Update dependencies

Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,17 @@
+## Expected Behavior
+
+
+## Actual Behavior
+
+
+## Steps to Reproduce the Problem
+
+  1.
+  1.
+  1.
+
+## Specifications
+
+  - Version:
+  - Platform:
+  - Subsystem:

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,31 @@
+# One-line summary
+
+> Issue : #1234 (only if appropriate)
+
+## Description
+A few sentences describing the overall goals of the pull request's
+commits.
+
+## Types of Changes
+_What types of changes does your code introduce? Keep the ones that apply:_
+
+- New feature (non-breaking change which adds functionality)
+- Bug fix (non-breaking change which fixes an issue)
+- Configuration change
+- Refactor/improvements
+- Documentation / non-code
+
+## Tasks
+_List of tasks you will do to complete the PR_
+  - [ ] Created Task 1
+  - [ ] Created Task 2
+  - [ ] To-do Task 3
+
+## Review
+_List of tasks the reviewer must do to review the PR_
+- [ ] Tests
+- [ ] Documentation
+- [ ] CHANGELOG
+
+## Deployment Notes
+These should highlight any db migrations, feature toggles, etc.

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: monthly
+    time: "07:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: monthly
+    time: "07:00"
+  open-pull-requests-limit: 10

.github/workflows/ci.yaml

@@ -0,0 +1,25 @@
+name: ci
+on:
+  push:
+    branches-ignore:
+      - 'gh-pages'
+  pull_request:
+    branches-ignore:
+      - 'gh-pages'
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-go@v2
+      with:
+        go-version: '^1.19'
+    - run: go version
+    - run: go install github.com/mattn/goveralls@latest
+    - run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+    - run: make build.docker
+    - run: make test
+    - run: make check
+    - run: goveralls -coverprofile=profile.cov -service=github
+      env:
+        COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '29 17 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/gh-packages.yaml

@@ -0,0 +1,91 @@
+name: gh-package-deploy
+permissions: {}
+
+on:
+  push:
+    branches:
+    - master
+    tags:
+      - '*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: "${{ github.repository }}"
+
+jobs:
+  docker:
+    if: ${{ github.actor != 'dependabot[bot]' }}
+
+    runs-on: ubuntu-latest
+    # Adding this block will overridw default values to None if not specified in the block
+    # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+    permissions:
+      contents: read
+      actions: read
+      packages: write # to push packages
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
+        with:
+          # https://www.npmjs.com/package/semver#caret-ranges-123-025-004
+          go-version: '^1.21'
+
+      - name: Login to Github Container Registry
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions-ecosystem/action-get-latest-tag@b7c32daec3395a9616f88548363a42652b22d435
+        id: get-latest-tag
+
+      - name: Build binaries
+        run: |
+          make build.linux.amd64 build.linux.arm64
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1
+
+      - name: Login to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
+        id: meta
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+
+      - name: Build and push
+        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825
+        with:
+          context: .
+          build-args: BASE_IMAGE=alpine:3
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' && startsWith(github.ref, 'refs/tags/v') }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # Build and push latest tag
+      - name: Build and push latest
+        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825
+        with:
+          context: .
+          build-args: BASE_IMAGE=alpine:3
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/release-chart.yml

@@ -0,0 +1,27 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.4.0
+        with:
+          charts_dir: docs
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -0,0 +1,5 @@
+build/
+apiserver.local.config/
+.idea/
+profile.cov
+vendor/

.golangci.yml

@@ -0,0 +1,13 @@
+run:
+  concurrency: 4
+
+linters:
+  disable-all: true
+  enable:
+  - errcheck
+  - gosimple
+  - govet
+  - ineffassign
+  - staticcheck
+  - typecheck
+  - unused

.zappr.yaml

@@ -0,0 +1,9 @@
+# for github.com
+approvals:
+  groups:
+    zalando:
+      minimum: 2
+      from:
+        orgs:
+          - "zalando"
+X-Zalando-Team: teapot

CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team see [MAINTAINERS.md](MAINTAINERS.md). All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

