Skip to content

Instantly share code, notes, and snippets.

@MaxRink

MaxRink/ccm.yml

Created July 9, 2020 15:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save MaxRink/5bde5227e94430edb8b18de5548e083d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save MaxRink/5bde5227e94430edb8b18de5548e083d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ccm.yml
{{- if .Values.ccm.external -}}
# Source: vsphere-cpi/templates/service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager-{{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}
---
# Source: vsphere-cpi/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.tenant.environment }}:{{ .Values.tenant.name }}:{{ .Values.cluster.name }}:cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- '*'
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
---
# Source: vsphere-cpi/templates/daemonset.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.tenant.name }}-vsphere-cpi-{{ .Values.cluster.name }}
spec:
replicas: {{ .Values.ccm.replicas }}
selector:
matchLabels:
app: {{ .Values.tenant.name }}-vsphere-cpi-{{ .Values.cluster.name }}
template:
metadata:
labels:
app: {{ .Values.tenant.name }}-vsphere-cpi-{{ .Values.cluster.name }}
spec:
securityContext:
runAsUser: 1001
serviceAccountName: cloud-controller-manager-{{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}
dnsPolicy: ClusterFirst
containers:
- name: vsphere-cpi
image: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.1.0
imagePullPolicy: IfNotPresent
args:
- --cloud-provider=vsphere
- --v=8
- --cloud-config=/etc/cloud/vsphere.conf
- --kubeconfig=/etc/kubernetes/value
- --leader-elect={{ if le .Values.ccm.replicas 1.0 }}false{{ else }}true {{ end }}
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
readOnly: true
- mountPath: /etc/kubernetes
name: kubeconfig-volume
readOnly: true
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 256m
memory: 128Mi
volumes:
- name: vsphere-config-volume
secret:
secretName: {{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}-cloud-config
- name: kubeconfig-volume
secret:
secretName: {{ .Values.cluster.name }}-kubeconfig
---
# Source: vsphere-cpi/templates/role-binding.yaml
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: kube-system
name: {{ .Values.tenant.environment }}:{{ .Values.tenant.name }}:{{ .Values.cluster.name }}:servicecatalog.k8s.io:apiserver-authentication-reader
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cloud-controller-manager-{{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}
namespace: {{ .Release.Namespace }}
- apiGroup: ""
kind: User
name: cloud-controller-manager-{{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Values.tenant.environment }}:{{ .Values.tenant.name }}:{{ .Values.cluster.name }}:cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.tenant.environment }}:{{ .Values.tenant.name }}:{{ .Values.cluster.name }}:cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager-{{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}
namespace: {{ .Release.Namespace }}
- kind: User
name: cloud-controller-manager-{{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}
---
# Source: vsphere-cpi/templates/configmap.yaml
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}-cloud-config
stringData:
vsphere.conf: |
[Global]
secret-name = "vsphere-creds"
secret-namespace = "demo"
insecure-flag = true
service-account = cloud-controller-manager-{{ .Values.tenant.environment }}-{{ .Values.tenant.name }}-{{ .Values.cluster.name }}
[VirtualCenter "vcenter1.sce-dcn.net"]
datacenters = "Bremen"
[Network]
public-network = {{ .Values.VSphereCluster.machineDeployment.vlanName | quote }}
[Workspace]
server = {{ .Values.VSphereCluster.server | quote}}
datacenter = {{ .Values.VSphereCluster.workspace.datacenter | quote }}
folder = {{ .Values.VSphereCluster.workspace.folder | quote }}
default-datastore = {{ .Values.VSphereCluster.workspace.datastore | quote }}
resourcepool-path = {{ .Values.VSphereCluster.cluster.resourcePool | quote }}
{{- end }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment