rsmitty/aa-cloudconf.yaml

## aa-cloudconf.yaml
apiVersion: v1
kind: Secret
metadata:
  name: cloud-config
  namespace: kube-system
type: Opaque
data:
  cloud.conf: W0dsb2JhbF0KYXV0aC11cmw9aHR0cDovLzE5Mi4xNjguMjU0LjIvaWRlbnRpdHkKI1RpcDogWW91IGNhbiBhbHNvIHVzZSBBcHBsaWNhdGlvbiBDcmVkZW50aWFsIElEIGFuZCBTZWNyZXQgaW4gcGxhY2Ugb2YgdXNlcm5hbWUsIHBhc3N3b3JkLCB0ZW5hbnQtaWQsIGFuZCBkb21haW4taWQuCiNhcHBsaWNhdGlvbi1jcmVkZW50aWFsLWlkPQojYXBwbGljYXRpb24tY3JlZGVudGlhbC1zZWNyZXQ9CnVzZXJuYW1lPWFkbWluCiMgdXNlci1pZD0KcGFzc3dvcmQ9c3VwZXJzZWNyZXQKcmVnaW9uPVJlZ2lvbk9uZQp0ZW5hbnQtaWQ9ZWJmNDNmYzQwYzRkNDNlODk4NTA0YTc3ODY5YzRhMWUKZG9tYWluLWlkPWRlZmF1bHQKCltMb2FkQmFsYW5jZXJdCnVzZS1vY3RhdmlhPXRydWUKc3VibmV0LWlkPWFjY2VlMDljLTYwMWYtNGQ4Mi1iYmU0LWUzNTY5Njk3Y2VlYwpmbG9hdGluZy1uZXR3b3JrLWlkPTFhMjJhYmQxLTQxOGYtNDFhOC05OWQxLTQyZDY3MmJjMTA3MgoKW0Jsb2NrU3RvcmFnZV0KYnMtdmVyc2lvbj12Mgo=


## bb-cloud-controller-manager-roles.yaml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: system:cloud-controller-manager
  rules:
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leases
    verbs:
    - get
    - create
    - update
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create
    - patch
    - update
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - '*'
  - apiGroups:
    - ""
    resources:
    - nodes/status
    verbs:
    - patch
  - apiGroups:
    - ""
    resources:
    - services
    verbs:
    - list
    - patch
    - update
    - watch
  - apiGroups:
    - ""
    resources:
    - serviceaccounts
    verbs:
    - create
    - get
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - '*'
  - apiGroups:
    - ""
    resources:
    - endpoints
    verbs:
    - create
    - get
    - list
    - watch
    - update
  - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - list
    - get
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: system:cloud-node-controller
  rules:
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - '*'
  - apiGroups:
    - ""
    resources:
    - nodes/status
    verbs:
    - patch
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create
    - patch
    - update
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: system:pvl-controller
  rules:
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - '*'
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create
    - patch
    - update
kind: List
metadata: {}

## cc-cloud-controller-manager-role-bindings.yaml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: system:cloud-node-controller
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:cloud-node-controller
  subjects:
  - kind: ServiceAccount
    name: cloud-node-controller
    namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: system:pvl-controller
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:pvl-controller
  subjects:
  - kind: ServiceAccount
    name: pvl-controller
    namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: system:cloud-controller-manager
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:cloud-controller-manager
  subjects:
  - kind: ServiceAccount
    name: cloud-controller-manager
    namespace: kube-system
kind: List
metadata: {}

