apiVersion: v1 kind: Namespace metadata: labels: control-plane: controller-manager name: etcdadm-controller-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.6.0-beta.0.0.20210504224115-9cd8c2840e84 creationTimestamp: null labels: cluster.x-k8s.io/v1alpha3: v1alpha3 cluster.x-k8s.io/v1alpha4: v1alpha4 name: etcdclusters.etcdcluster.cluster.x-k8s.io spec: group: etcdcluster.cluster.x-k8s.io names: kind: EtcdCluster listKind: EtcdClusterList plural: etcdclusters singular: etcdcluster scope: Namespaced versions: - name: v1alpha4 schema: openAPIV3Schema: description: EtcdCluster is the Schema for the etcdclusters API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: EtcdClusterSpec defines the desired state of EtcdCluster properties: etcdadmConfigSpec: description: EtcdadmConfigSpec defines the desired state of EtcdadmConfig properties: postEtcdadmCommands: description: PostEtcdadmCommands specifies extra commands to run after kubeadm runs items: type: string type: array preEtcdadmCommands: description: PreEtcdadmCommands specifies extra commands to run before kubeadm runs items: type: string type: array users: description: Users specifies extra users to add items: description: User defines the input for a generated user in cloud-init. properties: gecos: description: Gecos specifies the gecos to use for the user type: string groups: description: Groups specifies the additional groups for the user type: string homeDir: description: HomeDir specifies the home directory to use for the user type: string inactive: description: Inactive specifies whether to mark the user as inactive type: boolean lockPassword: description: LockPassword specifies if password login should be disabled type: boolean name: description: Name specifies the user name type: string passwd: description: Passwd specifies a hashed password for the user type: string primaryGroup: description: PrimaryGroup specifies the primary group for the user type: string shell: description: Shell specifies the user's shell type: string sshAuthorizedKeys: description: SSHAuthorizedKeys specifies a list of ssh authorized keys for the user items: type: string type: array sudo: description: Sudo specifies a sudo role for the user type: string required: - name type: object type: array version: type: string type: object infrastructureTemplate: description: InfrastructureTemplate is a required reference to a custom resource offered by an infrastructure provider. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object replicas: format: int32 type: integer version: type: string required: - infrastructureTemplate type: object status: description: EtcdClusterStatus defines the observed state of EtcdCluster properties: endpoint: type: string initMachineAddress: type: string initialized: type: boolean ready: type: boolean replicas: description: Total number of non-terminated machines targeted by this etcd cluster (their labels match the selector). format: int32 type: integer selector: description: 'Selector is the label selector in string format to avoid introspection by clients, and is used to provide the CRD-based integration for the scale subresource and additional integrations for things like kubectl describe.. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: ServiceAccount metadata: name: etcdadm-controller-manager namespace: etcdadm-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: etcdadm-controller-leader-election-role namespace: etcdadm-controller-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - configmaps/status verbs: - get - update - patch - apiGroups: - "" resources: - events verbs: - create - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: etcdadm-controller-manager-role rules: - apiGroups: - etcdcluster.cluster.x-k8s.io resources: - etcdclusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - etcdcluster.cluster.x-k8s.io resources: - etcdclusters/status verbs: - get - patch - update - apiGroups: - "" resources: - configmaps - events - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters - clusters/status verbs: - get - list - watch - apiGroups: - cluster.x-k8s.io resources: - machines - machines/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - bootstrap.cluster.x-k8s.io resources: - etcdadmconfigs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - bootstrap.cluster.x-k8s.io resources: - etcdadmconfigs/status verbs: - get - patch - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: - '*' verbs: - create - delete - get - list - patch - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: etcdadm-controller-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: etcdadm-controller-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: etcdadm-controller-leader-election-rolebinding namespace: etcdadm-controller-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: etcdadm-controller-leader-election-role subjects: - kind: ServiceAccount name: etcdadm-controller-manager namespace: etcdadm-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: etcdadm-controller-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: etcdadm-controller-manager-role subjects: - kind: ServiceAccount name: etcdadm-controller-manager namespace: etcdadm-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: etcdadm-controller-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: etcdadm-controller-proxy-role subjects: - kind: ServiceAccount name: default namespace: etcdadm-controller-system --- apiVersion: v1 kind: Service metadata: labels: control-plane: controller-manager name: etcdadm-controller-controller-manager-metrics-service namespace: etcdadm-controller-system spec: ports: - name: https port: 8443 targetPort: https selector: control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: etcdadm-controller-controller-manager namespace: etcdadm-controller-system spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https - args: - --metrics-addr=127.0.0.1:8080 - --enable-leader-election command: - /manager image: aws/etcdadm-controller:latest name: manager resources: limits: cpu: 100m memory: 100Mi requests: cpu: 100m memory: 50Mi serviceAccountName: etcdadm-controller-manager terminationGracePeriodSeconds: 10