CONTRIBUTING.md

@@ -0,0 +1,86 @@
+# Contributing
+
+**Thank you for your interest in making the project better and more useful.
+Your contributions are highly welcome.**
+
+There are multiple ways of getting involved:
+
+- [Report a bug](#report-a-bug)
+- [Suggest a feature](#suggest-a-feature)
+- [Contribute code](#contribute-code)
+
+Below are a few guidelines we would like you to follow.
+If you need help, please reach out to us by opening an issue.
+
+## Report a bug
+
+Reporting bugs is one of the best ways to contribute. Before creating a bug
+report, please check that an [issue](/issues) reporting the same problem does
+not already exist. If there is such an issue, you may add your information as a
+comment.
+
+To report a new bug you should open an issue that summarizes the bug and set
+the label to "bug".
+
+If you want to provide a fix along with your bug report: That is great! In this
+case please send us a pull request as described in section [Contribute
+Code](#contribute-code).
+
+## Suggest a feature
+
+To request a new feature you should open an [issue](../../issues/new) and
+summarize the desired functionality and its use case. Set the issue label to
+"feature".
+
+## Contribute code
+
+This is an outline of what the workflow for code contributions looks like
+
+- Check the list of open [issues](../../issues). Either assign an existing
+  issue to yourself, or create a new one that you would like work on and
+  discuss your ideas and use cases.
+
+It is always best to discuss your plans beforehand, to ensure that your
+contribution is in line with our goals.
+
+- Fork the repository on GitHub
+- Create a topic branch from where you want to base your work. This is usually master.
+- Open a new pull request, label it `work in progress` and outline what you will be contributing
+- Make commits of logical units.
+- Make sure you sign-off on your commits `git commit -s -m "adding X to change Y"`
+- Write good commit messages (see below).
+- Push your changes to a topic branch in your fork of the repository.
+- As you push your changes, update the pull request with new information and tasks as you complete them
+- Project maintainers might comment on your work as you progress
+- When you are done, remove the `work in progess` label and ping the maintainers for a review
+- Your pull request must receive a :thumbsup: from two [maintainers](MAINTAINERS)
+
+Thanks for your contributions!
+
+### Commit messages
+
+Your commit messages ideally can answer two questions: what changed and why.
+The subject line should feature the “what” and the body of the commit should
+describe the “why”.
+
+When creating a pull request, its description should reference the corresponding issue id.
+
+### Sign your work / Developer certificate of origin
+All contributions (including pull requests) must agree to the Developer
+Certificate of Origin (DCO) version 1.1. This is exactly the same one created
+and used by the Linux kernel developers and posted on
+http://developercertificate.org/. This is a developer's certification that he
+or she has the right to submit the patch for inclusion into the project. Simply
+submitting a contribution implies this agreement, however, please include a
+"Signed-off-by" tag in every patch (this tag is a conventional way to confirm
+that you agree to the DCO) - you can automate this with a [Git
+hook](https://stackoverflow.com/questions/15015894/git-add-signed-off-by-line-using-format-signoff-not-working)
+
+```
+git commit -s -m "adding X to change Y"
+```
+
+
+
+
+**Have fun, and happy hacking!**

CONTRIBUTORS.md

@@ -0,0 +1,6 @@
+# Project Contributors
+
+All external contributors to the project, we are grateful for all their help 
+
+## Contributors sorted alphabetically
+

Dockerfile

@@ -0,0 +1,11 @@
+ARG BASE_IMAGE=registry.opensource.zalan.do/library/alpine-3:latest
+FROM ${BASE_IMAGE}
+LABEL maintainer="Team Teapot @ Zalando SE <team-teapot@zalando.de>"
+
+RUN apk add --no-cache tzdata
+
+ARG TARGETARCH
+
+ADD build/linux/${TARGETARCH}/kube-metrics-adapter /
+
+ENTRYPOINT ["/kube-metrics-adapter"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Zalando SE
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

MAINTAINERS

@@ -0,0 +1,2 @@
+Mikkel Larsen <mikkel.larsen@zalando.de>
+Team Teapot <team-teapot@zalando.de>

