kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/upup/models/cloudup/resources/addons/spotinst-kubernetes-cluster.../v1.14.0.yaml.template

299 lines
10 KiB
Plaintext
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: spotinst-kubernetes-cluster-controller-config
namespace: kube-system
data:
spotinst.cluster-identifier: {{ ClusterName }}
---
apiVersion: v1
kind: Secret
metadata:
name: spotinst-kubernetes-cluster-controller
namespace: kube-system
type: Opaque
data:
token: {{ SpotinstTokenBase64 }}
account: {{ SpotinstAccountBase64 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: spotinst-kubernetes-cluster-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: spotinst-kubernetes-cluster-controller
rules:
# ----------------------------------------------------------------------------
# feature: ocean/readonly
# ----------------------------------------------------------------------------
- apiGroups: [""]
resources: ["pods", "nodes", "services", "namespaces", "replicationcontrollers", "limitranges", "events", "persistentvolumes", "persistentvolumeclaims"]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list"]
- apiGroups: ["extensions"]
resources: ["replicasets", "daemonsets"]
verbs: ["get", "list"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["get", "list"]
- apiGroups: ["metrics.k8s.io"]
resources: ["pods"]
verbs: ["get", "list"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["get", "list"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- nonResourceURLs: ["/version/", "/version"]
verbs: ["get"]
# ----------------------------------------------------------------------------
# feature: ocean/draining
# ----------------------------------------------------------------------------
- apiGroups: [""]
resources: ["nodes"]
verbs: ["patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["delete"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
# ----------------------------------------------------------------------------
# feature: ocean/cleanup
# ----------------------------------------------------------------------------
- apiGroups: [""]
resources: ["nodes"]
verbs: ["delete"]
# ----------------------------------------------------------------------------
# feature: ocean/csr-approval
# ----------------------------------------------------------------------------
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests/approval"]
verbs: ["patch", "update"]
- apiGroups: ["certificates.k8s.io"]
resources: ["signers"]
resourceNames: ["kubernetes.io/kubelet-serving", "kubernetes.io/kube-apiserver-client-kubelet"]
verbs: ["approve"]
# ----------------------------------------------------------------------------
# feature: ocean/auto-update
# ----------------------------------------------------------------------------
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles"]
resourceNames: ["spotinst-kubernetes-cluster-controller"]
verbs: ["patch", "update", "escalate"]
- apiGroups: ["apps"]
resources: ["deployments"]
resourceNames: ["spotinst-kubernetes-cluster-controller"]
verbs: ["patch", "update"]
# ----------------------------------------------------------------------------
# feature: ocean/apply
# ----------------------------------------------------------------------------
- apiGroups: ["apps"]
resources: ["deployments", "daemonsets"]
verbs: ["get", "list", "patch", "update", "create", "delete"]
- apiGroups: ["extensions"]
resources: ["daemonsets"]
verbs: ["get", "list", "patch", "update", "create", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "patch", "update", "create", "delete"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "patch", "update", "create", "delete"]
# ----------------------------------------------------------------------------
# feature: wave
# ----------------------------------------------------------------------------
- apiGroups: ["sparkoperator.k8s.io"]
resources: ["sparkapplications", "scheduledsparkapplications"]
verbs: ["get", "list", "patch", "update", "create", "delete"]
- apiGroups: ["wave.spot.io"]
resources: ["sparkapplications", "wavecomponents", "waveenvironments"]
verbs: ["get", "list"]
- apiGroups: ["bigdata.spot.io"]
resources: ["bigdataenvironments"]
verbs: ["get", "list", "patch", "update", "create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: spotinst-kubernetes-cluster-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: spotinst-kubernetes-cluster-controller
subjects:
- kind: ServiceAccount
name: spotinst-kubernetes-cluster-controller
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-addon: spotinst-kubernetes-cluster-controller.addons.k8s.io
name: spotinst-kubernetes-cluster-controller
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-addon: spotinst-kubernetes-cluster-controller.addons.k8s.io
template:
metadata:
labels:
k8s-addon: spotinst-kubernetes-cluster-controller.addons.k8s.io
spec:
priorityClassName: system-cluster-critical
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: NotIn
values:
- windows
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 50
podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-addon
operator: In
values:
- spotinst-kubernetes-cluster-controller.addons.k8s.io
topologyKey: kubernetes.io/hostname
containers:
- name: spotinst-kubernetes-cluster-controller
imagePullPolicy: Always
image: gcr.io/spotinst-artifacts/kubernetes-cluster-controller:1.0.94
livenessProbe:
httpGet:
path: /healthcheck
port: 4401
initialDelaySeconds: 300
periodSeconds: 20
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthcheck
port: 4401
initialDelaySeconds: 20
periodSeconds: 20
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
env:
- name: SPOTINST_TOKEN
valueFrom:
secretKeyRef:
name: spotinst-kubernetes-cluster-controller
key: token
optional: true
- name: SPOTINST_ACCOUNT
valueFrom:
secretKeyRef:
name: spotinst-kubernetes-cluster-controller
key: account
optional: true
- name: SPOTINST_TOKEN_LEGACY
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: spotinst.token
optional: true
- name: SPOTINST_ACCOUNT_LEGACY
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: spotinst.account
optional: true
- name: CLUSTER_IDENTIFIER
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: spotinst.cluster-identifier
- name: DISABLE_AUTO_UPDATE
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: disable-auto-update
optional: true
- name: ENABLE_CSR_APPROVAL
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: enable-csr-approval
optional: true
- name: PROXY_URL
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: proxy-url
optional: true
- name: BASE_SPOTINST_URL
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: base-url
optional: true
- name: USER_ENV_CERTIFICATES
valueFrom:
secretKeyRef:
name: spotinst-kubernetes-cluster-controller-ca-bundle
key: userEnvCertificates.pem
optional: true
- name: POD_ID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
serviceAccountName: spotinst-kubernetes-cluster-controller
dnsPolicy: Default
tolerations:
- key: node.kubernetes.io/not-ready
effect: NoExecute
operator: Exists
tolerationSeconds: 150
- key: node.kubernetes.io/unreachable
effect: NoExecute
operator: Exists
tolerationSeconds: 150
- key: node-role.kubernetes.io/master
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
Reference in New Issue View Git Blame Copy Permalink