## dd-openstack-cloud-controller-manager-ds.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cloud-controller-manager
  namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: openstack-cloud-controller-manager
  namespace: kube-system
  labels:
    k8s-app: openstack-cloud-controller-manager
spec:
  selector:
    matchLabels:
      k8s-app: openstack-cloud-controller-manager
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        k8s-app: openstack-cloud-controller-manager
    spec:
      nodeSelector:
        node-role.kubernetes.io/master: ""
      securityContext:
        runAsUser: 1001
      tolerations:
      - key: node.cloudprovider.kubernetes.io/uninitialized
        value: "true"
        effect: NoSchedule
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      serviceAccountName: cloud-controller-manager
      containers:
        - name: openstack-cloud-controller-manager
          image: docker.io/k8scloudprovider/openstack-cloud-controller-manager:latest
          args:
            - /bin/openstack-cloud-controller-manager
            - --v=1
            - --cloud-config=$(CLOUD_CONFIG)
            - --cloud-provider=openstack
            - --use-service-account-credentials=true
            - --bind-address=127.0.0.1
          volumeMounts:
            - mountPath: /etc/kubernetes/pki
              name: k8s-certs
              readOnly: true
            - mountPath: /etc/ssl/certs
              name: ca-certs
              readOnly: true
            - mountPath: /etc/config
              name: cloud-config-volume
              readOnly: true
          resources:
            requests:
              cpu: 200m
          env:
            - name: CLOUD_CONFIG
              value: /etc/config/cloud.conf
      hostNetwork: true
      volumes:
      - hostPath:
          path: /etc/kubernetes/pki
          type: DirectoryOrCreate
        name: k8s-certs
      - hostPath:
          path: /etc/ssl/certs
          type: DirectoryOrCreate
        name: ca-certs
      - name: cloud-config-volume
        secret:
          secretName: cloud-config
	apiVersion: v1
	kind: Secret
	metadata:
	name: cloud-config
	namespace: kube-system
	type: Opaque
	data:
	cloud.conf: W0dsb2JhbF0KYXV0aC11cmw9aHR0cDovLzE5Mi4xNjguMjU0LjIvaWRlbnRpdHkKI1RpcDogWW91IGNhbiBhbHNvIHVzZSBBcHBsaWNhdGlvbiBDcmVkZW50aWFsIElEIGFuZCBTZWNyZXQgaW4gcGxhY2Ugb2YgdXNlcm5hbWUsIHBhc3N3b3JkLCB0ZW5hbnQtaWQsIGFuZCBkb21haW4taWQuCiNhcHBsaWNhdGlvbi1jcmVkZW50aWFsLWlkPQojYXBwbGljYXRpb24tY3JlZGVudGlhbC1zZWNyZXQ9CnVzZXJuYW1lPWFkbWluCiMgdXNlci1pZD0KcGFzc3dvcmQ9c3VwZXJzZWNyZXQKcmVnaW9uPVJlZ2lvbk9uZQp0ZW5hbnQtaWQ9ZWJmNDNmYzQwYzRkNDNlODk4NTA0YTc3ODY5YzRhMWUKZG9tYWluLWlkPWRlZmF1bHQKCltMb2FkQmFsYW5jZXJdCnVzZS1vY3RhdmlhPXRydWUKc3VibmV0LWlkPWFjY2VlMDljLTYwMWYtNGQ4Mi1iYmU0LWUzNTY5Njk3Y2VlYwpmbG9hdGluZy1uZXR3b3JrLWlkPTFhMjJhYmQxLTQxOGYtNDFhOC05OWQxLTQyZDY3MmJjMTA3MgoKW0Jsb2NrU3RvcmFnZV0KYnMtdmVyc2lvbj12Mgo=
	apiVersion: v1
	items:
	- apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:cloud-controller-manager
	rules:
	- apiGroups:
	- coordination.k8s.io
	resources:
	- leases
	verbs:
	- get
	- create
	- update
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	- update
	- apiGroups:
	- ""
	resources:
	- nodes
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- nodes/status
	verbs:
	- patch
	- apiGroups:
	- ""
	resources:
	- services
	verbs:
	- list
	- patch
	- update
	- watch
	- apiGroups:
	- ""
	resources:
	- serviceaccounts
	verbs:
	- create
	- get
	- apiGroups:
	- ""
	resources:
	- persistentvolumes
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- endpoints
	verbs:
	- create
	- get
	- list
	- watch
	- update
	- apiGroups:
	- ""
	resources:
	- configmaps
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- ""
	resources:
	- secrets
	verbs:
	- list
	- get
	- watch
	- apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:cloud-node-controller
	rules:
	- apiGroups:
	- ""
	resources:
	- nodes
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- nodes/status
	verbs:
	- patch
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	- update
	- apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:pvl-controller
	rules:
	- apiGroups:
	- ""
	resources:
	- persistentvolumes
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	- update
	kind: List
	metadata: {}
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: cloud-controller-manager
	namespace: kube-system
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: openstack-cloud-controller-manager
	namespace: kube-system
	labels:
	k8s-app: openstack-cloud-controller-manager
	spec:
	selector:
	matchLabels:
	k8s-app: openstack-cloud-controller-manager
	updateStrategy:
	type: RollingUpdate
	template:
	metadata:
	labels:
	k8s-app: openstack-cloud-controller-manager
	spec:
	nodeSelector:
	node-role.kubernetes.io/master: ""
	securityContext:
	runAsUser: 1001
	tolerations:
	- key: node.cloudprovider.kubernetes.io/uninitialized
	value: "true"
	effect: NoSchedule
	- key: node-role.kubernetes.io/master
	effect: NoSchedule
	serviceAccountName: cloud-controller-manager
	containers:
	- name: openstack-cloud-controller-manager
	image: docker.io/k8scloudprovider/openstack-cloud-controller-manager:latest
	args:
	- /bin/openstack-cloud-controller-manager
	- --v=1
	- --cloud-config=$(CLOUD_CONFIG)
	- --cloud-provider=openstack
	- --use-service-account-credentials=true
	- --bind-address=127.0.0.1
	volumeMounts:
	- mountPath: /etc/kubernetes/pki
	name: k8s-certs
	readOnly: true
	- mountPath: /etc/ssl/certs
	name: ca-certs
	readOnly: true
	- mountPath: /etc/config
	name: cloud-config-volume
	readOnly: true
	resources:
	requests:
	cpu: 200m
	env:
	- name: CLOUD_CONFIG
	value: /etc/config/cloud.conf
	hostNetwork: true
	volumes:
	- hostPath:
	path: /etc/kubernetes/pki
	type: DirectoryOrCreate
	name: k8s-certs
	- hostPath:
	path: /etc/ssl/certs
	type: DirectoryOrCreate
	name: ca-certs
	- name: cloud-config-volume
	secret:
	secretName: cloud-config