--- apiVersion: v1 kind: ServiceAccount metadata: name: cloud-controller-manager namespace: kube-system labels: k8s-app: openstack-cloud-provider k8s-addon: openstack.addons.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:cloud-node-controller labels: k8s-app: openstack-cloud-provider k8s-addon: openstack.addons.k8s.io roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:cloud-node-controller subjects: - kind: ServiceAccount name: cloud-node-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:cloud-controller-manager labels: k8s-app: openstack-cloud-provider k8s-addon: openstack.addons.k8s.io roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:cloud-controller-manager subjects: - kind: ServiceAccount name: cloud-controller-manager namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:cloud-controller-manager labels: k8s-app: openstack-cloud-provider k8s-addon: openstack.addons.k8s.io rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - create - update - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - nodes verbs: - '*' - apiGroups: - "" resources: - nodes/status verbs: - patch - apiGroups: - "" resources: - services verbs: - list - patch - update - watch - apiGroups: - "" resources: - services/status verbs: - patch - apiGroups: - "" resources: - serviceaccounts verbs: - create - get - apiGroups: - "" resources: - serviceaccounts/token verbs: - create - apiGroups: - "" resources: - persistentvolumes verbs: - '*' - apiGroups: - "" resources: - endpoints verbs: - create - get - list - watch - update - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - apiGroups: - "" resources: - secrets verbs: - list - get - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:cloud-node-controller labels: k8s-app: openstack-cloud-provider k8s-addon: openstack.addons.k8s.io rules: - apiGroups: - "" resources: - nodes verbs: - '*' - apiGroups: - "" resources: - nodes/status verbs: - patch - apiGroups: - "" resources: - events verbs: - create - patch - update --- apiVersion: apps/v1 kind: DaemonSet metadata: namespace: kube-system name: openstack-cloud-provider labels: k8s-app: openstack-cloud-provider k8s-addon: openstack.addons.k8s.io spec: updateStrategy: type: RollingUpdate selector: matchLabels: name: openstack-cloud-provider template: metadata: labels: name: openstack-cloud-provider spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: Exists - matchExpressions: - key: node-role.kubernetes.io/master operator: Exists # run on the host network (don't depend on CNI) hostNetwork: true # run on each master node priorityClassName: system-node-critical nodeSelector: null securityContext: runAsUser: 1001 serviceAccountName: cloud-controller-manager tolerations: - effect: NoSchedule operator: Exists - key: CriticalAddonsOnly operator: Exists containers: - name: openstack-cloud-controller-manager image: "{{- if .ExternalCloudControllerManager.Image -}} {{ .ExternalCloudControllerManager.Image }} {{- else -}} docker.io/k8scloudprovider/openstack-cloud-controller-manager:{{OpenStackCCMTag}} {{- end -}}" args: - /bin/openstack-cloud-controller-manager {{- range $arg := CloudControllerConfigArgv }} - {{ $arg }} {{- end }} resources: requests: cpu: {{ or .ExternalCloudControllerManager.CPURequest "200m" }} volumeMounts: - mountPath: /etc/kubernetes/cloud.config name: cloudconfig readOnly: true {{ if .UseHostCertificates }} - mountPath: /etc/ssl/certs name: etc-ssl-certs readOnly: true {{ end }} volumes: - hostPath: path: /etc/kubernetes/cloud.config name: cloudconfig {{ if .UseHostCertificates }} - hostPath: path: /etc/ssl/certs type: DirectoryOrCreate name: etc-ssl-certs {{ end }}