mirror of
https://github.com/outbackdingo/proxmox-cloud-controller-manager.git
synced 2026-01-27 10:20:13 +00:00
a76b7c28da
Some K8s distributions might label control-plane nodes with ``` node-role.kubernetes.io/control-plane: "true" ``` rather than ``` node-role.kubernetes.io/control-plane: "" ``` which makes the default `nodeSelector` fail. Replacing it with a `affinity.nodeAffinity` nodeSelector fixes it.
202 lines
5.6 KiB
YAML
202 lines
5.6 KiB
YAML
---
|
|
# Source: proxmox-cloud-controller-manager/templates/serviceaccount.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: proxmox-cloud-controller-manager
|
|
labels:
|
|
helm.sh/chart: proxmox-cloud-controller-manager-0.1.7
|
|
app.kubernetes.io/name: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/instance: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/version: "v0.2.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
namespace: kube-system
|
|
---
|
|
# Source: proxmox-cloud-controller-manager/templates/role.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: system:proxmox-cloud-controller-manager
|
|
labels:
|
|
helm.sh/chart: proxmox-cloud-controller-manager-0.1.7
|
|
app.kubernetes.io/name: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/instance: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/version: "v0.2.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
rules:
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- create
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes/status
|
|
verbs:
|
|
- patch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
verbs:
|
|
- create
|
|
- get
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts/token
|
|
verbs:
|
|
- create
|
|
---
|
|
# Source: proxmox-cloud-controller-manager/templates/rolebinding.yaml
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: system:proxmox-cloud-controller-manager
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: system:proxmox-cloud-controller-manager
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: proxmox-cloud-controller-manager
|
|
namespace: kube-system
|
|
---
|
|
# Source: proxmox-cloud-controller-manager/templates/rolebinding.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: system:proxmox-cloud-controller-manager:extension-apiserver-authentication-reader
|
|
namespace: kube-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: extension-apiserver-authentication-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: proxmox-cloud-controller-manager
|
|
namespace: kube-system
|
|
---
|
|
# Source: proxmox-cloud-controller-manager/templates/deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: proxmox-cloud-controller-manager
|
|
labels:
|
|
helm.sh/chart: proxmox-cloud-controller-manager-0.1.7
|
|
app.kubernetes.io/name: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/instance: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/version: "v0.2.0"
|
|
app.kubernetes.io/managed-by: Helm
|
|
namespace: kube-system
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/instance: proxmox-cloud-controller-manager
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/config: c69436cb1e16c36ff708b1003d3ca4c6ee6484d2524e2ba7d9b68f473acaa1ca
|
|
labels:
|
|
app.kubernetes.io/name: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/instance: proxmox-cloud-controller-manager
|
|
spec:
|
|
enableServiceLinks: false
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: proxmox-cloud-controller-manager
|
|
securityContext:
|
|
fsGroup: 10258
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
runAsGroup: 10258
|
|
runAsNonRoot: true
|
|
runAsUser: 10258
|
|
containers:
|
|
- name: proxmox-cloud-controller-manager
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
image: "ghcr.io/sergelogvinov/proxmox-cloud-controller-manager:v0.2.0"
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- --v=4
|
|
- --cloud-provider=proxmox
|
|
- --cloud-config=/etc/proxmox/config.yaml
|
|
- --controllers=cloud-node-lifecycle
|
|
- --leader-elect-resource-name=cloud-controller-manager-proxmox
|
|
- --use-service-account-credentials
|
|
- --secure-port=10258
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 10258
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 30
|
|
timeoutSeconds: 5
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
volumeMounts:
|
|
- name: cloud-config
|
|
mountPath: /etc/proxmox
|
|
readOnly: true
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
- effect: NoSchedule
|
|
key: node.cloudprovider.kubernetes.io/uninitialized
|
|
operator: Exists
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: proxmox-cloud-controller-manager
|
|
app.kubernetes.io/instance: proxmox-cloud-controller-manager
|
|
volumes:
|
|
- name: cloud-config
|
|
secret:
|
|
secretName: proxmox-cloud-controller-manager
|
|
defaultMode: 416
|