2020-02-18 20:47:28 +08:00
|
|
|
---
|
|
|
|
apiVersion: v1
|
|
|
|
kind: ServiceAccount
|
|
|
|
metadata:
|
|
|
|
name: cloud-controller-manager
|
|
|
|
namespace: kube-system
|
|
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
|
|
kind: DaemonSet
|
|
|
|
metadata:
|
|
|
|
name: openstack-cloud-controller-manager
|
|
|
|
namespace: kube-system
|
|
|
|
labels:
|
|
|
|
k8s-app: openstack-cloud-controller-manager
|
|
|
|
spec:
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
|
|
|
k8s-app: openstack-cloud-controller-manager
|
|
|
|
updateStrategy:
|
|
|
|
type: RollingUpdate
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
k8s-app: openstack-cloud-controller-manager
|
|
|
|
spec:
|
|
|
|
nodeSelector:
|
2021-01-22 00:13:03 +08:00
|
|
|
{% if kube_version is version('v1.20.0', '<') %}
|
2020-02-18 20:47:28 +08:00
|
|
|
node-role.kubernetes.io/master: ""
|
2021-01-22 00:13:03 +08:00
|
|
|
{% else %}
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
{% endif %}
|
2020-02-18 20:47:28 +08:00
|
|
|
securityContext:
|
|
|
|
runAsUser: 1001
|
|
|
|
tolerations:
|
|
|
|
- key: node.cloudprovider.kubernetes.io/uninitialized
|
|
|
|
value: "true"
|
|
|
|
effect: NoSchedule
|
|
|
|
- key: node-role.kubernetes.io/master
|
|
|
|
effect: NoSchedule
|
2021-01-22 00:13:03 +08:00
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
2020-02-18 20:47:28 +08:00
|
|
|
serviceAccountName: cloud-controller-manager
|
|
|
|
containers:
|
|
|
|
- name: openstack-cloud-controller-manager
|
|
|
|
image: {{ docker_image_repo }}/k8scloudprovider/openstack-cloud-controller-manager:{{ external_openstack_cloud_controller_image_tag }}
|
|
|
|
args:
|
|
|
|
- /bin/openstack-cloud-controller-manager
|
|
|
|
- --v=1
|
|
|
|
- --cloud-config=$(CLOUD_CONFIG)
|
|
|
|
- --cloud-provider=openstack
|
2020-12-18 00:23:09 +08:00
|
|
|
- --cluster-name={{ cluster_name }}
|
2020-02-18 20:47:28 +08:00
|
|
|
- --use-service-account-credentials=true
|
|
|
|
- --address=127.0.0.1
|
2020-10-03 01:14:48 +08:00
|
|
|
{% for key, value in external_openstack_cloud_controller_extra_args.items() %}
|
|
|
|
- "{{ '--' + key + '=' + value }}"
|
|
|
|
{% endfor %}
|
2020-02-18 20:47:28 +08:00
|
|
|
volumeMounts:
|
|
|
|
- mountPath: /etc/kubernetes/pki
|
|
|
|
name: k8s-certs
|
|
|
|
readOnly: true
|
|
|
|
- mountPath: /etc/ssl/certs
|
|
|
|
name: ca-certs
|
|
|
|
readOnly: true
|
|
|
|
- mountPath: /etc/config
|
|
|
|
name: cloud-config-volume
|
|
|
|
readOnly: true
|
|
|
|
{% if external_openstack_cacert is defined and external_openstack_cacert != "" %}
|
|
|
|
- mountPath: {{ kube_config_dir }}/external-openstack-cacert.pem
|
|
|
|
name: openstack-cacert
|
|
|
|
readOnly: true
|
|
|
|
{% endif %}
|
2020-09-11 15:34:14 +08:00
|
|
|
{% if kubelet_flexvolumes_plugins_dir is defined %}
|
2020-02-18 20:47:28 +08:00
|
|
|
- mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
|
|
|
|
name: flexvolume-dir
|
2020-09-11 15:34:14 +08:00
|
|
|
{% endif %}
|
2020-02-18 20:47:28 +08:00
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
cpu: 200m
|
|
|
|
env:
|
|
|
|
- name: CLOUD_CONFIG
|
|
|
|
value: /etc/config/cloud.conf
|
|
|
|
hostNetwork: true
|
|
|
|
volumes:
|
2020-09-11 15:34:14 +08:00
|
|
|
{% if kubelet_flexvolumes_plugins_dir is defined %}
|
2020-02-18 20:47:28 +08:00
|
|
|
- hostPath:
|
2020-08-04 20:28:35 +08:00
|
|
|
path: "{{ kubelet_flexvolumes_plugins_dir }}"
|
2020-02-18 20:47:28 +08:00
|
|
|
type: DirectoryOrCreate
|
|
|
|
name: flexvolume-dir
|
2020-09-11 15:34:14 +08:00
|
|
|
{% endif %}
|
2020-02-18 20:47:28 +08:00
|
|
|
- hostPath:
|
|
|
|
path: /etc/kubernetes/pki
|
|
|
|
type: DirectoryOrCreate
|
|
|
|
name: k8s-certs
|
|
|
|
- hostPath:
|
|
|
|
path: /etc/ssl/certs
|
|
|
|
type: DirectoryOrCreate
|
|
|
|
name: ca-certs
|
|
|
|
- name: cloud-config-volume
|
|
|
|
secret:
|
|
|
|
secretName: external-openstack-cloud-config
|
|
|
|
{% if external_openstack_cacert is defined and external_openstack_cacert != "" %}
|
|
|
|
- hostPath:
|
|
|
|
path: {{ kube_config_dir }}/external-openstack-cacert.pem
|
|
|
|
type: FileOrCreate
|
|
|
|
name: openstack-cacert
|
|
|
|
{% endif %}
|