metrics-server
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for metrics-server.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
image:
6
repository: cgr.dev/chainguard-private/metrics-server
7
# Overrides the image tag whose default is v{{ .Chart.AppVersion }}
8
tag: latest@sha256:4742ef9727292d25b6a8ee7102dddbe9710ef765f3b874026f1a0267ed0648dc
9
pullPolicy: IfNotPresent
10
imagePullSecrets: []
11
# - name: registrySecretName
12
13
nameOverride: ""
14
fullnameOverride: ""
15
serviceAccount:
16
# Specifies whether a service account should be created
17
create: true
18
# Annotations to add to the service account
19
annotations: {}
20
# The name of the service account to use.
21
# If not set and create is true, a name is generated using the fullname template
22
name: ""
23
# The list of secrets mountable by this service account.
24
# See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets
25
secrets: []
26
rbac:
27
# Specifies whether RBAC resources should be created
28
create: true
29
# Note: PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later.
30
pspEnabled: false
31
apiService:
32
# Specifies if the v1beta1.metrics.k8s.io API service should be created.
33
#
34
# You typically want this enabled! If you disable API service creation you have to
35
# manage it outside of this chart for e.g horizontal pod autoscaling to
36
# work with this release.
37
create: true
38
# Annotations to add to the API service
39
annotations: {}
40
# Specifies whether to skip TLS verification
41
insecureSkipTLSVerify: true
42
# The PEM encoded CA bundle for TLS verification
43
caBundle: ""
44
commonLabels: {}
45
podLabels: {}
46
podAnnotations: {}
47
podSecurityContext: {}
48
securityContext:
49
allowPrivilegeEscalation: false
50
readOnlyRootFilesystem: true
51
runAsNonRoot: true
52
runAsUser: 1000
53
seccompProfile:
54
type: RuntimeDefault
55
capabilities:
56
drop:
57
- ALL
58
priorityClassName: system-cluster-critical
59
containerPort: 10250
60
hostNetwork:
61
# Specifies if metrics-server should be started in hostNetwork mode.
62
#
63
# You would require this enabled if you use alternate overlay networking for pods and
64
# API server unable to communicate with metrics-server. As an example, this is required
65
# if you use Weave network on EKS
66
enabled: false
67
replicas: 1
68
revisionHistoryLimit:
69
updateStrategy: {}
70
# type: RollingUpdate
71
# rollingUpdate:
72
# maxSurge: 0
73
# maxUnavailable: 1
74
75
podDisruptionBudget:
76
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
77
enabled: false
78
minAvailable:
79
maxUnavailable:
80
unhealthyPodEvictionPolicy:
81
defaultArgs:
82
- --cert-dir=/tmp
83
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
84
- --kubelet-use-node-status-port
85
- --metric-resolution=15s
86
args: []
87
livenessProbe:
88
httpGet:
89
path: /livez
90
port: https
91
scheme: HTTPS
92
initialDelaySeconds: 0
93
periodSeconds: 10
94
failureThreshold: 3
95
readinessProbe:
96
httpGet:
97
path: /readyz
98
port: https
99
scheme: HTTPS
100
initialDelaySeconds: 20
101
periodSeconds: 10
102
failureThreshold: 3
103
service:
104
type: ClusterIP
105
port: 443
106
annotations: {}
107
labels: {}
108
# Add these labels to have metrics-server show up in `kubectl cluster-info`
109
# kubernetes.io/cluster-service: "true"
110
# kubernetes.io/name: "Metrics-server"
111
addonResizer:
112
enabled: false
113
image:
114
repository: cgr.dev/chainguard-private/kubernetes-autoscaler-addon-resizer
115
tag: latest@sha256:90af3808435d22f20fba940fed0258aa3e9ee951084b3bd331a85faecbf106a1
116
securityContext:
117
allowPrivilegeEscalation: false
118
readOnlyRootFilesystem: true
119
runAsNonRoot: true
120
runAsUser: 1000
121
seccompProfile:
122
type: RuntimeDefault
123
capabilities:
124
drop:
125
- ALL
126
resources:
127
requests:
128
cpu: 40m
129
memory: 25Mi
130
limits:
131
cpu: 40m
132
memory: 25Mi
133
nanny:
134
cpu: 0m
135
extraCpu: 1m
136
memory: 0Mi
137
extraMemory: 2Mi
138
minClusterSize: 100
139
pollPeriod: 300000
140
threshold: 5
141
metrics:
142
enabled: false
143
serviceMonitor:
144
enabled: false
145
additionalLabels: {}
146
interval: 1m
147
scrapeTimeout: 10s
148
metricRelabelings: []
149
relabelings: []
150
# See https://github.com/kubernetes-sigs/metrics-server#scaling
151
resources:
152
requests:
153
cpu: 100m
154
memory: 200Mi
155
# limits:
156
# cpu:
157
# memory:
158
extraVolumeMounts: []
159
extraVolumes: []
160
nodeSelector: {}
161
tolerations: []
162
affinity: {}
163
topologySpreadConstraints: []
164
dnsConfig: {}
165
# Annotations to add to the deployment
166
deploymentAnnotations: {}
167
schedulerName: ""
168
tmpVolume:
169
emptyDir: {}
170
tls:
171
# Set the TLS method to use. Supported values:
172
# - `metrics-server` : Metrics-server will generate a self-signed certificate
173
# - `helm` : Helm will generate a self-signed certificate
174
# - `cert-manager` : Use cert-manager.io to create and maintain the certificate
175
# - `existingSecret` : Reuse an existing secret. No new secret will be created
176
type: "metrics-server"
177
# Kubernetes cluster domain. Used to configure Subject Alt Names for the certificate
178
clusterDomain: cluster.local
179
certManager:
180
# Automatically add the cert-manager.io/inject-ca-from annotation to the APIService resource.
181
# See https://cert-manager.io/docs/concepts/ca-injector
182
addInjectorAnnotations: true
183
existingIssuer:
184
# Use an existing cert-manager issuer
185
enabled: false
186
# Kind of the existing cert-manager issuer
187
kind: "Issuer"
188
# Name of the existing cert-manager issuer
189
name: "my-issuer"
190
# Set the requested duration (i.e. lifetime) of the Certificate.
191
# See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
192
duration: ""
193
# How long before the currently issued certificate’s expiry cert-manager should renew the certificate.
194
# See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
195
renewBefore: ""
196
# Add extra annotations to the Certificate resource
197
annotations: {}
198
# Add extra labels to the Certificate resource
199
labels: {}
200
helm:
201
# Use helm lookup function to reuse Secret created in previous helm install
202
lookup: true
203
# Cert validity duration in days
204
certDurationDays: 365
205
existingSecret:
206
# Name of the existing Secret to use for TLS
207
name: ""
208
# Use helm lookup function to provision `apiService.caBundle`
209
lookup: true
210
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.