diff options
| author |   Todd Malsbary <todd.malsbary@intel.com> | 2021-02-23 09:28:48 -0800 |
|---|---|---|
| committer | Todd Malsbary <todd.malsbary@intel.com> | 2021-04-29 08:45:07 -0700 |
| commit | 7d5f991538b2cf784645e7f1de71ff72800f8160 (patch) | |
| tree | 4c72762d46d4f4a54a871db2577462206ec462e1 /kud/deployment_infra/helm/cpu-manager/templates/clusterrolebinding.yaml | |
| parent | a53172e77dc15728a11d888dc2be718b25529fc0 (diff) | |
Add cmk addon helm chart
The chart follows the instructions laid out in the CMK operator
manual, with the following notes:
- The nodes are prepared by running each CMK subcommand as a Pod
instead of running cmk cluster-init. The first reason for this is
that the existing addon only deploys CMK to the worker nodes in the
cluster. This is not possible using cluster-init without explicitly
providing the list of worker nodes to cluster-init, and this list is
unknown by helm. Instead it is sufficient to rely on the
node-role.kubernetes.io/master:NoSchedule taint. The second reason
is that cluster-init creates resources which are unknown to helm,
thus uninstall does not behave as expected.
- The v1.4.1 version of CMK is chosen. In v1.5.2, the description key
of the cmk-nodereport resource is not correct.
- All values listed as possibly requiring modification are exposed in
values.yaml
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ibc75462de3729cd88edeb4b15602d57fe12791ca
Diffstat (limited to 'kud/deployment_infra/helm/cpu-manager/templates/clusterrolebinding.yaml')
| -rw-r--r-- | kud/deployment_infra/helm/cpu-manager/templates/clusterrolebinding.yaml | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/cpu-manager/templates/clusterrolebinding.yaml b/kud/deployment_infra/helm/cpu-manager/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..2d08c820 --- /dev/null +++ b/kud/deployment_infra/helm/cpu-manager/templates/clusterrolebinding.yaml @@ -0,0 +1,91 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cpu-manager.fullname" . }}-role-binding-daemonset + labels: + {{- include "cpu-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "cpu-manager.fullname" . }}-daemonset-controller +subjects: +- kind: ServiceAccount + name: {{ include "cpu-manager.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cpu-manager.fullname" . }}-role-binding-node + labels: + {{- include "cpu-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:node +subjects: +- kind: ServiceAccount + name: {{ include "cpu-manager.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cpu-manager.fullname" . }}-role-binding-crd + labels: + {{- include "cpu-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "cpu-manager.fullname" . }}-custom-resource-definition-controller +subjects: +- kind: ServiceAccount + name: {{ include "cpu-manager.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cpu-manager.fullname" . }}-role-binding-version + labels: + {{- include "cpu-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "cpu-manager.fullname" . }}-version-controller +subjects: +- kind: ServiceAccount + name: {{ include "cpu-manager.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cpu-manager.fullname" . }}-role-binding-webhook-installer + labels: + {{- include "cpu-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "cpu-manager.fullname" . }}-webhook-installer +subjects: +- kind: ServiceAccount + name: {{ include "cpu-manager.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cpu-manager.fullname" . }}-role-binding-node-lister + labels: + {{- include "cpu-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "cpu-manager.fullname" . }}-node-lister +subjects: +- kind: ServiceAccount + name: {{ include "cpu-manager.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +{{- end }} |