Created
August 22, 2024 16:42
-
-
Save mcbenjemaa/5f8a0e2f268196978e648d5abe4fc372 to your computer and use it in GitHub Desktop.
Revisions
-
mcbenjemaa created this gist
Aug 22, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,360 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cloud-controller-manager namespace: kube-system labels: component: cloud-controller-manager addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io spec: selector: matchLabels: component: cloud-controller-manager updateStrategy: type: RollingUpdate template: metadata: labels: tier: control-plane component: cloud-controller-manager spec: nodeSelector: null affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: Exists - matchExpressions: - key: node-role.kubernetes.io/master operator: Exists tolerations: - key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule - key: node.kubernetes.io/not-ready effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule - key: node-role.kubernetes.io/control-plane effect: NoSchedule serviceAccountName: cloud-controller-manager containers: - name: cloud-controller-manager image: k8scloudprovidergcp/cloud-controller-manager:latest imagePullPolicy: IfNotPresent # ko puts it somewhere else... command: ['/usr/local/bin/cloud-controller-manager'] command: ['/usr/local/bin/cloud-controller-manager'] args: - --cloud-provider=gce # Add your own cloud provider here! - --leader-elect=true - --use-service-account-credentials # these flags will vary for every cloud provider - --allocate-node-cidrs=true - --configure-cloud-routes=true - --cluster-cidr=192.168.0.0/16 livenessProbe: failureThreshold: 3 httpGet: host: 127.0.0.1 path: /healthz port: 10258 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 15 resources: requests: cpu: "200m" volumeMounts: - mountPath: /etc/kubernetes/cloud.config name: cloudconfig readOnly: true hostNetwork: true priorityClassName: system-cluster-critical volumes: - hostPath: path: /etc/kubernetes/cloud.config type: "" name: cloudconfig --- apiVersion: v1 kind: ServiceAccount metadata: name: cloud-controller-manager namespace: kube-system labels: addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cloud-controller-manager:apiserver-authentication-reader namespace: kube-system labels: addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - apiGroup: "" kind: ServiceAccount name: cloud-controller-manager namespace: kube-system --- # https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/cloud-node-controller-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:cloud-controller-manager labels: addonmanager.kubernetes.io/mode: Reconcile addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io rules: - apiGroups: - "" - events.k8s.io resources: - events verbs: - create - patch - update - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - get - list - watch - update - apiGroups: - coordination.k8s.io resourceNames: - cloud-controller-manager resources: - leases verbs: - get - update - apiGroups: - "" resources: - endpoints - serviceaccounts verbs: - create - get - update - apiGroups: - "" resources: - nodes verbs: - get - update - patch # until #393 lands - apiGroups: - "" resources: - namespaces verbs: - get - apiGroups: - "" resources: - nodes/status verbs: - patch - update - apiGroups: - "" resources: - secrets verbs: - create - delete - get - update - apiGroups: - "authentication.k8s.io" resources: - tokenreviews verbs: - create - apiGroups: - "*" resources: - "*" verbs: - list - watch - apiGroups: - "" resources: - serviceaccounts/token verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: system::leader-locking-cloud-controller-manager namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io rules: - apiGroups: - "" resources: - configmaps verbs: - watch - apiGroups: - "" resources: - configmaps resourceNames: - cloud-controller-manager verbs: - get - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:controller:cloud-node-controller labels: addonmanager.kubernetes.io/mode: Reconcile addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io rules: - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - nodes verbs: - get - list - update - delete - patch - apiGroups: - "" resources: - nodes/status verbs: - get - list - update - delete - patch - apiGroups: - "" resources: - pods verbs: - list - delete - apiGroups: - "" resources: - pods/status verbs: - list - delete --- # https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/cloud-node-controller-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: system::leader-locking-cloud-controller-manager namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: system::leader-locking-cloud-controller-manager subjects: - kind: ServiceAccount name: cloud-controller-manager namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:cloud-controller-manager labels: addonmanager.kubernetes.io/mode: Reconcile addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:cloud-controller-manager subjects: - kind: ServiceAccount apiGroup: "" name: cloud-controller-manager namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:controller:cloud-node-controller labels: addonmanager.kubernetes.io/mode: Reconcile addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:controller:cloud-node-controller subjects: - kind: ServiceAccount name: cloud-node-controller namespace: kube-system --- # https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/pvl-controller-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:controller:pvl-controller labels: addonmanager.kubernetes.io/mode: Reconcile addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io rules: - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - persistentvolumeclaims - persistentvolumes verbs: - list - watch