关于kubernetes:kubernetes-metricsserver

---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:  name: system:aggregated-metrics-reader  labels:    rbac.authorization.k8s.io/aggregate-to-view: "true"    rbac.authorization.k8s.io/aggregate-to-edit: "true"    rbac.authorization.k8s.io/aggregate-to-admin: "true"rules:- apiGroups: ["metrics.k8s.io"]  resources: ["pods", "nodes"]  verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: metrics-server:system:auth-delegatorroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: system:auth-delegatorsubjects:- kind: ServiceAccount  name: metrics-server  namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  name: metrics-server-auth-reader  namespace: kube-systemroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: extension-apiserver-authentication-readersubjects:- kind: ServiceAccount  name: metrics-server  namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:  name: system:metrics-serverrules:- apiGroups:  - ""  resources:  - pods  - nodes  - nodes/stats  - namespaces  verbs:  - get  - list  - watch---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: system:metrics-serverroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: system:metrics-serversubjects:- kind: ServiceAccount  name: metrics-server  namespace: kube-system  ---apiVersion: apiregistration.k8s.io/v1beta1kind: APIServicemetadata:  name: v1beta1.metrics.k8s.iospec:  service:    name: metrics-server    namespace: kube-system  group: metrics.k8s.io  version: v1beta1  insecureSkipTLSVerify: true  groupPriorityMinimum: 100  versionPriority: 100---apiVersion: v1kind: ServiceAccountmetadata:  name: metrics-server  namespace: kube-system---apiVersion: apps/v1kind: Deploymentmetadata:  name: metrics-server  namespace: kube-system  labels:    k8s-app: metrics-serverspec:  selector:    matchLabels:      k8s-app: metrics-server  template:    metadata:      name: metrics-server      labels:        k8s-app: metrics-server    spec:      serviceAccountName: metrics-server      volumes:      # mount in tmp so we can safely use from-scratch images and/or read-only containers      - name: tmp-dir        emptyDir: {}      hostNetwork: true      containers:      - name: metrics-server        image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6        # command:        # - /metrics-server        # - --kubelet-insecure-tls        # - --kubelet-preferred-address-types=InternalIP         args:          - --cert-dir=/tmp          - --secure-port=4443          - --kubelet-insecure-tls=true          - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,externalDNS        ports:        - name: main-port          containerPort: 4443          protocol: TCP        securityContext:          readOnlyRootFilesystem: true          runAsNonRoot: true          runAsUser: 1000        imagePullPolicy: Always        volumeMounts:        - name: tmp-dir          mountPath: /tmp      nodeSelector:        beta.kubernetes.io/os: linux---apiVersion: v1kind: Servicemetadata:  name: metrics-server  namespace: kube-system  labels:    kubernetes.io/name: "Metrics-server"    kubernetes.io/cluster-service: "true"spec:  selector:    k8s-app: metrics-server  ports:  - port: 443    protocol: TCP    targetPort: main-port