Google Git
Sign in
apache / incubator-uniffle / 51b85811bc4d7a9b3595bc04283c8cf6c7172d8a / . / deploy / kubernetes / operator / config / manager / rss-controller.yaml
blob: 22401c822a66fa160b5aeb3fce1406fe2e74b4a4 [file] [log] [blame]
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rss-controller
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rss-controller-role
rules:
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "delete" ]
- apiGroups: [ "uniffle.apache.org" ]
resources: [ "remoteshuffleservices", "remoteshuffleservices/status" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
verbs: [ "get", "list", "watch", "update", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets", "services", "serviceaccounts" ]
verbs: [ "get", "list", "watch", "update", "create", "delete", "patch" ]
- apiGroups: [ "apps" ]
resources: [ "deployments", "statefulsets" ]
verbs: [ "get", "list", "watch", "update", "create", "delete", "patch" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "list", "watch", "update", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "autoscaling" ]
resources: [ "horizontalpodautoscalers" ]
verbs: [ "get", "list", "watch", "update", "create", "delete", "patch" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rss-controller-role-binding
subjects:
- kind: ServiceAccount
name: rss-controller
namespace: kube-system
roleRef:
kind: ClusterRole
name: rss-controller-role
apiGroup: rbac.authorization.k8s.io
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: rss-controller
namespace: kube-system
spec:
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 2
type: RollingUpdate
selector:
matchLabels:
app: rss-controller
replicas: 1
template:
metadata:
labels:
app: rss-controller
spec:
serviceAccountName: rss-controller
containers:
- name: rss-controller
image: ${rss-controller-image}
command:
- "./controller"
args:
- "--v=5"
ports:
- containerPort: 9876
protocol: TCP
imagePullPolicy: "Always"
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
resources:
requests:
cpu: 500m
memory: 1024Mi
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- rss-controller
topologyKey: kubernetes.io/hostname