icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2969cafc9d
freeleaps-ops/cluster/manifests/freeleaps-infra-system/scheduler-plugins/0.30.6/all-in-one.yaml

93 lines
2.9 KiB
YAML
Raw Blame History

# First part
# Apply extra privileges to system:kube-scheduler.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-scheduler:plugins
rules:
- apiGroups: ["scheduling.x-k8s.io"]
resources: ["podgroups", "elasticquotas", "podgroups/status", "elasticquotas/status"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
# for network-aware plugins add the following lines (scheduler-plugins v.0.24.9)
#- apiGroups: [ "appgroup.diktyo.k8s.io" ]
# resources: [ "appgroups" ]
# verbs: [ "get", "list", "watch", "create", "delete", "update", "patch" ]
#- apiGroups: [ "networktopology.diktyo.k8s.io" ]
# resources: [ "networktopologies" ]
# verbs: [ "get", "list", "watch", "create", "delete", "update", "patch" ]
#- apiGroups: ["security-profiles-operator.x-k8s.io"]
# resources: ["seccompprofiles", "profilebindings"]
# verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-scheduler:plugins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-scheduler:plugins
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:kube-scheduler
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: scheduler-plugins-controller
namespace: freeleaps-infra-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: scheduler-plugins-controller
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["scheduling.x-k8s.io"]
resources: ["podgroups", "elasticquotas", "podgroups/status", "elasticquotas/status"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch", "update"]
#- apiGroups: ["security-profiles-operator.x-k8s.io"]
# resources: ["seccompprofiles", "profilebindings"]
# verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: scheduler-plugins-controller
subjects:
- kind: ServiceAccount
name: scheduler-plugins-controller
namespace: freeleaps-infra-system
roleRef:
kind: ClusterRole
name: scheduler-plugins-controller
apiGroup: rbac.authorization.k8s.io
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: scheduler-plugins-controller
namespace: freeleaps-infra-system
labels:
app: scheduler-plugins-controller
spec:
replicas: 1
selector:
matchLabels:
app: scheduler-plugins-controller
template:
metadata:
labels:
app: scheduler-plugins-controller
spec:
serviceAccountName: scheduler-plugins-controller
containers:
- name: scheduler-plugins-controller
image: registry.k8s.io/scheduler-plugins/controller:v0.30.6
imagePullPolicy: IfNotPresent
Reference in New Issue View Git Blame Copy Permalink