Makefile

@@ -0,0 +1,73 @@
+.PHONY: clean test check build.local build.linux build.osx build.docker build.push
+
+BINARY        ?= kube-metrics-adapter
+VERSION       ?= $(shell git describe --tags --always --dirty)
+IMAGE         ?= registry-write.opensource.zalan.do/teapot/$(BINARY)
+TAG           ?= $(VERSION)
+SOURCES       = $(shell find . -name '*.go')
+DOCKERFILE    ?= Dockerfile
+GOPKGS        = $(shell go list ./...)
+BUILD_FLAGS   ?= -v
+OPENAPI       ?= pkg/api/generated/openapi/zz_generated.openapi.go
+LDFLAGS       ?= -X main.version=$(VERSION) -w -s
+CRD_SOURCES    = $(shell find pkg/apis/zalando.org -name '*.go')
+CRD_TYPE_SOURCE = pkg/apis/zalando.org/v1/types.go
+GENERATED_CRDS = docs/scaling_schedules_crd.yaml
+GENERATED      = pkg/apis/zalando.org/v1/zz_generated.deepcopy.go
+
+
+default: build.local
+
+clean:
+	rm -rf build
+	rm -rf $(OPENAPI)
+
+test: $(GENERATED)
+	go test -v -coverprofile=profile.cov $(GOPKGS)
+
+check: $(GENERATED)
+	go mod download
+	golangci-lint run --timeout=2m ./...
+
+
+$(GENERATED): go.mod $(CRD_TYPE_SOURCE) $(OPENAPI)
+	./hack/update-codegen.sh
+
+$(GENERATED_CRDS): $(GENERATED) $(CRD_SOURCES)
+	go run sigs.k8s.io/controller-tools/cmd/controller-gen crd:crdVersions=v1 paths=./pkg/apis/... output:crd:dir=docs || /bin/true || true
+	mv docs/zalando.org_clusterscalingschedules.yaml docs/cluster_scaling_schedules_crd.yaml
+	mv docs/zalando.org_scalingschedules.yaml docs/scaling_schedules_crd.yaml
+
+$(OPENAPI): go.mod
+	go run k8s.io/kube-openapi/cmd/openapi-gen \
+		--go-header-file hack/boilerplate.go.txt \
+		--logtostderr \
+		-i k8s.io/metrics/pkg/apis/custom_metrics,k8s.io/metrics/pkg/apis/custom_metrics/v1beta1,k8s.io/metrics/pkg/apis/custom_metrics/v1beta2,k8s.io/metrics/pkg/apis/external_metrics,k8s.io/metrics/pkg/apis/external_metrics/v1beta1,k8s.io/metrics/pkg/apis/metrics,k8s.io/metrics/pkg/apis/metrics/v1beta1,k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/apimachinery/pkg/api/resource,k8s.io/apimachinery/pkg/version,k8s.io/api/core/v1 \
+		-p pkg/api/generated/openapi \
+		-o . \
+		-O zz_generated.openapi \
+		-r /dev/null
+
+build.local: build/$(BINARY) $(GENERATED_CRDS)
+build.linux: build/linux/$(BINARY)
+build.linux.amd64: build/linux/amd64/$(BINARY)
+build.linux.arm64: build/linux/arm64/$(BINARY)
+
+
+build/$(BINARY): go.mod $(SOURCES) $(GENERATED)
+	CGO_ENABLED=0 go build -o build/$(BINARY) $(BUILD_FLAGS) -ldflags "$(LDFLAGS)" .
+
+build/linux/$(BINARY): go.mod $(SOURCES) $(GENERATED)
+	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build $(BUILD_FLAGS) -o build/linux/$(BINARY) -ldflags "$(LDFLAGS)" .
+
+build/linux/amd64/$(BINARY): go.mod $(SOURCES)
+	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build $(BUILD_FLAGS) -o build/linux/amd64/$(BINARY) -ldflags "$(LDFLAGS)" .
+
+build/linux/arm64/$(BINARY): go.mod $(SOURCES)
+	GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build $(BUILD_FLAGS) -o build/linux/arm64/$(BINARY) -ldflags "$(LDFLAGS)" .
+
+build.docker: build.linux
+	docker build --rm -t "$(IMAGE):$(TAG)" -f $(DOCKERFILE) --build-arg TARGETARCH= .
+
+build.push: build.docker
+	docker push "$(IMAGE):$(TAG)"

SECURITY.md

@@ -0,0 +1,8 @@
+We acknowledge that every line of code that we write may potentially contain security issues.
+We are trying to deal with it responsibly and provide patches as quickly as possible.
+
+We host our bug bounty program on HackerOne, it is currently private, therefore if you would like to report a vulnerability and get rewarded for it, please ask to join our program by filling this form:
+
+https://corporate.zalando.com/en/services-and-contact#security-form
+
+You can also send you report via this form if you do not want to join our bug bounty program and just want to report a vulnerability or security issue.

