# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # --- apiVersion: v1 kind: ServiceAccount metadata: name: rss-controller namespace: uniffle --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rss-controller-role rules: - apiGroups: [ "" ] resources: [ "pods" ] verbs: [ "get", "list", "watch", "delete" ] - apiGroups: [ "uniffle.apache.org" ] resources: [ "remoteshuffleservices", "remoteshuffleservices/status" ] verbs: [ "get", "list", "watch", "update" ] - apiGroups: [ "admissionregistration.k8s.io" ] resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ] verbs: [ "get", "list", "watch", "update", "create", "delete" ] - apiGroups: [ "" ] resources: [ "configmaps", "secrets", "services", "serviceaccounts" ] verbs: [ "get", "list", "watch", "update", "create", "delete", "patch" ] - apiGroups: [ "apps" ] resources: [ "deployments", "statefulsets" ] verbs: [ "get", "list", "watch", "update", "create", "delete", "patch" ] - apiGroups: [ "coordination.k8s.io" ] resources: [ "leases" ] verbs: [ "get", "list", "watch", "update", "create", "delete" ] - apiGroups: [ "" ] resources: [ "events" ] verbs: [ "list", "watch", "create", "update", "patch" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rss-controller-role-binding subjects: - kind: ServiceAccount name: rss-controller namespace: uniffle roleRef: kind: ClusterRole name: rss-controller-role apiGroup: rbac.authorization.k8s.io --- kind: Deployment apiVersion: apps/v1 metadata: name: rss-controller namespace: uniffle spec: strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 2 type: RollingUpdate selector: matchLabels: app: rss-controller replicas: 1 template: metadata: labels: app: rss-controller spec: nodeSelector: app: css serviceAccountName: rss-controller containers: - name: rss-controller image: 021732063925.dkr.ecr.us-east-1.amazonaws.com/rss-controller:0.7.0-snapshot command: - "./controller" args: - "--v=5" ports: - containerPort: 9876 protocol: TCP imagePullPolicy: "Always" env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName resources: requests: cpu: 500m memory: 1024Mi tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - rss-controller topologyKey: kubernetes.io/hostname