apiVersion: extensions/v1beta1 kind: Deployment metadata: namespace: kube-system name: kops-server spec: replicas: 1 template: metadata: labels: app: kops spec: containers: - name: kops-server image: docker.io/wangguohao/kops-server:latest command: ["/kops-server"] args: ["--etcd-servers", "http://etcd-service:2379"] ports: - containerPort: 80 serviceAccount: kops-server --- apiVersion: extensions/v1beta1 kind: Deployment metadata: namespace: kube-system name: kops-etcd spec: replicas: 1 template: metadata: labels: app: kops-etcd spec: containers: - name: etcd command: ["etcd"] args: ["--name", "default", "--listen-client-urls", "http://0.0.0.0:2379", "--advertise-client-urls", "http://0.0.0.0:2379", "--listen-peer-urls", "http://0.0.0.0:2380", "--initial-advertise-peer-urls", "http://0.0.0.0:2380", "--initial-cluster", "default=http://0.0.0.0:2380"] image: quay.io/coreos/etcd:latest --- kind: Service apiVersion: v1 metadata: namespace: kube-system name: etcd-service spec: selector: app: kops-etcd ports: - protocol: TCP port: 2379 --- apiVersion: v1 kind: ServiceAccount metadata: namespace: kube-system name: kops-server --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kops-server namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kops:kops-server subjects: - kind: ServiceAccount name: kops-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kops:kops-server namespace: kube-system rules: - apiGroups: - "" resourceNames: - extension-apiserver-authentication resources: - configmaps verbs: - get - apiGroups: - "" resources: - configmaps - namespaces verbs: - get - list - watch - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - create - get - list - watch - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - get - list - watch