apiVersion: v1 kind: Namespace metadata: labels: control-plane: controller-manager name: etcdadm-controller-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.6.0-beta.0.0.20210504224115-9cd8c2840e84 creationTimestamp: null labels: cluster.x-k8s.io/v1alpha3: v1alpha3 cluster.x-k8s.io/v1alpha4: v1alpha4 name: etcdadmclusters.etcdcluster.cluster.x-k8s.io spec: group: etcdcluster.cluster.x-k8s.io names: kind: EtcdadmCluster listKind: EtcdadmClusterList plural: etcdadmclusters singular: etcdadmcluster scope: Namespaced versions: - name: v1alpha3 schema: openAPIV3Schema: description: EtcdadmCluster is the Schema for the etcdadmclusters API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: etcdadmConfigSpec: description: EtcdadmConfigSpec defines the desired state of EtcdadmConfig properties: postEtcdadmCommands: description: PostEtcdadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preEtcdadmCommands: description: PreEtcdadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array users: description: Users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: description: Gecos specifies the gecos to use for the user type: string groups: description: Groups specifies the additional groups for the user type: string homeDir: description: HomeDir specifies the home directory to use for the user type: string inactive: description: Inactive specifies whether to mark the user as inactive type: boolean lockPassword: description: LockPassword specifies if password login should be disabled type: boolean name: description: Name specifies the user name type: string passwd: description: Passwd specifies a hashed password for the user type: string primaryGroup: description: PrimaryGroup specifies the primary group for the user type: string shell: description: Shell specifies the user's shell type: string sshAuthorizedKeys: description: SSHAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: description: Sudo specifies a sudo role for the user type: string required: - name type: object type: array version: type: string type: object infrastructureTemplate: description: InfrastructureTemplate is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object replicas: format: int32 type: integer version: type: string required: - infrastructureTemplate type: object status: description: EtcdadmClusterStatus defines the observed state of EtcdadmCluster properties: conditions: description: Conditions defines current service state of the EtcdadmCluster. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: A human readable message indicating details about the transition. This field may be empty. type: string reason: description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - status - type type: object type: array endpoint: type: string initMachineAddress: type: string initialized: type: boolean observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer ready: type: boolean replicas: description: Total number of non-terminated machines targeted by this etcd cluster (their labels match the selector). format: int32 type: integer selector: description: 'Selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: ServiceAccount metadata: name: etcdadm-controller-manager namespace: etcdadm-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: etcdadm-controller-leader-election-role namespace: etcdadm-controller-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - configmaps/status verbs: - get - update - patch - apiGroups: - "" resources: - events verbs: - create - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: etcdadm-controller-manager-role rules: - apiGroups: - etcdcluster.cluster.x-k8s.io resources: - etcdadmclusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - etcdcluster.cluster.x-k8s.io resources: - etcdadmclusters/status verbs: - get - patch - update - apiGroups: - "" resources: - configmaps - events - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters - clusters/status verbs: - get - list - watch - apiGroups: - cluster.x-k8s.io resources: - machines - machines/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - bootstrap.cluster.x-k8s.io resources: - etcdadmconfigs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - bootstrap.cluster.x-k8s.io resources: - etcdadmconfigs/status verbs: - get - patch - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: - '*' verbs: - create - delete - get - list - patch - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: etcdadm-controller-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: etcdadm-controller-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: etcdadm-controller-leader-election-rolebinding namespace: etcdadm-controller-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: etcdadm-controller-leader-election-role subjects: - kind: ServiceAccount name: etcdadm-controller-manager namespace: etcdadm-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: etcdadm-controller-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: etcdadm-controller-manager-role subjects: - kind: ServiceAccount name: etcdadm-controller-manager namespace: etcdadm-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: etcdadm-controller-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: etcdadm-controller-proxy-role subjects: - kind: ServiceAccount name: default namespace: etcdadm-controller-system --- apiVersion: v1 kind: Service metadata: labels: control-plane: controller-manager name: etcdadm-controller-controller-manager-metrics-service namespace: etcdadm-controller-system spec: ports: - name: https port: 8443 targetPort: https selector: control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: etcdadm-controller-controller-manager namespace: etcdadm-controller-system spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https - args: - --metrics-addr=127.0.0.1:8080 - --enable-leader-election command: - /manager image: ${ETCDADM_CONTROLLER_IMAGE} name: manager resources: limits: cpu: 100m memory: 30Mi requests: cpu: 100m memory: 20Mi serviceAccountName: etcdadm-controller-manager terminationGracePeriodSeconds: 10