From a1fb1c69f99f0f0fbb862bdd27c93413c3332d9a Mon Sep 17 00:00:00 2001 From: Kubernetes Prow Robot Date: Fri, 5 Nov 2021 16:36:51 -0700 Subject: [PATCH] Merge pull request #884 from shuaich/remove_elevated_permission Remove elevated permissions from metrics-server --- Dockerfile | 3 --- Makefile | 2 +- manifests/base/deployment.yaml | 4 ++-- test/e2e_test.go | 2 +- 4 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index e358a7198..ff2748d9e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,6 @@ # be pre-pulled in order to work on GCB. FROM golang:1.16.8 as build -RUN apt-get update && apt-get --no-install-recommends install -y libcap2-bin && apt-get clean && rm -rf /var/lib/apt/lists/* - WORKDIR /go/src/sigs.k8s.io/metrics-server COPY go.mod . COPY go.sum . @@ -17,7 +15,6 @@ ARG ARCH ARG GIT_COMMIT ARG GIT_TAG RUN make metrics-server -RUN setcap cap_net_bind_service=+ep metrics-server FROM gcr.io/distroless/static:latest COPY --from=build /go/src/sigs.k8s.io/metrics-server/metrics-server / diff --git a/Makefile b/Makefile index 27324966e..c0de9cbac 100644 --- a/Makefile +++ b/Makefile @@ -45,7 +45,7 @@ container: # Pull base image explicitly. Keep in sync with Dockerfile, otherwise # GCB builds will start failing. docker pull golang:1.16.8 - docker buildx build -t $(REGISTRY)/metrics-server-$(ARCH):$(CHECKSUM) --build-arg ARCH=$(ARCH) --build-arg GIT_TAG=$(GIT_TAG) --build-arg GIT_COMMIT=$(GIT_COMMIT) . + docker build -t $(REGISTRY)/metrics-server-$(ARCH):$(CHECKSUM) --build-arg ARCH=$(ARCH) --build-arg GIT_TAG=$(GIT_TAG) --build-arg GIT_COMMIT=$(GIT_COMMIT) . .PHONY: container-all container-all: $(CONTAINER_ARCH_TARGETS); diff --git a/manifests/base/deployment.yaml b/manifests/base/deployment.yaml index 9172697a9..d4326285a 100644 --- a/manifests/base/deployment.yaml +++ b/manifests/base/deployment.yaml @@ -22,7 +22,7 @@ spec: imagePullPolicy: IfNotPresent args: - --cert-dir=/tmp - - --secure-port=443 + - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s @@ -32,7 +32,7 @@ spec: memory: 200Mi ports: - name: https - containerPort: 443 + containerPort: 4443 protocol: TCP readinessProbe: httpGet: diff --git a/test/e2e_test.go b/test/e2e_test.go index d896ce316..b00ad92d5 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -168,7 +168,7 @@ livez check passed }) It("exposes prometheus metrics", func() { msPod := mustGetMetricsServerPod(client) - resp, err := proxyRequestToPod(restConfig, msPod.Namespace, msPod.Name, "https", 443, "/metrics") + resp, err := proxyRequestToPod(restConfig, msPod.Namespace, msPod.Name, "https", 4443, "/metrics") Expect(err).NotTo(HaveOccurred(), "Failed to get Metrics Server /metrics endpoint") metrics, err := parseMetricNames(resp) Expect(err).NotTo(HaveOccurred(), "Failed to parse Metrics Server metrics")