Skip to content

Commit 7ccec79

Browse files
author
Timo Reimann
authored
Merge pull request #412 from cpanato/fix-crole
uncommented the required permission
2 parents c7fc86a + 9168846 commit 7ccec79

File tree

1 file changed

+151
-0
lines changed

1 file changed

+151
-0
lines changed

releases/dev.yml

Lines changed: 151 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,151 @@
1+
---
2+
apiVersion: apps/v1
3+
kind: Deployment
4+
metadata:
5+
name: digitalocean-cloud-controller-manager
6+
namespace: kube-system
7+
spec:
8+
replicas: 1
9+
revisionHistoryLimit: 2
10+
selector:
11+
matchLabels:
12+
app: digitalocean-cloud-controller-manager
13+
template:
14+
metadata:
15+
labels:
16+
app: digitalocean-cloud-controller-manager
17+
annotations:
18+
scheduler.alpha.kubernetes.io/critical-pod: ''
19+
spec:
20+
dnsPolicy: Default
21+
hostNetwork: true
22+
serviceAccountName: cloud-controller-manager
23+
tolerations:
24+
# this taint is set by all kubelets running `--cloud-provider=external`
25+
# so we should tolerate it to schedule the digitalocean ccm
26+
- key: "node.cloudprovider.kubernetes.io/uninitialized"
27+
value: "true"
28+
effect: "NoSchedule"
29+
- key: "CriticalAddonsOnly"
30+
operator: "Exists"
31+
# cloud controller manages should be able to run on masters
32+
- key: "node-role.kubernetes.io/master"
33+
effect: NoSchedule
34+
containers:
35+
- image: digitalocean/digitalocean-cloud-controller-manager:v0.1.36
36+
name: digitalocean-cloud-controller-manager
37+
command:
38+
- "/bin/digitalocean-cloud-controller-manager"
39+
- "--leader-elect=false"
40+
resources:
41+
requests:
42+
cpu: 100m
43+
memory: 50Mi
44+
env:
45+
- name: DO_ACCESS_TOKEN
46+
valueFrom:
47+
secretKeyRef:
48+
name: digitalocean
49+
key: access-token
50+
51+
---
52+
apiVersion: v1
53+
kind: ServiceAccount
54+
metadata:
55+
name: cloud-controller-manager
56+
namespace: kube-system
57+
---
58+
apiVersion: rbac.authorization.k8s.io/v1
59+
kind: ClusterRole
60+
metadata:
61+
annotations:
62+
rbac.authorization.kubernetes.io/autoupdate: "true"
63+
name: system:cloud-controller-manager
64+
rules:
65+
- apiGroups:
66+
- coordination.k8s.io
67+
resources:
68+
- leases
69+
verbs:
70+
- get
71+
- watch
72+
- list
73+
- create
74+
- update
75+
- delete
76+
- apiGroups:
77+
- ""
78+
resources:
79+
- events
80+
verbs:
81+
- create
82+
- patch
83+
- update
84+
- apiGroups:
85+
- ""
86+
resources:
87+
- nodes
88+
verbs:
89+
- '*'
90+
- apiGroups:
91+
- ""
92+
resources:
93+
- nodes/status
94+
verbs:
95+
- patch
96+
- apiGroups:
97+
- ""
98+
resources:
99+
- services
100+
verbs:
101+
- list
102+
- patch
103+
- update
104+
- watch
105+
- apiGroups:
106+
- ""
107+
resources:
108+
- services/status
109+
verbs:
110+
- list
111+
- patch
112+
- update
113+
- watch
114+
- apiGroups:
115+
- ""
116+
resources:
117+
- serviceaccounts
118+
verbs:
119+
- create
120+
- apiGroups:
121+
- ""
122+
resources:
123+
- persistentvolumes
124+
verbs:
125+
- get
126+
- list
127+
- update
128+
- watch
129+
- apiGroups:
130+
- ""
131+
resources:
132+
- endpoints
133+
verbs:
134+
- create
135+
- get
136+
- list
137+
- watch
138+
- update
139+
---
140+
kind: ClusterRoleBinding
141+
apiVersion: rbac.authorization.k8s.io/v1
142+
metadata:
143+
name: system:cloud-controller-manager
144+
roleRef:
145+
apiGroup: rbac.authorization.k8s.io
146+
kind: ClusterRole
147+
name: system:cloud-controller-manager
148+
subjects:
149+
- kind: ServiceAccount
150+
name: cloud-controller-manager
151+
namespace: kube-system

0 commit comments

Comments
 (0)