delivery.yaml

@@ -0,0 +1,46 @@
+version: "2017-09-20"
+pipeline:
+- id: build
+  vm_config:
+    type: linux
+    image: "cdp-runtime/go"
+  cache:
+    paths:
+    - /go/pkg/mod       # pkg cache for Go modules
+    - ~/.cache/go-build # Go build cache
+  type: script
+  env:
+    GOFLAGS: "-mod=readonly"
+  commands:
+  - desc: test
+    cmd: |
+      make test
+  - desc: build
+    cmd: |
+      make build.docker
+  - desc: push
+    cmd: |
+      if [[ $CDP_TARGET_BRANCH == master && ! $CDP_PULL_REQUEST_NUMBER ]]; then
+        IMAGE=registry-write.opensource.zalan.do/teapot/kube-metrics-adapter
+        VERSION=$(git describe --tags --always)
+      else
+        IMAGE=registry-write.opensource.zalan.do/teapot/kube-metrics-adapter-test
+        VERSION=$CDP_BUILD_VERSION
+      fi
+      IMAGE=$IMAGE VERSION=$VERSION make build.docker
+      git diff --stat --exit-code
+      IMAGE=$IMAGE VERSION=$VERSION make build.push
+  - desc: Build and push image to Zalando's registry
+    cmd: |
+      if [[ $CDP_TARGET_BRANCH == master && ! $CDP_PULL_REQUEST_NUMBER ]]; then
+        IMAGE=container-registry-test.zalando.net/teapot/kube-metrics-adapter
+        VERSION=$(git describe --tags --always)
+      else
+        IMAGE=container-registry-test.zalando.net/teapot/kube-metrics-adapter-test
+        VERSION=$CDP_BUILD_VERSION
+      fi
+      make build.linux.amd64 build.linux.arm64
+
+      docker buildx create --config /etc/cdp-buildkitd.toml --driver-opt network=host --bootstrap --use
+      docker buildx build --rm --build-arg BASE_IMAGE=container-registry.zalando.net/library/alpine-3:latest -t "${IMAGE}:${VERSION}" --platform linux/amd64,linux/arm64 --push .
+      cdp-promote-image "${IMAGE}:${VERSION}"

docs/cluster_scaling_schedules_crd.yaml

@@ -0,0 +1,142 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
+  name: clusterscalingschedules.zalando.org
+spec:
+  group: zalando.org
+  names:
+    kind: ClusterScalingSchedule
+    listKind: ClusterScalingScheduleList
+    plural: clusterscalingschedules
+    singular: clusterscalingschedule
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - description: Whether one or more schedules are currently active.
+      jsonPath: .status.active
+      name: Active
+      type: boolean
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: ClusterScalingSchedule describes a cluster scoped time based
+          metric to be used in autoscaling operations.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ScalingScheduleSpec is the spec part of the ScalingSchedule.
+            properties:
+              scalingWindowDurationMinutes:
+                description: Fade the scheduled values in and out over this many minutes.
+                  If unset, the default per-cluster value will be used.
+                format: int64
+                type: integer
+              schedules:
+                description: Schedules is the list of schedules for this ScalingSchedule
+                  resource. All the schedules defined here will result on the value
+                  to the same metric. New metrics require a new ScalingSchedule resource.
+                items:
+                  description: Schedule is the schedule details to be used inside
+                    a ScalingSchedule.
+                  properties:
+                    date:
+                      description: Defines the starting date of a OneTime schedule.
+                        It has to be a RFC3339 formatted date.
+                      format: date-time
+                      type: string
+                    durationMinutes:
+                      description: The duration in minutes (default 0) that the configured
+                        value will be returned for the defined schedule.
+                      type: integer
+                    endDate:
+                      description: Defines the ending date of a OneTime schedule.
+                        It must be a RFC3339 formatted date.
+                      format: date-time
+                      type: string
+                    period:
+                      description: Defines the details of a Repeating schedule.
+                      properties:
+                        days:
+                          description: The days that this schedule will be active.
+                          items:
+                            description: ScheduleDay represents the valid inputs for
+                              days in a SchedulePeriod.
+                            enum:
+                            - Sun
+                            - Mon
+                            - Tue
+                            - Wed
+                            - Thu
+                            - Fri
+                            - Sat
+                            type: string
+                          type: array
+                        endTime:
+                          description: The endTime has the format HH:MM
+                          pattern: (([0-1][0-9])|([2][0-3])):([0-5][0-9])
+                          type: string
+                        startTime:
+                          description: The startTime has the format HH:MM
+                          pattern: (([0-1][0-9])|([2][0-3])):([0-5][0-9])
+                          type: string
+                        timezone:
+                          description: The location name corresponding to a file in
+                            the IANA Time Zone database, like Europe/Berlin.
+                          type: string
+                      required:
+                      - days
+                      - startTime
+                      - timezone
+                      type: object
+                    type:
+                      description: Defines if the schedule is a OneTime schedule or
+                        Repeating one. If OneTime, date has to be defined. If Repeating,
+                        Period has to be defined.
+                      enum:
+                      - OneTime
+                      - Repeating
+                      type: string
+                    value:
+                      description: The metric value that will be returned for the
+                        defined schedule.
+                      format: int64
+                      type: integer
+                  required:
+                  - type
+                  - value
+                  type: object
+                type: array
+            required:
+            - schedules
+            type: object
+          status:
+            description: ScalingScheduleStatus is the status section of the ScalingSchedule.
+            properties:
+              active:
+                default: false
+                description: Active is true if at least one of the schedules defined
+                  in the scaling schedule is currently active.
+                type: boolean
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

