| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: rss-webhook |
| namespace: kube-system |
| --- |
| kind: ClusterRole |
| apiVersion: rbac.authorization.k8s.io/v1 |
| metadata: |
| name: rss-webhook-role |
| rules: |
| - apiGroups: [ "" ] |
| resources: [ "pods" ] |
| verbs: [ "get", "list", "watch", "delete" ] |
| - apiGroups: [ "node.k8s.io" ] |
| resources: [ "runtimeclasses" ] |
| verbs: [ "get", "list", "watch" ] |
| - apiGroups: [ "uniffle.apache.org" ] |
| resources: [ "remoteshuffleservices", "remoteshuffleservices/status" ] |
| verbs: [ "get", "list", "watch", "update" ] |
| - apiGroups: [ "admissionregistration.k8s.io" ] |
| resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ] |
| verbs: [ "get", "list", "watch", "update", "create", "delete" ] |
| - apiGroups: [ "" ] |
| resources: [ "configmaps", "secrets" ] |
| verbs: [ "get", "list", "watch", "update", "create", "delete" ] |
| - apiGroups: [ "coordination.k8s.io" ] |
| resources: [ "leases" ] |
| verbs: [ "get", "list", "watch", "update", "create", "delete" ] |
| - apiGroups: [ "" ] |
| resources: [ "events" ] |
| verbs: [ "list", "watch", "create", "update", "patch" ] |
| - apiGroups: [ "node.k8s.io" ] |
| resources: [ "runtimeclasses" ] |
| verbs: [ "get", "list", "watch" ] |
| - apiGroups: [ "autoscaling" ] |
| resources: [ "horizontalpodautoscalers" ] |
| verbs: [ "get", "list", "watch" ] |
| - apiGroups: [ "apps" ] |
| resources: [ "statefulsets" ] |
| verbs: [ "get", "list", "watch" ] |
| --- |
| kind: ClusterRoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1 |
| metadata: |
| name: rss-webhook-role-binding |
| subjects: |
| - kind: ServiceAccount |
| name: rss-webhook |
| namespace: kube-system |
| roleRef: |
| kind: ClusterRole |
| name: rss-webhook-role |
| apiGroup: rbac.authorization.k8s.io |
| --- |
| kind: Service |
| apiVersion: v1 |
| metadata: |
| name: rss-webhook |
| namespace: kube-system |
| spec: |
| type: NodePort |
| selector: |
| service: rss-webhook |
| ports: |
| - protocol: TCP |
| port: 443 |
| targetPort: 9876 |
| nodePort: 31777 |
| --- |
| kind: Deployment |
| apiVersion: apps/v1 |
| metadata: |
| name: rss-webhook |
| namespace: kube-system |
| spec: |
| strategy: |
| rollingUpdate: |
| maxSurge: 1 |
| maxUnavailable: 2 |
| type: RollingUpdate |
| selector: |
| matchLabels: |
| app: rss-webhook |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: rss-webhook |
| service: rss-webhook |
| spec: |
| serviceAccountName: rss-webhook |
| containers: |
| - name: rss-webhook |
| image: ${rss-webhook-image} |
| command: |
| - "./webhook" |
| args: |
| - "--ignore-rss=false" |
| - "--v=4" |
| ports: |
| - containerPort: 9876 |
| protocol: TCP |
| imagePullPolicy: "Always" |
| env: |
| - name: POD_NAME |
| valueFrom: |
| fieldRef: |
| apiVersion: v1 |
| fieldPath: metadata.name |
| - name: POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| apiVersion: v1 |
| fieldPath: metadata.namespace |
| - name: NODE_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: spec.nodeName |
| resources: |
| requests: |
| cpu: 500m |
| memory: 1024Mi |
| tolerations: |
| - effect: NoSchedule |
| key: node-role.kubernetes.io/master |
| affinity: |
| podAntiAffinity: |
| requiredDuringSchedulingIgnoredDuringExecution: |
| - labelSelector: |
| matchExpressions: |
| - key: app |
| operator: In |
| values: |
| - rss-webhook |
| topologyKey: kubernetes.io/hostname |