mirror of
https://github.com/optim-enterprises-bv/terraform-talos.git
synced 2025-11-03 19:57:46 +00:00
Save
This commit is contained in:
Serge Logvinov
@@ -7,11 +7,7 @@ metadata:
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: system:cloud-controller-manager
|
name: system:azure-cloud-controller-manager
|
||||||
annotations:
|
|
||||||
rbac.authorization.kubernetes.io/autoupdate: "true"
|
|
||||||
labels:
|
|
||||||
k8s-app: azure-cloud-controller-manager
|
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
@@ -103,25 +99,23 @@ rules:
|
|||||||
- create
|
- create
|
||||||
- update
|
- update
|
||||||
---
|
---
|
||||||
kind: ClusterRoleBinding
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: system:cloud-controller-manager
|
name: system:azure-cloud-controller-manager
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: system:cloud-controller-manager
|
name: system:azure-cloud-controller-manager
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: azure-cloud-controller-manager
|
name: azure-cloud-controller-manager
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
- kind: User
|
|
||||||
name: azure-cloud-controller-manager
|
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: system:cloud-controller-manager:extension-apiserver-authentication-reader
|
name: system:azure-cloud-controller-manager:extension-apiserver-authentication-reader
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
@@ -131,9 +125,6 @@ subjects:
|
|||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: azure-cloud-controller-manager
|
name: azure-cloud-controller-manager
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
- apiGroup: ""
|
|
||||||
kind: User
|
|
||||||
name: azure-cloud-controller-manager
|
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@@ -154,7 +145,7 @@ spec:
|
|||||||
tier: control-plane
|
tier: control-plane
|
||||||
component: azure-cloud-controller-manager
|
component: azure-cloud-controller-manager
|
||||||
spec:
|
spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-cluster-critical
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
serviceAccountName: azure-cloud-controller-manager
|
serviceAccountName: azure-cloud-controller-manager
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
@@ -187,10 +178,10 @@ spec:
|
|||||||
- --cloud-provider=azure
|
- --cloud-provider=azure
|
||||||
- --allocate-node-cidrs=false
|
- --allocate-node-cidrs=false
|
||||||
- --controllers=cloud-node-lifecycle # disable cloud-node controller
|
- --controllers=cloud-node-lifecycle # disable cloud-node controller
|
||||||
- --use-service-account-credentials
|
|
||||||
- --leader-elect-resource-name=cloud-controller-manager-azure
|
- --leader-elect-resource-name=cloud-controller-manager-azure
|
||||||
|
- --use-service-account-credentials
|
||||||
- --bind-address=127.0.0.1
|
- --bind-address=127.0.0.1
|
||||||
- --port=10267
|
- --secure-port=10267
|
||||||
env:
|
env:
|
||||||
- name: CLUSTER_NAME
|
- name: CLUSTER_NAME
|
||||||
value: kubernetes
|
value: kubernetes
|
||||||
|
|||||||
@@ -111,6 +111,20 @@ subjects:
|
|||||||
name: openstack-cloud-controller-manager
|
name: openstack-cloud-controller-manager
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
---
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: system:openstack-cloud-controller-manager:extension-apiserver-authentication-reader
|
||||||
|
namespace: kube-system
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: extension-apiserver-authentication-reader
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: openstack-cloud-controller-manager
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
@@ -173,6 +187,7 @@ spec:
|
|||||||
- --leader-elect-resource-name=cloud-controller-manager-openstack
|
- --leader-elect-resource-name=cloud-controller-manager-openstack
|
||||||
- --use-service-account-credentials
|
- --use-service-account-credentials
|
||||||
- --bind-address=127.0.0.1
|
- --bind-address=127.0.0.1
|
||||||
|
- --secure-port=10267
|
||||||
env:
|
env:
|
||||||
- name: CLUSTER_NAME
|
- name: CLUSTER_NAME
|
||||||
value: kubernetes
|
value: kubernetes
|
||||||
|
|||||||
Reference in New Issue
Block a user