docs/custom-metrics-apiservice.yaml

@@ -0,0 +1,13 @@
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1beta1.custom.metrics.k8s.io
+spec:
+  service:
+    name: kube-metrics-adapter
+    namespace: kube-system
+  group: custom.metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100

docs/deployment.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-metrics-adapter
+  namespace: kube-system
+  labels:
+    application: kube-metrics-adapter
+    version: latest
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      application: kube-metrics-adapter
+  template:
+    metadata:
+      labels:
+        application: kube-metrics-adapter
+        version: latest
+      annotations:
+        iam.amazonaws.com/role: "kube-aws-test-1-app-zmon"
+    spec:
+      serviceAccountName: custom-metrics-apiserver
+      containers:
+      - name: kube-metrics-adapter
+        image: ghcr.io/zalando-incubator/kube-metrics-adapter:latest
+        args:
+        # - --v=9
+        - --prometheus-server=http://prometheus.kube-system.svc.cluster.local
+        - --skipper-ingress-metrics
+        - --aws-external-metrics
+        - --scaling-schedule
+        env:
+        - name: AWS_REGION
+          value: eu-central-1
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi

docs/external-metrics-apiservice.yaml

@@ -0,0 +1,13 @@
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1beta1.external.metrics.k8s.io
+spec:
+  service:
+    name: kube-metrics-adapter
+    namespace: kube-system
+  group: external.metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100

docs/helm/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: kube-metrics-adapter
+version: 0.2.0
+description: kube-metrics-adapter helm chart
+home: https://github.com/zalando-incubator/kube-metrics-adapter
+maintainers:
+  - name: The Zalando Incubator
+    email: opensource@zalando.de
+    url: https://github.com/zalando-incubator

docs/helm/templates/cluster_scaling_schedules_crd.yaml

@@ -0,0 +1,149 @@
+{{- if .Values.scalingSchedule.enabled }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  name: clusterscalingschedules.zalando.org
+spec:
+  group: zalando.org
+  names:
+    kind: ClusterScalingSchedule
+    listKind: ClusterScalingScheduleList
+    plural: clusterscalingschedules
+    singular: clusterscalingschedule
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - description: Whether one or more schedules are currently active.
+      jsonPath: .status.active
+      name: Active
+      type: boolean
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: ClusterScalingSchedule describes a cluster scoped time based
+          metric to be used in autoscaling operations.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ScalingScheduleSpec is the spec part of the ScalingSchedule.
+            properties:
+              scalingWindowDurationMinutes:
+                description: Fade the scheduled values in and out over this many minutes.
+                  If unset, the default per-cluster value will be used.
+                format: int64
+                type: integer
+              schedules:
+                description: Schedules is the list of schedules for this ScalingSchedule
+                  resource. All the schedules defined here will result on the value
+                  to the same metric. New metrics require a new ScalingSchedule resource.
+                items:
+                  description: Schedule is the schedule details to be used inside
+                    a ScalingSchedule.
+                  properties:
+                    date:
+                      description: Defines the starting date of a OneTime schedule.
+                        It has to be a RFC3339 formatted date.
+                      format: date-time
+                      type: string
+                    durationMinutes:
+                      description: The duration in minutes (default 0) that the configured
+                        value will be returned for the defined schedule.
+                      type: integer
+                    endDate:
+                      description: Defines the ending date of a OneTime schedule.
+                        It must be a RFC3339 formatted date.
+                      format: date-time
+                      type: string
+                    period:
+                      description: Defines the details of a Repeating schedule.
+                      properties:
+                        days:
+                          description: The days that this schedule will be active.
+                          items:
+                            description: ScheduleDay represents the valid inputs for
+                              days in a SchedulePeriod.
+                            enum:
+                            - Sun
+                            - Mon
+                            - Tue
+                            - Wed
+                            - Thu
+                            - Fri
+                            - Sat
+                            type: string
+                          type: array
+                        endTime:
+                          description: The endTime has the format HH:MM
+                          pattern: (([0-1][0-9])|([2][0-3])):([0-5][0-9])
+                          type: string
+                        startTime:
+                          description: The startTime has the format HH:MM
+                          pattern: (([0-1][0-9])|([2][0-3])):([0-5][0-9])
+                          type: string
+                        timezone:
+                          description: The location name corresponding to a file in
+                            the IANA Time Zone database, like Europe/Berlin.
+                          type: string
+                      required:
+                      - days
+                      - startTime
+                      - timezone
+                      type: object
+                    type:
+                      description: Defines if the schedule is a OneTime schedule or
+                        Repeating one. If OneTime, date has to be defined. If Repeating,
+                        Period has to be defined.
+                      enum:
+                      - OneTime
+                      - Repeating
+                      type: string
+                    value:
+                      description: The metric value that will be returned for the
+                        defined schedule.
+                      format: int64
+                      type: integer
+                  required:
+                  - type
+                  - value
+                  type: object
+                type: array
+            required:
+            - schedules
+            type: object
+          status:
+            description: ScalingScheduleStatus is the status section of the ScalingSchedule.
+            properties:
+              active:
+                default: false
+                description: Active is true if at least one of the schedules defined
+                  in the scaling schedule is currently active.
+                type: boolean
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end}}

docs/helm/templates/custom-metrics-apiservice.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.enableCustomMetricsApi }}
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1beta1.custom.metrics.k8s.io
+spec:
+  service:
+    name: kube-metrics-adapter
+    namespace: {{ .Values.namespace }}
+  group: custom.metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: {{ .Values.tls.skipTLSVerify }}
+  groupPriorityMinimum: 100
+  versionPriority: 100
+{{- end}}

docs/helm/templates/deployment.yaml

@@ -0,0 +1,212 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-metrics-adapter
+  namespace: {{ .Values.namespace }}
+  labels:
+    application: kube-metrics-adapter
+    version: {{ .Values.registry.imageTag }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      application: kube-metrics-adapter
+  template:
+    metadata:
+      labels:
+        application: kube-metrics-adapter
+        version: {{ .Values.registry.imageTag }}
+      {{- if .Values.podAnnotations }}
+      annotations: {{- toYaml .Values.podAnnotations | nindent 8 }}
+      {{- end }}
+    spec:
+      serviceAccountName: kube-metrics-adapter
+    {{- if .Values.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+    {{- end }}
+    {{- if .Values.tolerations }}
+      tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
+    {{- end }}
+    {{- if .Values.affinity }}
+      affinity: {{ toYaml .Values.affinity | nindent 8 }}
+    {{- end }}
+    {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+    {{- end }}
+      containers:
+        - name: kube-metrics-adapter
+          image: {{ .Values.registry.image}}:{{ .Values.registry.imageTag }}
+          args:
+            {{- if .Values.addDirectoryHeader }}
+            - --add_dir_header={{ .Values.addDirectoryHeader }}
+            {{- end}}
+            {{- if .Values.log.alsoToStderr }}
+            - --alsologtostderr={{ .Values.log.alsoToStderr }}
+            {{- end}}
+            {{- if .Values.authentication.kubeConfig }}
+            - --authentication-kubeconfig={{ .Values.authentication.kubeConfig }}
+            {{- end}}
+            {{- if .Values.authentication.skipLookup }}
+            - --authentication-skip-lookup={{ .Values.authentication.skipLookup }}
+            {{- end}}
+            {{- if .Values.authentication.tokenWebhookCacheTtl }}
+            - --authentication-token-webhook-cache-ttl={{ .Values.authentication.tokenWebhookCacheTtl }}
+            {{- end}}
+            {{- if .Values.authentication.tolerateLookupFailure }}
+            - --authentication-tolerate-lookup-failure={{ .Values.authentication.tolerateLookupFailure }}
+            {{- end}}
+            {{- if .Values.authorization.alwaysAllowPaths }}
+            - --authorization-always-allow-paths={{ .Values.authorization.alwaysAllowPaths }}
+            {{- end}}
+            {{- if .Values.authorization.kubeConfig }}
+            - --authorization-kubeconfig={{ .Values.authorization.kubeConfig }}
+            {{- end}}
+            {{- if .Values.authorization.webhookCache.authorizedTtl }}
+            - --authorization-webhook-cache-authorized-ttl={{ .Values.authorization.webhookCache.authorizedTtl }}
+            {{- end}}
+            {{- if .Values.authorization.webhookCache.unauthorizedTtl }}
+            - --authorization-webhook-cache-unauthorized-ttl={{ .Values.authorization.webhookCache.unauthorizedTtl }}
+            {{- end}}
+            {{- if .Values.aws.externalMetrics }}
+            - --aws-external-metrics={{ .Values.aws.externalMetrics }}
+            {{- end}}
+            {{- if .Values.aws.region }}
+            - --aws-region={{ .Values.aws.region }}
+            {{- end}}
+            {{- if .Values.tls.certificateDirectory }}
+            - --cert-dir={{ .Values.tls.certificateDirectory }}
+            {{- end}}
+            {{- if .Values.tls.clientCaFile }}
+            - --client-ca-file={{ .Values.tls.clientCaFile }}
+            {{- end}}
+            {{- if .Values.contentionProfiling }}
+            - --contention-profiling={{ .Values.contentionProfiling }}
+            {{- end}}
+            {{- if .Values.credentialsDirectory }}
+            - --credentials-dir={{ .Values.credentialsDirectory }}
+            {{- end}}
+            {{- if .Values.disregardIncompatibleHPAs }}
+            - --disregard-incompatible-hpas={{ .Values.disregardIncompatibleHPAs }}
+            {{- end}}
+            {{- if .Values.enableCustomMetricsApi }}
+            - --enable-custom-metrics-api={{ .Values.enableCustomMetricsApi }}
+            {{- end}}
+            {{- if .Values.enableExternalMetricsApi }}
+            - --enable-external-metrics-api={{ .Values.enableExternalMetricsApi }}
+            {{- end}}
+            {{- if .Values.http2MaxStreamsPerConnection }}
+            - --http2-max-streams-per-connection={{ .Values.http2MaxStreamsPerConnection }}
+            {{- end}}
+            {{- if .Values.influxDB.address }}
+            - --influxdb-address={{ .Values.influxDB.address }}
+            {{- end}}
+            {{- if .Values.influxDB.organization }}
+            - --influxdb-org={{ .Values.influxDB.organization }}
+            {{- end}}
+            {{- if .Values.influxDB.token }}
+            - --influxdb-token={{ .Values.influxDB.token }}
+            {{- end}}
+            {{- if .Values.listerKubeConfig }}
+            - --lister-kubeconfig={{ .Values.listerKubeConfig }}
+            {{- end}}
+            {{- if .Values.log.flushFrequency }}
+            - --log-flush-frequency={{ .Values.log.flushFrequency }}
+            {{- end}}
+            {{- if .Values.log.backtraceAtTraceLocation }}
+            - --log_backtrace_at={{ .Values.log.backtraceAtTraceLocation }}
+            {{- end}}
+            {{- if .Values.log.directory }}
+            - --log_dir={{ .Values.log.directory }}
+            {{- end}}
+            {{- if .Values.log.file }}
+            - --log_file={{ .Values.log.file }}
+            {{- end}}
+            {{- if .Values.log.fileMaxSize }}
+            - --log_file_max_size={{ .Values.log.fileMaxSize }}
+            {{- end}}
+            {{- if .Values.log.toStderr }}
+            - --logtostderr={{ .Values.log.toStderr }}
+            {{- end}}
+            {{- if .Values.prometheus.metricsAddress }}
+            - --metrics-address={{ .Values.prometheus.metricsAddress }}
+            {{- end}}
+            {{- if .Values.profiling }}
+            - --profiling={{ .Values.profiling }}
+            {{- end}}
+            {{- if .Values.prometheus.server }}
+            - --prometheus-server={{ .Values.prometheus.server }}
+            {{- end}}
+            {{- if .Values.requestHeader.allowedNames }}
+            - --requestheader-allowed-names={{ .Values.requestHeader.allowedNames }}
+            {{- end}}
+            {{- if .Values.requestHeader.clientCaFile }}
+            - --requestheader-client-ca-file={{ .Values.requestHeader.clientCaFile }}
+            {{- end}}
+            {{- if .Values.requestHeader.extraHeadersPrefix }}
+            - --requestheader-extra-headers-prefix={{ .Values.requestHeader.extraHeadersPrefix }}
+            {{- end}}
+            {{- if .Values.requestHeader.groupHeaders }}
+            - --requestheader-group-headers={{ .Values.requestHeader.groupHeaders }}
+            {{- end}}
+            {{- if .Values.requestHeader.usernameHeaders }}
+            - --requestheader-username-headers={{ .Values.requestHeader.usernameHeaders }}
+            {{- end}}
+            - --secure-port={{ .Values.service.internalPort }}
+            {{- if .Values.log.skipHeaders }}
+            - --skip_headers={{ .Values.log.skipHeaders }}
+            {{- end}}
+            {{- if .Values.log.skipLogHeaders }}
+            - --skip_log_headers={{ .Values.log.skipLogHeaders }}
+            {{- end}}
+            {{- if .Values.skipperBackendsAnnotation }}
+            - --skipper-backends-annotation={{ .Values.skipperBackendsAnnotation }}
+            {{- end}}
+            {{- if .Values.skipperIngressMetrics }}
+            - --skipper-ingress-metrics={{ .Values.skipperIngressMetrics }}
+            {{- end}}
+            {{- if .Values.skipperRouteGroupMetrics }}
+            - --skipper-routegroup-metrics={{ .Values.skipperRouteGroupMetrics }}
+            {{- end}}
+            {{- if .Values.log.stderrThreshold }}
+            - --stderrthreshold={{ .Values.log.stderrThreshold }}
+            {{- end}}
+            {{- if .Values.tls.certFile }}
+            - --tls-cert-file={{ .Values.tls.certFile }}
+            {{- end}}
+            {{- if .Values.tls.cipherSuites }}
+            - --tls-cipher-suites={{ .Values.tls.cipherSuites }}
+            {{- end}}
+            {{- if .Values.tls.minVersion }}
+            - --tls-min-version={{ .Values.tls.minVersion }}
+            {{- end}}
+            {{- if .Values.tls.privateKeyFile }}
+            - --tls-private-key-file={{ .Values.tls.privateKeyFile }}
+            {{- end}}
+            {{- if .Values.tls.sniCertKey }}
+            - --tls-sni-cert-key={{ .Values.tls.sniCertKey }}
+            {{- end}}
+            {{- if .Values.token }}
+            - --token={{ .Values.token }}
+            {{- end}}
+            {{- if .Values.log.level }}
+            - --v={{ .Values.log.level }}
+            {{- end}}
+            {{- if .Values.vmodule }}
+            - --vmodule={{ .Values.vmodule }}
+            {{- end}}
+            {{- if .Values.zmon.kariosdbEndpoint }}
+            - --zmon-kariosdb-endpoint={{ .Values.zmon.kariosdbEndpoint }}
+            {{- end}}
+            {{- if .Values.zmon.tokenName }}
+            - --zmon-token-name={{ .Values.zmon.tokenName }}
+            {{- end}}
+            {{- if .Values.scalingSchedule.enabled }}
+            - --scaling-schedule
+            {{- end}}
+          resources:
+            limits:
+              cpu: {{ .Values.resources.limits.cpu }}
+              memory: {{ .Values.resources.limits.memory }}
+            requests:
+              cpu: {{ .Values.resources.requests.cpu }}
+              memory: {{ .Values.resources.requests.memory }}

