| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: cloud-controller-manager |
| namespace: kube-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: system:cloud-controller-manager |
| annotations: |
| rbac.authorization.kubernetes.io/autoupdate: "true" |
| labels: |
| k8s-app: cloud-controller-manager |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - events |
| verbs: |
| - create |
| - patch |
| - update |
| - apiGroups: |
| - "" |
| resources: |
| - nodes |
| verbs: |
| - '*' |
| - apiGroups: |
| - "" |
| resources: |
| - nodes/status |
| verbs: |
| - patch |
| - apiGroups: |
| - "" |
| resources: |
| - services |
| verbs: |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - services/status |
| verbs: |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - serviceaccounts |
| verbs: |
| - create |
| - apiGroups: |
| - "" |
| resources: |
| - endpoints |
| verbs: |
| - create |
| - get |
| - list |
| - watch |
| - update |
| - apiGroups: |
| - "" |
| resources: |
| - persistentvolumes |
| verbs: |
| - list |
| - watch |
| - patch |
| --- |
| kind: ClusterRoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1 |
| metadata: |
| name: system:cloud-controller-manager |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: system:cloud-controller-manager |
| subjects: |
| - kind: ServiceAccount |
| name: cloud-controller-manager |
| namespace: kube-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| name: system:cloud-controller-manager:extension-apiserver-authentication-reader |
| namespace: kube-system |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: extension-apiserver-authentication-reader |
| subjects: |
| - kind: ServiceAccount |
| name: cloud-controller-manager |
| namespace: kube-system |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| labels: |
| k8s-app: cloud-controller-manager |
| name: cloud-controller-manager |
| namespace: kube-system |
| spec: |
| replicas: 3 |
| selector: |
| matchLabels: |
| k8s-app: cloud-controller-manager |
| strategy: |
| rollingUpdate: |
| maxSurge: 25% |
| maxUnavailable: 25% |
| type: RollingUpdate |
| template: |
| metadata: |
| labels: |
| k8s-app: cloud-controller-manager |
| spec: |
| containers: |
| - name: cloud-controller-manager |
| image: apache/cloudstack-kubernetes-provider:latest |
| imagePullPolicy: IfNotPresent |
| command: |
| - /root/cloudstack-ccm |
| - --leader-elect=true |
| - --cloud-provider=external-cloudstack |
| - --cloud-config=/config/cloud-config |
| resources: |
| limits: |
| cpu: 50m |
| memory: 120Mi |
| requests: |
| cpu: 10m |
| memory: 60Mi |
| volumeMounts: |
| - name: config-volume |
| mountPath: /config |
| restartPolicy: Always |
| serviceAccountName: cloud-controller-manager |
| terminationGracePeriodSeconds: 30 |
| volumes: |
| - name: config-volume |
| secret: |
| secretName: cloudstack-secret |