apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: etcdadm-controller-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0-beta.0.0.20210504224115-9cd8c2840e84
creationTimestamp: null
labels:
cluster.x-k8s.io/v1alpha3: v1alpha3
cluster.x-k8s.io/v1alpha4: v1alpha4
name: etcdadmclusters.etcdcluster.cluster.x-k8s.io
spec:
group: etcdcluster.cluster.x-k8s.io
names:
kind: EtcdadmCluster
listKind: EtcdadmClusterList
plural: etcdadmclusters
singular: etcdadmcluster
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: EtcdadmCluster is the Schema for the etcdadmclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
etcdadmConfigSpec:
description: EtcdadmConfigSpec defines the desired state of EtcdadmConfig
properties:
postEtcdadmCommands:
description: PostEtcdadmCommands specifies extra commands to run
after kubeadm runs
items:
type: string
type: array
preEtcdadmCommands:
description: PreEtcdadmCommands specifies extra commands to run
before kubeadm runs
items:
type: string
type: array
users:
description: Users specifies extra users to add
items:
description: User defines the input for a generated user in
cloud-init.
properties:
gecos:
description: Gecos specifies the gecos to use for the user
type: string
groups:
description: Groups specifies the additional groups for
the user
type: string
homeDir:
description: HomeDir specifies the home directory to use
for the user
type: string
inactive:
description: Inactive specifies whether to mark the user
as inactive
type: boolean
lockPassword:
description: LockPassword specifies if password login should
be disabled
type: boolean
name:
description: Name specifies the user name
type: string
passwd:
description: Passwd specifies a hashed password for the
user
type: string
primaryGroup:
description: PrimaryGroup specifies the primary group for
the user
type: string
shell:
description: Shell specifies the user's shell
type: string
sshAuthorizedKeys:
description: SSHAuthorizedKeys specifies a list of ssh authorized
keys for the user
items:
type: string
type: array
sudo:
description: Sudo specifies a sudo role for the user
type: string
required:
- name
type: object
type: array
version:
type: string
type: object
infrastructureTemplate:
description: InfrastructureTemplate is a required reference to a custom
resource offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
replicas:
format: int32
type: integer
version:
type: string
required:
- infrastructureTemplate
type: object
status:
description: EtcdadmClusterStatus defines the observed state of EtcdadmCluster
properties:
conditions:
description: Conditions defines current service state of the EtcdadmCluster.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
endpoint:
type: string
initMachineAddress:
type: string
initialized:
type: boolean
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
type: boolean
replicas:
description: Total number of non-terminated machines targeted by this
etcd cluster (their labels match the selector).
format: int32
type: integer
selector:
description: 'Selector is the label selector in string format to avoid
introspection by clients, and is used to provide the CRD-based integration
for the scale subresource and additional integrations for things
like kubectl describe.. The string will be in the same format as
the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: etcdadm-controller-manager
namespace: etcdadm-controller-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: etcdadm-controller-leader-election-role
namespace: etcdadm-controller-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: etcdadm-controller-manager-role
rules:
- apiGroups:
- etcdcluster.cluster.x-k8s.io
resources:
- etcdadmclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- etcdcluster.cluster.x-k8s.io
resources:
- etcdadmclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- etcdadmconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- etcdadmconfigs/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: etcdadm-controller-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: etcdadm-controller-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: etcdadm-controller-leader-election-rolebinding
namespace: etcdadm-controller-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: etcdadm-controller-leader-election-role
subjects:
- kind: ServiceAccount
name: etcdadm-controller-manager
namespace: etcdadm-controller-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: etcdadm-controller-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: etcdadm-controller-manager-role
subjects:
- kind: ServiceAccount
name: etcdadm-controller-manager
namespace: etcdadm-controller-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: etcdadm-controller-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: etcdadm-controller-proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: etcdadm-controller-system
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: etcdadm-controller-controller-manager-metrics-service
namespace: etcdadm-controller-system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
name: etcdadm-controller-controller-manager
namespace: etcdadm-controller-system
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
template:
metadata:
labels:
control-plane: controller-manager
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
- args:
- --metrics-addr=127.0.0.1:8080
- --enable-leader-election
command:
- /manager
image: ${ETCDADM_CONTROLLER_IMAGE}
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
serviceAccountName: etcdadm-controller-manager
terminationGracePeriodSeconds: 10