Created
January 15, 2019 09:08
-
-
Save zshi-redhat/03fe4e937e672bcc4636b884e49a939a to your computer and use it in GitHub Desktop.
SR-IOV admission controller manifests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| namespace: sriov-device-plugin | |
| name: sriovdp-admission-controller-sa | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: sriovdp-admission-controller-sa-secret | |
| namespace: sriov-device-plugin | |
| annotations: | |
| kubernetes.io/service-account.name: sriovdp-admission-controller-sa | |
| type: kubernetes.io/service-account-token | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: sriovdp-admission-controller | |
| rules: | |
| - apiGroups: | |
| - "" | |
| - k8s.cni.cncf.io | |
| resources: | |
| - pods | |
| - network-attachment-definitions | |
| verbs: | |
| - '*' | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: sriovdp-admission-controller-certificates | |
| rules: | |
| - apiGroups: | |
| - certificates.k8s.io | |
| resources: | |
| - certificatesigningrequests | |
| - certificatesigningrequests/approval | |
| verbs: | |
| - '*' | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: sriovdp-admission-controller-secrets | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - secrets | |
| verbs: | |
| - '*' | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: sriovdp-admission-controller-webhook-configs | |
| rules: | |
| - apiGroups: | |
| - admissionregistration.k8s.io | |
| resources: | |
| - mutatingwebhookconfigurations | |
| - validatingwebhookconfigurations | |
| verbs: | |
| - '*' | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: sriovdp-admission-controller-service | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services | |
| verbs: | |
| - '*' | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: sriovdp-admission-controller-role-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: sriovdp-admission-controller | |
| subjects: | |
| - kind: ServiceAccount | |
| name: sriovdp-admission-controller-sa | |
| namespace: sriov-device-plugin | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: sriovdp-admission-controller-certificates-role-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: sriovdp-admission-controller-certificates | |
| subjects: | |
| - kind: ServiceAccount | |
| name: sriovdp-admission-controller-sa | |
| namespace: sriov-device-plugin | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: sriovdp-admission-controller-secrets-role-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: sriovdp-admission-controller-secrets | |
| subjects: | |
| - kind: ServiceAccount | |
| name: sriovdp-admission-controller-sa | |
| namespace: sriov-device-plugin | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: sriovdp-admission-controller-webhook-configs-role-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: sriovdp-admission-controller-webhook-configs | |
| subjects: | |
| - kind: ServiceAccount | |
| name: sriovdp-admission-controller-sa | |
| namespace: sriov-device-plugin | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: sriovdp-admission-controller-service-role-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: sriovdp-admission-controller-service | |
| subjects: | |
| - kind: ServiceAccount | |
| name: sriovdp-admission-controller-sa | |
| namespace: sriov-device-plugin | |
| --- | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| labels: | |
| app: install-sriovdp-admission-controller | |
| name: install-sriovdp-admission-controller | |
| namespace: sriov-device-plugin | |
| spec: | |
| template: | |
| spec: | |
| serviceAccountName: sriovdp-admission-controller-sa | |
| containers: | |
| - name: install-sriovdp-admission-controller | |
| image: {{.SRIOVDPAdmissionControllerImage}} | |
| command: | |
| - webhook_installer | |
| args: | |
| - -namespace=sriov-device-plugin | |
| - -prefix=sriovdp-admission-controller | |
| - -alsologtostderr | |
| restartPolicy: Never | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: sriovdp-admission-controller | |
| name: sriovdp-admission-controller-server | |
| namespace: sriov-device-plugin | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: sriovdp-admission-controller | |
| template: | |
| metadata: | |
| labels: | |
| app: sriovdp-admission-controller | |
| spec: | |
| nodeSelector: | |
| beta.kubernetes.io/os: linux | |
| serviceAccountName: sriovdp-admission-controller-sa | |
| tolerations: | |
| - operator: Exists | |
| containers: | |
| - name: sriovdp-admission-controller | |
| image: {{.SRIOVDPAdmissionControllerImage}} | |
| command: | |
| - webhook | |
| args: | |
| - -bind-address=0.0.0.0 | |
| - -port=443 | |
| - -tls-private-key-file=/webhook/tls/key.pem | |
| - -tls-cert-file=/webhook/tls/cert.pem | |
| - -alsologtostderr=true | |
| volumeMounts: | |
| - mountPath: /webhook/tls | |
| name: sriovdp-admission-controller-secret | |
| readOnly: True | |
| volumes: | |
| - name: sriovdp-admission-controller-secret | |
| secret: | |
| secretName: sriovdp-admission-controller-secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment