Created
October 1, 2021 11:37
-
-
Save calvin-puram/e385269a0f21ac61bb90c5e7962c110a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
labels: | |
k8s-addon: cluster-autoscaler.addons.k8s.io | |
k8s-app: cluster-autoscaler | |
name: cluster-autoscaler | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: cluster-autoscaler | |
labels: | |
k8s-addon: cluster-autoscaler.addons.k8s.io | |
k8s-app: cluster-autoscaler | |
rules: | |
- apiGroups: [""] | |
resources: ["events", "endpoints"] | |
verbs: ["create", "patch"] | |
- apiGroups: [""] | |
resources: ["pods/eviction"] | |
verbs: ["create"] | |
- apiGroups: [""] | |
resources: ["pods/status"] | |
verbs: ["update"] | |
- apiGroups: [""] | |
resources: ["endpoints"] | |
resourceNames: ["cluster-autoscaler"] | |
verbs: ["get", "update"] | |
- apiGroups: [""] | |
resources: ["nodes"] | |
verbs: ["watch", "list", "get", "update"] | |
- apiGroups: [""] | |
resources: | |
- "namespaces" | |
- "pods" | |
- "services" | |
- "replicationcontrollers" | |
- "persistentvolumeclaims" | |
- "persistentvolumes" | |
verbs: ["watch", "list", "get"] | |
- apiGroups: ["extensions"] | |
resources: ["replicasets", "daemonsets"] | |
verbs: ["watch", "list", "get"] | |
- apiGroups: ["policy"] | |
resources: ["poddisruptionbudgets"] | |
verbs: ["watch", "list"] | |
- apiGroups: ["apps"] | |
resources: ["statefulsets", "replicasets", "daemonsets"] | |
verbs: ["watch", "list", "get"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: | |
["storageclasses", "csinodes", "csidrivers", "csistoragecapacities"] | |
verbs: ["watch", "list", "get"] | |
- apiGroups: ["batch", "extensions"] | |
resources: ["jobs"] | |
verbs: ["get", "list", "watch", "patch"] | |
- apiGroups: ["coordination.k8s.io"] | |
resources: ["leases"] | |
verbs: ["create"] | |
- apiGroups: ["coordination.k8s.io"] | |
resourceNames: ["cluster-autoscaler"] | |
resources: ["leases"] | |
verbs: ["get", "update"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
name: cluster-autoscaler | |
namespace: kube-system | |
labels: | |
k8s-addon: cluster-autoscaler.addons.k8s.io | |
k8s-app: cluster-autoscaler | |
rules: | |
- apiGroups: [""] | |
resources: ["configmaps"] | |
verbs: ["create", "list", "watch"] | |
- apiGroups: [""] | |
resources: ["configmaps"] | |
resourceNames: | |
["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] | |
verbs: ["delete", "get", "update", "watch"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: cluster-autoscaler | |
labels: | |
k8s-addon: cluster-autoscaler.addons.k8s.io | |
k8s-app: cluster-autoscaler | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-autoscaler | |
subjects: | |
- kind: ServiceAccount | |
name: cluster-autoscaler | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: cluster-autoscaler | |
namespace: kube-system | |
labels: | |
k8s-addon: cluster-autoscaler.addons.k8s.io | |
k8s-app: cluster-autoscaler | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: cluster-autoscaler | |
subjects: | |
- kind: ServiceAccount | |
name: cluster-autoscaler | |
namespace: kube-system | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
annotations: | |
deployment.kubernetes.io/revision: "1" | |
cluster-autoscaler.kubernetes.io/safe-to-evict: "false" | |
name: cluster-autoscaler | |
namespace: kube-system | |
labels: | |
app: cluster-autoscaler | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: cluster-autoscaler | |
template: | |
metadata: | |
labels: | |
app: cluster-autoscaler | |
annotations: | |
prometheus.io/scrape: "true" | |
prometheus.io/port: "8085" | |
spec: | |
priorityClassName: system-cluster-critical | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
serviceAccountName: cluster-autoscaler | |
containers: | |
- image: k8s.gcr.io/autoscaling/cluster-autoscaler:v1.21.0 | |
name: cluster-autoscaler | |
resources: | |
limits: | |
cpu: 100m | |
memory: 600Mi | |
requests: | |
cpu: 100m | |
memory: 600Mi | |
command: | |
- ./cluster-autoscaler | |
- --v=4 | |
- --stderrthreshold=info | |
- --cloud-provider=aws | |
- --skip-nodes-with-local-storage=false | |
- --expander=least-waste | |
- --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/eks-test | |
- --balance-similar-node-groups | |
- --skip-nodes-with-system-pods=false | |
volumeMounts: | |
- name: ssl-certs | |
mountPath: /etc/ssl/certs/ca-certificates.crt #/etc/ssl/certs/ca-bundle.crt for Amazon Linux Worker Nodes | |
readOnly: true | |
imagePullPolicy: "Always" | |
volumes: | |
- name: ssl-certs | |
hostPath: | |
path: "/etc/ssl/certs/ca-bundle.crt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment