@@ -4,9 +4,6 @@ kind: Cluster
44metadata :
55 name : ${CLUSTER_NAME}
66 namespace : ${NAMESPACE}
7- labels :
8- cluster.metal-stack.io/infrastructure-provider : metal-stack
9- cluster.metal-stack.io/cni : calico
107spec :
118 clusterNetwork :
129 pods :
@@ -206,303 +203,3 @@ spec:
206203 nodeRegistration :
207204 kubeletExtraArgs :
208205 cloud-provider : external
209- ---
210- apiVersion : addons.cluster.x-k8s.io/v1alpha1
211- kind : HelmChartProxy
212- metadata :
213- name : ${CLUSTER_NAME}-calico-cni
214- namespace : ${NAMESPACE}
215- spec :
216- clusterSelector :
217- matchLabels :
218- cluster.metal-stack.io/cni : calico
219- releaseName : calico
220- repoURL : https://docs.tigera.io/calico/charts
221- chartName : tigera-operator
222- namespace : kube-system
223- version : v3.28.3
224- valuesTemplate : |
225- installation:
226- enabled: true
227-
228- calicoNetwork:
229- bgp: Disabled
230- ipPools:
231- - name: default-ipv4-ippool
232- blockSize: 26
233- cidr: 10.240.0.0/12
234- encapsulation: None
235- mtu: 1440
236- cni:
237- ipam:
238- type: HostLocal
239- type: Calico
240-
241- goldmane:
242- enabled: false
243-
244- whisker:
245- enabled: false
246-
247- apiVersion : addons.cluster.x-k8s.io/v1beta1
248- kind : ClusterResourceSet
249- metadata :
250- name : ${CLUSTER_NAME}-metal-ccm
251- namespace : ${NAMESPACE}
252- spec :
253- strategy : Reconcile
254- clusterSelector :
255- matchLabels :
256- cluster.metal-stack.io/infrastructure-provider : metal-stack
257- resources :
258- - name : ${CLUSTER_NAME}-crs-cloud-controller-manager
259- kind : ConfigMap
260- - name : ${CLUSTER_NAME}-crs-cloud-controller-manager
261- kind : Secret
262- ---
263- apiVersion : v1
264- kind : Secret
265- metadata :
266- name : ${CLUSTER_NAME}-crs-cloud-controller-manager
267- namespace : ${NAMESPACE}
268- type : addons.cluster.x-k8s.io/resource-set
269- stringData :
270- secret.yaml : |
271- ---
272- apiVersion: v1
273- kind: Secret
274- metadata:
275- name: cloud-controller-manager
276- namespace: kube-system
277- stringData:
278- api-url: ${METAL_API_URL}
279- api-hmac: ${METAL_API_HMAC}
280- api-hmac-auth-type: ${METAL_API_HMAC_AUTH_TYPE}
281-
282- apiVersion : v1
283- kind : ConfigMap
284- metadata :
285- name : ${CLUSTER_NAME}-crs-cloud-controller-manager
286- namespace : ${NAMESPACE}
287- data :
288- deploy.yaml : |
289- ---
290- apiVersion: v1
291- kind: ServiceAccount
292- metadata:
293- name: cloud-controller-manager
294- namespace: kube-system
295- ---
296- apiVersion: rbac.authorization.k8s.io/v1
297- kind: ClusterRole
298- metadata:
299- name: cloud-controller-manager
300- rules:
301- - apiGroups:
302- - ""
303- resources:
304- - events
305- verbs:
306- - create
307- - patch
308- - update
309- - apiGroups:
310- - ""
311- resources:
312- - nodes
313- verbs:
314- - "*"
315- - apiGroups:
316- - ""
317- resources:
318- - nodes/status
319- verbs:
320- - patch
321- - apiGroups:
322- - ""
323- resources:
324- - services
325- - services/status
326- - endpoints
327- verbs:
328- - get
329- - list
330- - patch
331- - update
332- - watch
333- - apiGroups:
334- - ""
335- resources:
336- - serviceaccounts
337- - serviceaccounts/token
338- verbs:
339- - create
340- - get
341- - list
342- - watch
343- - apiGroups:
344- - ""
345- resources:
346- - secrets
347- - configmaps
348- verbs:
349- - get
350- - list
351- - watch
352- - update
353- - create
354- - patch
355- - delete
356- - apiGroups:
357- - coordination.k8s.io
