deployment.yaml - cloudstack-kubernetes-provider - Git at Google

 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: cloud-controller-manager
   namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: system:cloud-controller-manager
   annotations:
     rbac.authorization.kubernetes.io/autoupdate: "true"
   labels:
     k8s-app: cloud-controller-manager
 rules:
 - apiGroups:
   - ""
   resources:
   - events
   verbs:
   - create
   - patch
   - update
 - apiGroups:
   - ""
   resources:
   - nodes
   verbs:
   - '*'
 - apiGroups:
   - ""
   resources:
   - nodes/status
   verbs:
   - patch
 - apiGroups:
   - ""
   resources:
   - services
   verbs:
   - list
   - patch
   - update
   - watch
 - apiGroups:
   - ""
   resources:
   - services/status
   verbs:
   - list
   - patch
   - update
   - watch
 - apiGroups:
   - ""
   resources:
   - serviceaccounts
   verbs:
   - create
 - apiGroups:
   - ""
   resources:
   - endpoints
   verbs:
   - create
   - get
   - list
   - watch
   - update
 - apiGroups:
   - ""
   resources:
   - persistentvolumes
   verbs:
   - list
   - watch
   - patch
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: system:cloud-controller-manager
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: system:cloud-controller-manager
 subjects:
 - kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: system:cloud-controller-manager:extension-apiserver-authentication-reader
   namespace: kube-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: extension-apiserver-authentication-reader
 subjects:
 - kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
     k8s-app: cloud-controller-manager
   name: cloud-controller-manager
   namespace: kube-system
 spec:
   replicas: 3
   selector:
     matchLabels:
       k8s-app: cloud-controller-manager
   strategy:
     rollingUpdate:
       maxSurge: 25%
       maxUnavailable: 25%
     type: RollingUpdate
   template:
     metadata:
       labels:
         k8s-app: cloud-controller-manager
     spec:
       containers:
       - name: cloud-controller-manager
         image: swisstxt/cloudstack-cloud-controller-manager:master
         imagePullPolicy: IfNotPresent
         command:
         - /root/cloudstack-ccm
         - --leader-elect=true
         - --cloud-provider=external-cloudstack
         - --cloud-config=/config/cloud-config
         resources:
           limits:
             cpu: 50m
             memory: 120Mi
           requests:
             cpu: 10m
             memory: 60Mi
         volumeMounts:
         - name: config-volume
           mountPath: /config
       restartPolicy: Always
       serviceAccountName: cloud-controller-manager
       terminationGracePeriodSeconds: 30
       volumes:
       - name: config-volume
         secret:
           secretName: cloudstack-secret
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: cloud-controller-manager
	namespace: kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:cloud-controller-manager
	annotations:
	rbac.authorization.kubernetes.io/autoupdate: "true"
	labels:
	k8s-app: cloud-controller-manager
	rules:
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	- update
	- apiGroups:
	- ""
	resources:
	- nodes
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- nodes/status
	verbs:
	- patch
	- apiGroups:
	- ""
	resources:
	- services
	verbs:
	- list
	- patch
	- update
	- watch
	- apiGroups:
	- ""
	resources:
	- services/status
	verbs:
	- list
	- patch
	- update
	- watch
	- apiGroups:
	- ""
	resources:
	- serviceaccounts
	verbs:
	- create
	- apiGroups:
	- ""
	resources:
	- endpoints
	verbs:
	- create
	- get
	- list
	- watch
	- update
	- apiGroups:
	- ""
	resources:
	- persistentvolumes
	verbs:
	- list
	- watch
	- patch
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: system:cloud-controller-manager
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: system:cloud-controller-manager
	subjects:
	- kind: ServiceAccount
	name: cloud-controller-manager
	namespace: kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: system:cloud-controller-manager:extension-apiserver-authentication-reader
	namespace: kube-system
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: extension-apiserver-authentication-reader
	subjects:
	- kind: ServiceAccount
	name: cloud-controller-manager
	namespace: kube-system
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	k8s-app: cloud-controller-manager
	name: cloud-controller-manager
	namespace: kube-system
	spec:
	replicas: 3
	selector:
	matchLabels:
	k8s-app: cloud-controller-manager
	strategy:
	rollingUpdate:
	maxSurge: 25%
	maxUnavailable: 25%
	type: RollingUpdate
	template:
	metadata:
	labels:
	k8s-app: cloud-controller-manager
	spec:
	containers:
	- name: cloud-controller-manager
	image: swisstxt/cloudstack-cloud-controller-manager:master
	imagePullPolicy: IfNotPresent
	command:
	- /root/cloudstack-ccm
	- --leader-elect=true
	- --cloud-provider=external-cloudstack
	- --cloud-config=/config/cloud-config
	resources:
	limits:
	cpu: 50m
	memory: 120Mi
	requests:
	cpu: 10m
	memory: 60Mi
	volumeMounts:
	- name: config-volume
	mountPath: /config
	restartPolicy: Always
	serviceAccountName: cloud-controller-manager
	terminationGracePeriodSeconds: 30
	volumes:
	- name: config-volume
	secret:
	secretName: cloudstack-secret