kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/upup/models/cloudup/resources/addons/spotinst-kubernetes-cluster.../v1.14.0.yaml.template

257 lines
9.0 KiB
Plaintext
Raw Blame History

# ------------------------------------------------------------------------------
# Config Map
# ------------------------------------------------------------------------------
apiVersion: v1
kind: ConfigMap
metadata:
name: spotinst-kubernetes-cluster-controller-config
namespace: kube-system
data:
spotinst.token: {{ SpotinstToken }}
spotinst.account: {{ SpotinstAccount }}
spotinst.cluster-identifier: {{ ClusterName }}
---
# ------------------------------------------------------------------------------
# Service Account
# ------------------------------------------------------------------------------
apiVersion: v1
kind: ServiceAccount
metadata:
name: spotinst-kubernetes-cluster-controller
namespace: kube-system
---
# ------------------------------------------------------------------------------
# Cluster Role
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: spotinst-kubernetes-cluster-controller
rules:
# ----------------------------------------------------------------------------
# Required for functional operation (read-only).
# ----------------------------------------------------------------------------
- apiGroups: [""]
resources: ["pods", "nodes", "services", "namespaces", "replicationcontrollers", "limitranges", "events", "persistentvolumes", "persistentvolumeclaims"]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
verbs: ["get","list"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list"]
- apiGroups: ["extensions"]
resources: ["replicasets", "daemonsets"]
verbs: ["get","list"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["get", "list"]
- apiGroups: ["metrics.k8s.io"]
resources: ["pods"]
verbs: ["get", "list"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["get", "list"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- nonResourceURLs: ["/version/", "/version"]
verbs: ["get"]
# ----------------------------------------------------------------------------
# Required by the draining feature and for functional operation.
# ----------------------------------------------------------------------------
- apiGroups: [""]
resources: ["nodes"]
verbs: ["patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["delete"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
# ----------------------------------------------------------------------------
# Required by the Spotinst Cleanup feature.
# ----------------------------------------------------------------------------
- apiGroups: [""]
resources: ["nodes"]
verbs: ["delete"]
# ----------------------------------------------------------------------------
# Required by the Spotinst CSR Approval feature.
# ----------------------------------------------------------------------------
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["get", "list"]
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests/approval"]
verbs: ["patch", "update"]
# ----------------------------------------------------------------------------
# Required by the Spotinst Auto Update feature.
# ----------------------------------------------------------------------------
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles"]
resourceNames: ["spotinst-kubernetes-cluster-controller"]
verbs: ["patch", "update", "escalate"]
- apiGroups: ["apps"]
resources: ["deployments"]
resourceNames: ["spotinst-kubernetes-cluster-controller"]
verbs: ["patch","update"]
# ----------------------------------------------------------------------------
# Required by the Spotinst Apply feature.
# ----------------------------------------------------------------------------
- apiGroups: ["apps"]
resources: ["deployments", "daemonsets"]
verbs: ["get", "list", "patch","update","create","delete"]
- apiGroups: ["extensions"]
resources: ["daemonsets"]
verbs: ["get", "list", "patch","update","create","delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "patch", "update", "create", "delete"]
---
# ------------------------------------------------------------------------------
# Cluster Role Binding
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: spotinst-kubernetes-cluster-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: spotinst-kubernetes-cluster-controller
subjects:
- kind: ServiceAccount
name: spotinst-kubernetes-cluster-controller
namespace: kube-system
---
# ------------------------------------------------------------------------------
# Deployment
# ------------------------------------------------------------------------------
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-addon: spotinst-kubernetes-cluster-controller.addons.k8s.io
name: spotinst-kubernetes-cluster-controller
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-addon: spotinst-kubernetes-cluster-controller.addons.k8s.io
template:
metadata:
labels:
k8s-addon: spotinst-kubernetes-cluster-controller.addons.k8s.io
spec:
priorityClassName: system-cluster-critical
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 50
podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-addon
operator: In
values:
- spotinst-kubernetes-cluster-controller.addons.k8s.io
topologyKey: kubernetes.io/hostname
containers:
- name: spotinst-kubernetes-cluster-controller
imagePullPolicy: Always
image: spotinst/kubernetes-cluster-controller:1.0.64
livenessProbe:
httpGet:
path: /healthcheck
port: 4401
initialDelaySeconds: 300
periodSeconds: 20
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthcheck
port: 4401
initialDelaySeconds: 20
periodSeconds: 20
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
env:
- name: SPOTINST_TOKEN
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: spotinst.token
- name: SPOTINST_ACCOUNT
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: spotinst.account
- name: CLUSTER_IDENTIFIER
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: spotinst.cluster-identifier
- name: DISABLE_AUTO_UPDATE
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: disable-auto-update
optional: true
- name: ENABLE_CSR_APPROVAL
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: enable-csr-approval
optional: true
- name: PROXY_URL
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: proxy-url
optional: true
- name: BASE_SPOTINST_URL
valueFrom:
configMapKeyRef:
name: spotinst-kubernetes-cluster-controller-config
key: base-url
optional: true
- name: POD_ID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
serviceAccountName: spotinst-kubernetes-cluster-controller
tolerations:
- key: node.kubernetes.io/not-ready
effect: NoExecute
operator: Exists
tolerationSeconds: 150
- key: node.kubernetes.io/unreachable
effect: NoExecute
operator: Exists
tolerationSeconds: 150
- key: node-role.kubernetes.io/master
operator: Exists
Reference in New Issue View Git Blame Copy Permalink