docs/helm/templates/external-metrics-apiservice.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.enableExternalMetricsApi }}
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1beta1.external.metrics.k8s.io
+spec:
+  service:
+    name: kube-metrics-adapter
+    namespace: {{ .Values.namespace }}
+  group: external.metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: {{ .Values.tls.skipTLSVerify }}
+  groupPriorityMinimum: 100
+  versionPriority: 100
+{{- end}}

docs/helm/templates/rbac.yaml

@@ -0,0 +1,182 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kube-metrics-adapter-server-resources
+rules:
+- apiGroups:
+  - custom.metrics.k8s.io
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-metrics-server-resources
+rules:
+- apiGroups:
+  - external.metrics.k8s.io
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kube-metrics-adapter-resource-reader
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - pods
+  - services
+  - configmaps
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kube-metrics-adapter-resource-collector
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - get
+{{- if .Values.skipperRouteGroupMetrics }}
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - get
+{{- end }}
+{{- if .Values.skipperRouteGroupMetrics }}
+- apiGroups:
+  - zalando.org
+  resources:
+  - routegroups
+  verbs:
+  - get
+{{- end }}
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+  - list
+  - watch
+{{- if .Values.scalingSchedule.enabled }}
+- apiGroups:
+  - zalando.org
+  resources:
+  - clusterscalingschedules
+  - scalingschedules
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - zalando.org
+  resources:
+  - clusterscalingschedules/status
+  - scalingschedules/status
+  verbs:
+  - update
+{{- end}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: hpa-controller-custom-metrics
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-metrics-adapter-server-resources
+subjects:
+- kind: ServiceAccount
+  name: horizontal-pod-autoscaler
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: hpa-controller-external-metrics
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-metrics-server-resources
+subjects:
+- kind: ServiceAccount
+  name: horizontal-pod-autoscaler
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kube-metrics-adapter-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: kube-metrics-adapter
+  namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: custom-metrics:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: kube-metrics-adapter
+  namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-metrics-adapter-resource-collector
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-metrics-adapter-resource-collector
+subjects:
+- kind: ServiceAccount
+  name: kube-metrics-adapter
+  namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-metrics-adapter-resource-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-metrics-adapter-resource-reader
+subjects:
+- kind: ServiceAccount
+  name: kube-metrics-adapter
+  namespace: {{ .Values.namespace }}