Created
August 22, 2024 16:42
-
-
Save mcbenjemaa/5f8a0e2f268196978e648d5abe4fc372 to your computer and use it in GitHub Desktop.
GCP CCM (cloud provider)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| name: cloud-controller-manager | |
| namespace: kube-system | |
| labels: | |
| component: cloud-controller-manager | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| spec: | |
| selector: | |
| matchLabels: | |
| component: cloud-controller-manager | |
| updateStrategy: | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| tier: control-plane | |
| component: cloud-controller-manager | |
| spec: | |
| nodeSelector: null | |
| affinity: | |
| nodeAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| nodeSelectorTerms: | |
| - matchExpressions: | |
| - key: node-role.kubernetes.io/control-plane | |
| operator: Exists | |
| - matchExpressions: | |
| - key: node-role.kubernetes.io/master | |
| operator: Exists | |
| tolerations: | |
| - key: node.cloudprovider.kubernetes.io/uninitialized | |
| value: "true" | |
| effect: NoSchedule | |
| - key: node.kubernetes.io/not-ready | |
| effect: NoSchedule | |
| - key: node-role.kubernetes.io/master | |
| effect: NoSchedule | |
| - key: node-role.kubernetes.io/control-plane | |
| effect: NoSchedule | |
| serviceAccountName: cloud-controller-manager | |
| containers: | |
| - name: cloud-controller-manager | |
| image: k8scloudprovidergcp/cloud-controller-manager:latest | |
| imagePullPolicy: IfNotPresent | |
| # ko puts it somewhere else... command: ['/usr/local/bin/cloud-controller-manager'] | |
| command: ['/usr/local/bin/cloud-controller-manager'] | |
| args: | |
| - --cloud-provider=gce # Add your own cloud provider here! | |
| - --leader-elect=true | |
| - --use-service-account-credentials | |
| # these flags will vary for every cloud provider | |
| - --allocate-node-cidrs=true | |
| - --configure-cloud-routes=true | |
| - --cluster-cidr=192.168.0.0/16 | |
| livenessProbe: | |
| failureThreshold: 3 | |
| httpGet: | |
| host: 127.0.0.1 | |
| path: /healthz | |
| port: 10258 | |
| scheme: HTTPS | |
| initialDelaySeconds: 15 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 15 | |
| resources: | |
| requests: | |
| cpu: "200m" | |
| volumeMounts: | |
| - mountPath: /etc/kubernetes/cloud.config | |
| name: cloudconfig | |
| readOnly: true | |
| hostNetwork: true | |
| priorityClassName: system-cluster-critical | |
| volumes: | |
| - hostPath: | |
| path: /etc/kubernetes/cloud.config | |
| type: "" | |
| name: cloudconfig | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: cloud-controller-manager | |
| namespace: kube-system | |
| labels: | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: cloud-controller-manager:apiserver-authentication-reader | |
| namespace: kube-system | |
| labels: | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: extension-apiserver-authentication-reader | |
| subjects: | |
| - apiGroup: "" | |
| kind: ServiceAccount | |
| name: cloud-controller-manager | |
| namespace: kube-system | |
| --- | |
| # https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/cloud-node-controller-role.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: system:cloud-controller-manager | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| rules: | |
| - apiGroups: | |
| - "" | |
| - events.k8s.io | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| - update | |
| - apiGroups: | |
| - coordination.k8s.io | |
| resources: | |
| - leases | |
| verbs: | |
| - create | |
| - get | |
| - list | |
| - watch | |
| - update | |
| - apiGroups: | |
| - coordination.k8s.io | |
| resourceNames: | |
| - cloud-controller-manager | |
| resources: | |
| - leases | |
| verbs: | |
| - get | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - endpoints | |
| - serviceaccounts | |
| verbs: | |
| - create | |
| - get | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| verbs: | |
| - get | |
| - update | |
| - patch # until #393 lands | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - namespaces | |
| verbs: | |
| - get | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes/status | |
| verbs: | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - secrets | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - update | |
| - apiGroups: | |
| - "authentication.k8s.io" | |
| resources: | |
| - tokenreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - "*" | |
| resources: | |
| - "*" | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - serviceaccounts/token | |
| verbs: | |
| - create | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: system::leader-locking-cloud-controller-manager | |
| namespace: kube-system | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| verbs: | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| resourceNames: | |
| - cloud-controller-manager | |
| verbs: | |
| - get | |
| - update | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: system:controller:cloud-node-controller | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| verbs: | |
| - get | |
| - list | |
| - update | |
| - delete | |
| - patch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes/status | |
| verbs: | |
| - get | |
| - list | |
| - update | |
| - delete | |
| - patch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| verbs: | |
| - list | |
| - delete | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods/status | |
| verbs: | |
| - list | |
| - delete | |
| --- | |
| # https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/cloud-node-controller-binding.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: system::leader-locking-cloud-controller-manager | |
| namespace: kube-system | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: system::leader-locking-cloud-controller-manager | |
| subjects: | |
| - kind: ServiceAccount | |
| name: cloud-controller-manager | |
| namespace: kube-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: system:cloud-controller-manager | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: system:cloud-controller-manager | |
| subjects: | |
| - kind: ServiceAccount | |
| apiGroup: "" | |
| name: cloud-controller-manager | |
| namespace: kube-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: system:controller:cloud-node-controller | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: system:controller:cloud-node-controller | |
| subjects: | |
| - kind: ServiceAccount | |
| name: cloud-node-controller | |
| namespace: kube-system | |
| --- | |
| # https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/pvl-controller-role.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: system:controller:pvl-controller | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumeclaims | |
| - persistentvolumes | |
| verbs: | |
| - list | |
| - watch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment