /cluster-proportional-autoscaler
96
+ - --namespace=kube-system
97
+ - --configmap=kube-dns-autoscaler
98
+ # Should keep target in sync with cluster/addons/dns/kube-dns.yaml.base
99
+ - --target=Deployment/coredns
100
+ # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
101
+ # If using small nodes, "nodesPerReplica" should dominate.
102
+ - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}}
103
+ - --logtostderr=true
104
+ - --v=2
105
+ tolerations:
106
+ - key: "CriticalAddonsOnly"
107
+ operator: "Exists"
108
+ nodeSelector:
109
+ kubernetes.io/os: linux
110
+ serviceAccountName: kube-dns-autoscaler