From d5a644cf972df439fa7fe48d723a5a5f5378a099 Mon Sep 17 00:00:00 2001
From: Muhammad Hamza Zaib <hamzazaib3202@gmail.com>
Date: Thu, 30 Mar 2023 18:12:40 +0500
Subject: [PATCH 1/8] Set namespace for auth-reader rb to kube-system

---
 charts/metrics-server/templates/rolebinding.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/metrics-server/templates/rolebinding.yaml b/charts/metrics-server/templates/rolebinding.yaml
index be6fccf9d..3fda74337 100644
--- a/charts/metrics-server/templates/rolebinding.yaml
+++ b/charts/metrics-server/templates/rolebinding.yaml
@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ printf "%s-auth-reader" (include "metrics-server.fullname" .)  }}
-  namespace: {{ .Release.Namespace }}
+  namespace: kube-system
   labels:
     {{- include "metrics-server.labels" . | nindent 4 }}
 roleRef:

From b0eac7f1d32ab9762cb4807d9a00bd8e47404438 Mon Sep 17 00:00:00 2001
From: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
Date: Fri, 31 Mar 2023 12:22:04 +1100
Subject: [PATCH 2/8] add configMap volume for addon resizer

Signed-off-by: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
---
 charts/metrics-server/templates/_helpers.tpl          | 7 +++++++
 charts/metrics-server/templates/configmaps-nanny.yaml | 2 +-
 charts/metrics-server/templates/deployment.yaml       | 5 +++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/charts/metrics-server/templates/_helpers.tpl b/charts/metrics-server/templates/_helpers.tpl
index 2c8a47ca6..1dfb91e68 100644
--- a/charts/metrics-server/templates/_helpers.tpl
+++ b/charts/metrics-server/templates/_helpers.tpl
@@ -78,6 +78,13 @@ The image to use for the addon resizer
 {{- printf "%s:%s" .Values.addonResizer.image.repository .Values.addonResizer.image.tag }}
 {{- end }}
 
+{{/*
+ConfigMap name of addon resizer
+*/}}
+{{- define "metrics-server.addonResizer.configMap" -}}
+{{- printf "%s-%s" (include "metrics-server.fullname" .) "nanny-config" }}
+{{- end }}
+
 {{/* Get PodDisruptionBudget API Version */}}
 {{- define "metrics-server.pdb.apiVersion" -}}
   {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}}
diff --git a/charts/metrics-server/templates/configmaps-nanny.yaml b/charts/metrics-server/templates/configmaps-nanny.yaml
index 10164820a..c25005ec2 100644
--- a/charts/metrics-server/templates/configmaps-nanny.yaml
+++ b/charts/metrics-server/templates/configmaps-nanny.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "metrics-server.fullname" .}}-nanny-config
+  name: {{ include "metrics-server.addonResizer.configMap" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "metrics-server.labels" . | nindent 4 }}
diff --git a/charts/metrics-server/templates/deployment.yaml b/charts/metrics-server/templates/deployment.yaml
index 2bd591784..9f44be441 100644
--- a/charts/metrics-server/templates/deployment.yaml
+++ b/charts/metrics-server/templates/deployment.yaml
@@ -121,6 +121,11 @@ spec:
       volumes:
         - name: tmp
           emptyDir: {}
+      {{- if .Values.addonResizer.enabled }}
+        - name: nanny-config-volume
+          configMap:
+            name: {{ include "metrics-server.addonResizer.configMap" . }}
+      {{- end }}
       {{- with .Values.extraVolumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}

From 154a93a4eae2a649d93fa41d0a78529cd09641de Mon Sep 17 00:00:00 2001
From: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
Date: Fri, 31 Mar 2023 12:22:25 +1100
Subject: [PATCH 3/8] fix addon resizer rolebinding

Signed-off-by: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
---
 charts/metrics-server/templates/_helpers.tpl           | 7 +++++++
 charts/metrics-server/templates/role-nanny.yaml        | 4 ++--
 charts/metrics-server/templates/rolebinding-nanny.yaml | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/charts/metrics-server/templates/_helpers.tpl b/charts/metrics-server/templates/_helpers.tpl
index 1dfb91e68..9b87f118f 100644
--- a/charts/metrics-server/templates/_helpers.tpl
+++ b/charts/metrics-server/templates/_helpers.tpl
@@ -85,6 +85,13 @@ ConfigMap name of addon resizer
 {{- printf "%s-%s" (include "metrics-server.fullname" .) "nanny-config" }}
 {{- end }}
 
