Created
January 15, 2019 09:08
-
-
Save zshi-redhat/03fe4e937e672bcc4636b884e49a939a to your computer and use it in GitHub Desktop.
SR-IOV admission controller manifests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
namespace: sriov-device-plugin | |
name: sriovdp-admission-controller-sa | |
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: sriovdp-admission-controller-sa-secret | |
namespace: sriov-device-plugin | |
annotations: | |
kubernetes.io/service-account.name: sriovdp-admission-controller-sa | |
type: kubernetes.io/service-account-token | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: sriovdp-admission-controller | |
rules: | |
- apiGroups: | |
- "" | |
- k8s.cni.cncf.io | |
resources: | |
- pods | |
- network-attachment-definitions | |
verbs: | |
- '*' | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: sriovdp-admission-controller-certificates | |
rules: | |
- apiGroups: | |
- certificates.k8s.io | |
resources: | |
- certificatesigningrequests | |
- certificatesigningrequests/approval | |
verbs: | |
- '*' | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: sriovdp-admission-controller-secrets | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- secrets | |
verbs: | |
- '*' | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: sriovdp-admission-controller-webhook-configs | |
rules: | |
- apiGroups: | |
- admissionregistration.k8s.io | |
resources: | |
- mutatingwebhookconfigurations | |
- validatingwebhookconfigurations | |
verbs: | |
- '*' | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: sriovdp-admission-controller-service | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- services | |
verbs: | |
- '*' | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: sriovdp-admission-controller-role-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: sriovdp-admission-controller | |
subjects: | |
- kind: ServiceAccount | |
name: sriovdp-admission-controller-sa | |
namespace: sriov-device-plugin | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: sriovdp-admission-controller-certificates-role-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: sriovdp-admission-controller-certificates | |
subjects: | |
- kind: ServiceAccount | |
name: sriovdp-admission-controller-sa | |
namespace: sriov-device-plugin | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: sriovdp-admission-controller-secrets-role-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: sriovdp-admission-controller-secrets | |
subjects: | |
- kind: ServiceAccount | |
name: sriovdp-admission-controller-sa | |
namespace: sriov-device-plugin | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: sriovdp-admission-controller-webhook-configs-role-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: sriovdp-admission-controller-webhook-configs | |
subjects: | |
- kind: ServiceAccount | |
name: sriovdp-admission-controller-sa | |
namespace: sriov-device-plugin | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: sriovdp-admission-controller-service-role-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: sriovdp-admission-controller-service | |
subjects: | |
- kind: ServiceAccount | |
name: sriovdp-admission-controller-sa | |
namespace: sriov-device-plugin | |
--- | |
apiVersion: batch/v1 | |
kind: Job | |
metadata: | |
labels: | |
app: install-sriovdp-admission-controller | |
name: install-sriovdp-admission-controller | |
namespace: sriov-device-plugin | |
spec: | |
template: | |
spec: | |
serviceAccountName: sriovdp-admission-controller-sa | |
containers: | |
- name: install-sriovdp-admission-controller | |
image: {{.SRIOVDPAdmissionControllerImage}} | |
command: | |
- webhook_installer | |
args: | |
- -namespace=sriov-device-plugin | |
- -prefix=sriovdp-admission-controller | |
- -alsologtostderr | |
restartPolicy: Never | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: sriovdp-admission-controller | |
name: sriovdp-admission-controller-server | |
namespace: sriov-device-plugin | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: sriovdp-admission-controller | |
template: | |
metadata: | |
labels: | |
app: sriovdp-admission-controller | |
spec: | |
nodeSelector: | |
beta.kubernetes.io/os: linux | |
serviceAccountName: sriovdp-admission-controller-sa | |
tolerations: | |
- operator: Exists | |
containers: | |
- name: sriovdp-admission-controller | |
image: {{.SRIOVDPAdmissionControllerImage}} | |
command: | |
- webhook | |
args: | |
- -bind-address=0.0.0.0 | |
- -port=443 | |
- -tls-private-key-file=/webhook/tls/key.pem | |
- -tls-cert-file=/webhook/tls/cert.pem | |
- -alsologtostderr=true | |
volumeMounts: | |
- mountPath: /webhook/tls | |
name: sriovdp-admission-controller-secret | |
readOnly: True | |
volumes: | |
- name: sriovdp-admission-controller-secret | |
secret: | |
secretName: sriovdp-admission-controller-secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment