From de88fa5457f0fc44c880d42ca17179c2e5a31b2a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 11 Feb 2018 10:45:39 -0800 Subject: [PATCH] addons: Update Heapster from v1.5.0 to v1.5.1 * Switch to k8s.gcr.io vanity image name * Add service account, Role, and ClusterRole for heapster --- CHANGES.md | 5 +++++ addons/heapster/cluster-role-binding.yaml | 12 ++++++++++++ addons/heapster/deployment.yaml | 7 +++---- addons/heapster/role-binding.yaml | 13 +++++++++++++ addons/heapster/role.yaml | 19 +++++++++++++++++++ addons/heapster/service-account.yaml | 5 +++++ 6 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 addons/heapster/cluster-role-binding.yaml create mode 100644 addons/heapster/role-binding.yaml create mode 100644 addons/heapster/role.yaml create mode 100644 addons/heapster/service-account.yaml diff --git a/CHANGES.md b/CHANGES.md index e5e8909c4..82aa36927 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,11 @@ Notable changes between versions. ## Latest +#### Addons + +* Update heapster from v1.5.0 to v1.5.1 ([#131](https://github.com/poseidon/typhoon/pull/131)) + * Use separate service account + ## v1.9.3 * Kubernetes [v1.9.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.9.md#v193) diff --git a/addons/heapster/cluster-role-binding.yaml b/addons/heapster/cluster-role-binding.yaml new file mode 100644 index 000000000..9ae16e6d5 --- /dev/null +++ b/addons/heapster/cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: heapster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:heapster +subjects: +- kind: ServiceAccount + name: heapster + namespace: kube-system diff --git a/addons/heapster/deployment.yaml b/addons/heapster/deployment.yaml index e856ad0f2..22eb589b5 100644 --- a/addons/heapster/deployment.yaml +++ b/addons/heapster/deployment.yaml @@ -14,12 +14,11 @@ spec: labels: name: heapster phase: prod - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + serviceAccountName: heapster containers: - name: heapster - image: gcr.io/google_containers/heapster-amd64:v1.5.0 + image: k8s.gcr.io/heapster-amd64:v1.5.1 command: - /heapster - --source=kubernetes.summary_api:'' @@ -31,7 +30,7 @@ spec: initialDelaySeconds: 180 timeoutSeconds: 5 - name: heapster-nanny - image: gcr.io/google_containers/addon-resizer:1.7 + image: k8s.gcr.io/addon-resizer:1.7 command: - /pod_nanny - --cpu=80m diff --git a/addons/heapster/role-binding.yaml b/addons/heapster/role-binding.yaml new file mode 100644 index 000000000..c83567292 --- /dev/null +++ b/addons/heapster/role-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: heapster + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: system:pod-nanny +subjects: +- kind: ServiceAccount + name: heapster + namespace: kube-system diff --git a/addons/heapster/role.yaml b/addons/heapster/role.yaml new file mode 100644 index 000000000..5c1296723 --- /dev/null +++ b/addons/heapster/role.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: system:pod-nanny + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - "extensions" + resources: + - deployments + verbs: + - get + - update diff --git a/addons/heapster/service-account.yaml b/addons/heapster/service-account.yaml new file mode 100644 index 000000000..c91d5b6bd --- /dev/null +++ b/addons/heapster/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: heapster + namespace: kube-system