mirror of https://github.com/kubernetes/kops.git
189 lines
3.4 KiB
Plaintext
189 lines
3.4 KiB
Plaintext
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: aws-cloud-controller-manager
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: aws-cloud-controller-manager
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: aws-cloud-controller-manager
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: aws-cloud-controller-manager
|
|
spec:
|
|
nodeSelector:
|
|
node-role.kubernetes.io/master: ""
|
|
tolerations:
|
|
- key: node.cloudprovider.kubernetes.io/uninitialized
|
|
value: "true"
|
|
effect: NoSchedule
|
|
- key: node.kubernetes.io/not-ready
|
|
effect: NoSchedule
|
|
- key: node-role.kubernetes.io/master
|
|
effect: NoSchedule
|
|
serviceAccountName: aws-cloud-controller-manager
|
|
containers:
|
|
- name: aws-cloud-controller-manager
|
|
image: {{ .ExternalCloudControllerManager.Image }}
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
{{- range $arg := CloudControllerConfigArgv }}
|
|
- {{ $arg }}
|
|
{{- end }}
|
|
env:
|
|
- name: KUBERNETES_SERVICE_HOST
|
|
value: "127.0.0.1"
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
volumeMounts:
|
|
- mountPath: /etc/kubernetes/cloud.config
|
|
name: cloudconfig
|
|
readOnly: true
|
|
hostNetwork: true
|
|
priorityClassName: system-cluster-critical
|
|
volumes:
|
|
- hostPath:
|
|
path: /etc/kubernetes/cloud.config
|
|
type: ""
|
|
name: cloudconfig
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: aws-cloud-controller-manager
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: cloud-controller-manager:apiserver-authentication-reader
|
|
namespace: kube-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: extension-apiserver-authentication-reader
|
|
subjects:
|
|
- apiGroup: ""
|
|
kind: ServiceAccount
|
|
name: aws-cloud-controller-manager
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: system:cloud-controller-manager
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes/status
|
|
verbs:
|
|
- patch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
verbs:
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services/status
|
|
verbs:
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
verbs:
|
|
- create
|
|
- get
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- endpoints
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts/token
|
|
resourceNames:
|
|
- node-controller
|
|
- service-controller
|
|
- route-controller
|
|
verbs:
|
|
- create
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: system:cloud-controller-manager
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: system:cloud-controller-manager
|
|
subjects:
|
|
- apiGroup: ""
|
|
kind: ServiceAccount
|
|
name: aws-cloud-controller-manager
|
|
namespace: kube-system
|
|
|