From 779ad25852dd7a84d607684ae29e4f5a66b0d00d Mon Sep 17 00:00:00 2001
From: Rayan Das <rayandas91@gmail.com>
Date: Thu, 13 Oct 2022 11:28:22 +0530
Subject: [PATCH] add a new template metrics_v0.5.2.go

---
 rke/templates/metrics_v0.5.2.go | 237 ++++++++++++++++++++++++++++++++
 rke/templates/templates.go      |  11 +-
 2 files changed, 244 insertions(+), 4 deletions(-)
 create mode 100644 rke/templates/metrics_v0.5.2.go

diff --git a/rke/templates/metrics_v0.5.2.go b/rke/templates/metrics_v0.5.2.go
new file mode 100644
index 000000000..73c71f3b0
--- /dev/null
+++ b/rke/templates/metrics_v0.5.2.go
@@ -0,0 +1,237 @@
+package templates
+
+const MetricsServerTemplateV0_5_2 = `
+{{- if eq .RBACConfig "rbac"}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    k8s-app: metrics-server
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  name: system:aggregated-metrics-reader
+rules:
+- apiGroups:
+  - metrics.k8s.io
+  resources:
+  - pods
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    k8s-app: metrics-server
+  name: system:metrics-server
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  - nodes/stats
+  - namespaces
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    k8s-app: metrics-server
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    k8s-app: metrics-server
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    k8s-app: metrics-server
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
+{{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: metrics-server
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    k8s-app: metrics-server
+  name: metrics-server
+  namespace: kube-system
+spec:
+  ports:
+  - name: https
+    port: 443
+    protocol: TCP
+    targetPort: https
+  selector:
+    k8s-app: metrics-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+{{if .Replicas}}
+  replicas: {{.Replicas}}
+{{end}}
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+{{if .UpdateStrategy}}
+  strategy:
+{{ toYaml .UpdateStrategy | indent 4}}
+{{end}}
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                - key: beta.kubernetes.io/os
+                  operator: NotIn
+                  values:
+                    - windows
+                - key: node-role.kubernetes.io/worker
+                  operator: Exists
+{{if .NodeSelector}}
+      nodeSelector:
+      {{ range $k, $v := .NodeSelector }}
+        {{ $k }}: "{{ $v }}"
+      {{ end }}
+{{end}}
+      serviceAccountName: metrics-server
+{{- if .Tolerations}}
+      tolerations:
+{{ toYaml .Tolerations | indent 6}}
+{{- else }}
+      tolerations:
+      - effect: NoExecute
+        operator: Exists
+      - effect: NoSchedule
+        operator: Exists
+{{- end }}
+      volumes:
+      - emptyDir: {}
+        name: tmp-dir
+      # Rancher specific change
+      priorityClassName: {{ .MetricsServerPriorityClassName | default "system-cluster-critical" }}
+      containers:
+      - name: metrics-server
+        image: {{ .MetricsServerImage }}
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /livez
+            port: https
+            scheme: HTTPS
+          periodSeconds: 10
+        args:
+        - --cert-dir=/tmp
+        - --secure-port=4443
+        # Rancher specific: connecting to kubelet using insecure tls
+        - --kubelet-insecure-tls
+        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
+        - --metric-resolution=15s
+        - --logtostderr
+        {{ range $k,$v := .Options }}
+        -  --{{ $k }}={{ $v }}
+        {{ end }}
+        ports:
+        - containerPort: 4443
+          name: https
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /readyz
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 20
+          periodSeconds: 10
+        resources:
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmp-dir
+---
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  labels:
+    k8s-app: metrics-server
+  name: v1beta1.metrics.k8s.io
+spec:
+  group: metrics.k8s.io
+  groupPriorityMinimum: 100
+  insecureSkipTLSVerify: true
+  service:
+    name: metrics-server
+    namespace: kube-system
+  version: v1beta1
+  versionPriority: 100
+---
+`
diff --git a/rke/templates/templates.go b/rke/templates/templates.go
index 9bc479bd0..1d4f3a0f6 100644
--- a/rke/templates/templates.go
+++ b/rke/templates/templates.go
@@ -58,6 +58,7 @@ const (
 	metricsServerv18  = "metricsserver-v1.8"
 	metricsServerv120 = "metricsserver-v1.20"
 	metricsServerv050 = "metricsserver-v0.5.0"
+	metricsServerv052 = "metricsserver-v0.5.2"
 	metricsServerv061 = "metricsserver-v0.6.1"
 
 	weavev18  = "weave-v1.8"
@@ -156,10 +157,11 @@ func LoadK8sVersionedTemplates() map[string]map[string]string {
 			">=1.8.0-rancher0 <1.16.0-alpha": kubeDnsv18,
 		},
 		kdm.MetricsServer: {
-			">=1.23.3-rancher1-1":                     metricsServerv061,
-			">=1.20.14-rancher2-1 <1.23.3-rancher1-1": metricsServerv050,
-			">=1.20.4-rancher1-1 <1.20.14-rancher2-1": metricsServerv120,
-			">=1.8.0-rancher0 <1.20.4-rancher1-1":     metricsServerv18,
+			">=1.23.3-rancher1-1":                      metricsServerv061,
+			">=1.22.15-rancher1-1 <1.23.3-rancher1-1":  metricsServerv052,
+			">=1.20.14-rancher2-1 <1.22.15-rancher1-1": metricsServerv050,
+			">=1.20.4-rancher1-1 <1.20.14-rancher2-1":  metricsServerv120,
+			">=1.8.0-rancher0 <1.20.4-rancher1-1":      metricsServerv18,
 		},
 		kdm.Weave: {
 			">=1.22.0-rancher1-1":                    weavev122,
@@ -270,6 +272,7 @@ func getTemplates() map[string]string {
 		metricsServerv18:  MetricsServerTemplate,
 		metricsServerv120: MetricsServerTemplateV0_4_1,
 		metricsServerv050: MetricsServerTemplateV0_5_0,
+		metricsServerv052: MetricsServerTemplateV0_5_2,
 		metricsServerv061: MetricsServerTemplateV0_6_1,
 
 		weavev18:  WeaveTemplate,