+{{/*
+Role name of addon resizer
+*/}}
+{{- define "metrics-server.addonResizer.role" -}}
+{{ printf "system:%s-nanny" (include "metrics-server.fullname" .) }}
+{{- end }}
+
 {{/* Get PodDisruptionBudget API Version */}}
 {{- define "metrics-server.pdb.apiVersion" -}}
   {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}}
diff --git a/charts/metrics-server/templates/role-nanny.yaml b/charts/metrics-server/templates/role-nanny.yaml
index 8551b3713..f0bf8fceb 100644
--- a/charts/metrics-server/templates/role-nanny.yaml
+++ b/charts/metrics-server/templates/role-nanny.yaml
@@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ printf "system:%s-nanny" (include "metrics-server.fullname" .) }}
+  name: {{ include "metrics-server.addonResizer.role" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "metrics-server.labels" . | nindent 4 }}
@@ -19,7 +19,7 @@ rules:
   resources:
   - deployments
   resourceNames:
-  - metrics-server
+  - {{ include "metrics-server.fullname" . }}
   verbs:
   - get
   - patch
diff --git a/charts/metrics-server/templates/rolebinding-nanny.yaml b/charts/metrics-server/templates/rolebinding-nanny.yaml
index 99570ac62..73bfaaffe 100644
--- a/charts/metrics-server/templates/rolebinding-nanny.yaml
+++ b/charts/metrics-server/templates/rolebinding-nanny.yaml
@@ -10,7 +10,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: metrics-server-nanny
+  name: {{ include "metrics-server.addonResizer.role" . }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "metrics-server.serviceAccountName" . }}

From ee6ac34242437d20d52ca57876880bfc8142a571 Mon Sep 17 00:00:00 2001
From: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
Date: Fri, 31 Mar 2023 12:22:34 +1100
Subject: [PATCH 4/8] bump chart version

Signed-off-by: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
---
 charts/metrics-server/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/metrics-server/Chart.yaml b/charts/metrics-server/Chart.yaml
index 3fe95c010..e01265425 100644
--- a/charts/metrics-server/Chart.yaml
+++ b/charts/metrics-server/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: metrics-server
 description: Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
 type: application
-version: 3.9.0
+version: 3.9.1
 appVersion: 0.6.3
 keywords:
   - kubernetes

From 79401704412f6b75dfd6ff71e03ac2d892a69d70 Mon Sep 17 00:00:00 2001
From: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
Date: Tue, 4 Apr 2023 09:17:34 +1000
Subject: [PATCH 5/8] undo chart.yaml change

Signed-off-by: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
---
 charts/metrics-server/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/metrics-server/Chart.yaml b/charts/metrics-server/Chart.yaml
index e01265425..3fe95c010 100644
--- a/charts/metrics-server/Chart.yaml
+++ b/charts/metrics-server/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: metrics-server
 description: Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
 type: application
-version: 3.9.1
+version: 3.9.0
 appVersion: 0.6.3
 keywords:
   - kubernetes

From 55b9b0b5036fbda5d1ff8f0dd9246953a5c3486c Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Wed, 5 Apr 2023 15:42:49 -0500
Subject: [PATCH 6/8] Permit running under PodSecurity restricted

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---
 charts/metrics-server/values.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/charts/metrics-server/values.yaml b/charts/metrics-server/values.yaml
index 9741208b8..9b4fc16c4 100644
--- a/charts/metrics-server/values.yaml
+++ b/charts/metrics-server/values.yaml
@@ -56,6 +56,11 @@ securityContext:
   readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 1000
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop:
+      - ALL
 
 priorityClassName: system-cluster-critical
 

From 1f98fd5cf7028d02381de0d93727e6c17802fde2 Mon Sep 17 00:00:00 2001
From: Steve Hipwell <steve.hipwell@gmail.com>
Date: Wed, 12 Apr 2023 17:08:50 +0100
Subject: [PATCH 7/8] fix(chart): Updated container port to correct default

Signed-off-by: Steve Hipwell <steve.hipwell@gmail.com>
---
 charts/metrics-server/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/metrics-server/values.yaml b/charts/metrics-server/values.yaml
index 9b4fc16c4..7520a947b 100644
--- a/charts/metrics-server/values.yaml
+++ b/charts/metrics-server/values.yaml
@@ -64,7 +64,7 @@ securityContext:
 
 priorityClassName: system-cluster-critical
 
-containerPort: 4443
+containerPort: 10250
 
 hostNetwork:
   # Specifies if metrics-server should be started in hostNetwork mode.

From ecf98e97a4b30cccc561608c5491e06c1ae3e2a8 Mon Sep 17 00:00:00 2001
From: Steve Hipwell <steve.hipwell@gmail.com>
Date: Wed, 12 Apr 2023 17:12:54 +0100
Subject: [PATCH 8/8] feat(chart): Released v3.10.0

Signed-off-by: Steve Hipwell <steve.hipwell@gmail.com>
---
 charts/metrics-server/Chart.yaml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/charts/metrics-server/Chart.yaml b/charts/metrics-server/Chart.yaml
index 3fe95c010..996f21301 100644
--- a/charts/metrics-server/Chart.yaml
+++ b/charts/metrics-server/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: metrics-server
 description: Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
 type: application
-version: 3.9.0
+version: 3.10.0
 appVersion: 0.6.3
 keywords:
   - kubernetes
@@ -21,9 +21,11 @@ maintainers:
     url: https://github.com/endrec
 annotations:
   artifacthub.io/changes: |
+    - kind: fixed
+      description: "Fixed auth-reader role binding namespace to always use kube-system."
+    - kind: fixed
+      description: "Fixed addon resizer configuration."
     - kind: added
-      description: "Added autoscaling support via the addon-resizer."
-    - kind: changed
-      description: "Updated the Metrics Server OCI image to v0.6.3."
+      description: "Added support for running under PodSecurity restricted."
     - kind: fixed
-      description: "Fixed service labels/annotations."
+      description: "Fixed container port default not having been updated to 10250."