kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/upup/models/cloudup/resources/addons/openstack.addons.k8s.io/k8s-1.13.yaml.template

224 lines
4.3 KiB
Plaintext
Raw Blame History

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
namespace: kube-system
labels:
k8s-app: openstack-cloud-provider
k8s-addon: openstack.addons.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:cloud-node-controller
labels:
k8s-app: openstack-cloud-provider
k8s-addon: openstack.addons.k8s.io
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:cloud-node-controller
subjects:
- kind: ServiceAccount
name: cloud-node-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:cloud-controller-manager
labels:
k8s-app: openstack-cloud-provider
k8s-addon: openstack.addons.k8s.io
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:cloud-controller-manager
labels:
k8s-app: openstack-cloud-provider
k8s-addon: openstack.addons.k8s.io
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- '*'
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- '*'
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:cloud-node-controller
labels:
k8s-app: openstack-cloud-provider
k8s-addon: openstack.addons.k8s.io
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- '*'
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: openstack-cloud-provider
labels:
k8s-app: openstack-cloud-provider
k8s-addon: openstack.addons.k8s.io
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
name: openstack-cloud-provider
template:
metadata:
labels:
name: openstack-cloud-provider
spec:
# run on the host network (don't depend on CNI)
hostNetwork: true
# run on each master node
nodeSelector:
node-role.kubernetes.io/master: ""
priorityClassName: system-node-critical
securityContext:
runAsUser: 1001
serviceAccountName: cloud-controller-manager
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
containers:
- name: openstack-cloud-controller-manager
image: "{{- if .ExternalCloudControllerManager.Image -}} {{ .ExternalCloudControllerManager.Image }} {{- else -}} docker.io/k8scloudprovider/openstack-cloud-controller-manager:{{OpenStackCCMTag}} {{- end -}}"
args:
- /bin/openstack-cloud-controller-manager
{{- range $arg := CloudControllerConfigArgv }}
- {{ $arg }}
{{- end }}
- --cloud-config=/etc/kubernetes/cloud.config
- --address=127.0.0.1
resources:
requests:
cpu: 200m
volumeMounts:
- mountPath: /etc/kubernetes/cloud.config
name: cloudconfig
readOnly: true
{{ if .UseHostCertificates }}
- mountPath: /etc/ssl/certs
name: etc-ssl-certs
readOnly: true
{{ end }}
volumes:
- hostPath:
path: /etc/kubernetes/cloud.config
name: cloudconfig
{{ if .UseHostCertificates }}
- hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: etc-ssl-certs
{{ end }}
Reference in New Issue View Git Blame Copy Permalink