157 lines
3.2 KiB
YAML
157 lines
3.2 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: rook-system
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: rook-operator
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
- serviceaccounts
|
|
- secrets
|
|
- pods
|
|
- services
|
|
- nodes
|
|
- nodes/proxy
|
|
- configmaps
|
|
- events
|
|
- persistentvolumes
|
|
- persistentvolumeclaims
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- patch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- extensions
|
|
resources:
|
|
- thirdpartyresources
|
|
- deployments
|
|
- daemonsets
|
|
- replicasets
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- delete
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- clusterroles
|
|
- clusterrolebindings
|
|
- roles
|
|
- rolebindings
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- delete
|
|
- apiGroups:
|
|
- storage.k8s.io
|
|
resources:
|
|
- storageclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- delete
|
|
- apiGroups:
|
|
- rook.io
|
|
resources:
|
|
- "*"
|
|
verbs:
|
|
- "*"
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: rook-operator
|
|
namespace: rook-system
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: rook-operator
|
|
namespace: rook-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: rook-operator
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rook-operator
|
|
namespace: rook-system
|
|
---
|
|
apiVersion: apps/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: rook-operator
|
|
namespace: rook-system
|
|
spec:
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: rook-operator
|
|
spec:
|
|
serviceAccountName: rook-operator
|
|
containers:
|
|
- name: rook-operator
|
|
image: rook/rook:master
|
|
args: ["operator"]
|
|
env:
|
|
# To disable RBAC, uncomment the following:
|
|
# - name: RBAC_ENABLED
|
|
# value: "false"
|
|
# Rook Agent toleration. Will tolerate all taints with all keys.
|
|
# Choose between NoSchedule, PreferNoSchedule and NoExecute:
|
|
# - name: AGENT_TOLERATION
|
|
# value: "NoSchedule"
|
|
# (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate
|
|
# - name: AGENT_TOLERATION_KEY
|
|
# value: "<KeyOfTheTaintToTolerate>"
|
|
# Set the path where the Rook agent can find the flex volumes
|
|
# - name: FLEXVOLUME_DIR_PATH
|
|
# value: "<PathToFlexVolumes>"
|
|
# The interval to check if every mon is in the quorum.
|
|
- name: ROOK_MON_HEALTHCHECK_INTERVAL
|
|
value: "45s"
|
|
# The duration to wait before trying to failover or remove/replace the
|
|
# current mon with a new mon (useful for compensating flapping network).
|
|
- name: ROOK_MON_OUT_TIMEOUT
|
|
value: "300s"
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|