kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/upup/models/cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template

195 lines
4.0 KiB
Plaintext
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: kops-controller
namespace: kube-system
labels:
k8s-addon: kops-controller.addons.k8s.io
data:
config.yaml: |
{{ KopsControllerConfig }}
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kops-controller
namespace: kube-system
labels:
k8s-addon: kops-controller.addons.k8s.io
k8s-app: kops-controller
version: v1.19.0-alpha.3
spec:
selector:
matchLabels:
k8s-app: kops-controller
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
k8s-addon: kops-controller.addons.k8s.io
k8s-app: kops-controller
version: v1.19.0-alpha.3
spec:
priorityClassName: system-node-critical
tolerations:
- key: "node-role.kubernetes.io/master"
operator: Exists
nodeSelector:
node-role.kubernetes.io/master: ""
dnsPolicy: Default # Don't use cluster DNS (we are likely running before kube-dns)
hostNetwork: true
serviceAccount: kops-controller
containers:
- name: kops-controller
image: k8s.gcr.io/kops/kops-controller:1.19.0-alpha.3
volumeMounts:
{{ if .UseHostCertificates }}
- mountPath: /etc/ssl/certs
name: etc-ssl-certs
readOnly: true
{{ end }}
- mountPath: /etc/kubernetes/kops-controller/config/
name: kops-controller-config
- mountPath: /etc/kubernetes/kops-controller/pki/
name: kops-controller-pki
command:
{{ range $arg := KopsControllerArgv }}
- "{{ $arg }}"
{{ end }}
{{- if KopsSystemEnv }}
env:
{{ range $var := KopsSystemEnv }}
- name: {{ $var.Name }}
value: {{ $var.Value }}
{{ end }}
{{- end }}
resources:
requests:
cpu: 50m
memory: 50Mi
securityContext:
runAsNonRoot: true
volumes:
{{ if .UseHostCertificates }}
- hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: etc-ssl-certs
{{ end }}
- name: kops-controller-config
configMap:
name: kops-controller
- name: kops-controller-pki
hostPath:
path: /etc/kubernetes/kops-controller/
type: Directory
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kops-controller
namespace: kube-system
labels:
k8s-addon: kops-controller.addons.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-addon: kops-controller.addons.k8s.io
name: kops-controller
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-addon: kops-controller.addons.k8s.io
name: kops-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kops-controller
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kube-system:kops-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
k8s-addon: kops-controller.addons.k8s.io
name: kops-controller
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- kops-controller-leader
verbs:
- get
- list
- watch
- patch
- update
- delete
# Workaround for https://github.com/kubernetes/kubernetes/issues/80295
# We can't restrict creation of objects by name
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-addon: kops-controller.addons.k8s.io
name: kops-controller
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kops-controller
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kube-system:kops-controller
Reference in New Issue View Git Blame Copy Permalink