358- resources:
359- - leases
360- verbs:
361- - get
362- - create
363- - update
364- - apiGroups:
365- - metallb.io
366- resources:
367- - bgppeers
368- verbs:
369- - create
370- - delete
371- - get
372- - list
373- - patch
374- - update
375- - watch
376- - apiGroups:
377- - metallb.io
378- resources:
379- - ipaddresspools
380- verbs:
381- - create
382- - delete
383- - get
384- - list
385- - patch
386- - update
387- - watch
388- - apiGroups:
389- - metallb.io
390- resources:
391- - bgpadvertisements
392- verbs:
393- - create
394- - delete
395- - get
396- - list
397- - patch
398- - update
399- - watch
400- ---
401- apiVersion: rbac.authorization.k8s.io/v1
402- kind: ClusterRoleBinding
403- metadata:
404- name: cloud-controller-manager
405- roleRef:
406- apiGroup: rbac.authorization.k8s.io
407- kind: ClusterRole
408- name: cloud-controller-manager
409- subjects:
410- - kind: ServiceAccount
411- name: cloud-controller-manager
412- namespace: kube-system
413- ---
414- apiVersion: apps/v1
415- kind: Deployment
416- metadata:
417- labels:
418- app: cloud-controller-manager
419- name: cloud-controller-manager
420- namespace: kube-system
421- spec:
422- replicas: 1
423- selector:
424- matchLabels:
425- app: cloud-controller-manager
426- strategy:
427- type: RollingUpdate
428- template:
429- metadata:
430- labels:
431- app: cloud-controller-manager
432- spec:
433- containers:
434- - command:
435- - ./metal-cloud-controller-manager
436- - --cluster-cidr=10.240.0.0/12
437- - --cluster-name=
438- - --concurrent-service-syncs=10
439- - --leader-elect=true
440- - --secure-port=10258
441- - --use-service-account-credentials
442- - --v=2
443- env:
444- - name: METAL_API_URL
445- valueFrom:
446- secretKeyRef:
447- key: api-url
448- name: cloud-controller-manager
449- - name: METAL_AUTH_HMAC
450- valueFrom:
451- secretKeyRef:
452- key: api-hmac
453- name: cloud-controller-manager
454- - name: METAL_AUTH_HMAC_AUTH_TYPE
455- valueFrom:
456- secretKeyRef:
457- key: api-hmac-auth-type
458- name: cloud-controller-manager
459- - name: METAL_PROJECT_ID
460- value: ${METAL_PROJECT_ID}
461- - name: METAL_PARTITION_ID
462- value: ${METAL_PARTITION}
463- # associates service type load balancer ips with this cluster:
464- - name: METAL_CLUSTER_ID
465- value: ${NAMESPACE}.${CLUSTER_NAME}
466- - name: METAL_DEFAULT_EXTERNAL_NETWORK_ID
467- value: internet
468- - name: METAL_ADDITIONAL_NETWORKS
469- value: internet,${METAL_NODE_NETWORK_ID}
470- - name: METAL_SSH_PUBLICKEY
471- value: ""
472- image: ghcr.io/metal-stack/metal-ccm:v0.9.7
473- imagePullPolicy: IfNotPresent
474- livenessProbe:
475- failureThreshold: 2
476- httpGet:
477- path: /healthz
478- port: 10258
479- scheme: HTTPS
480- initialDelaySeconds: 15
481- periodSeconds: 10
482- successThreshold: 1
483- timeoutSeconds: 15
484- name: cloud-controller-manager
485- resources:
486- limits:
487- cpu: 250m
488- memory: 256Mi
489- requests:
490- cpu: 100m
491- memory: 64Mi
492- nodeSelector:
493- node-role.kubernetes.io/control-plane: ""
494- hostNetwork: true
495- serviceAccountName: cloud-controller-manager
496- tolerations:
497- - effect: NoSchedule
498- operator: Exists
499- key: node-role.kubernetes.io/control-plane
500- - effect: NoSchedule
501- key: node.cloudprovider.kubernetes.io/uninitialized
502- value: "true"
503- restartPolicy: Always
504- volumes:
505- - name: cloud-controller-manager
506- secret:
507- defaultMode: 420
508- secretName: cloud-controller-manager
0 commit comments