From c1b4129dea76e9d6997f0b85430e1219ba37ff63 Mon Sep 17 00:00:00 2001 From: Achintha Gunasekara Date: Mon, 1 Apr 2019 10:36:48 +1100 Subject: [PATCH] YAML linting Azure examples --- .../cluster-autoscaler-containerservice.yaml | 205 +++++++-------- .../cluster-autoscaler-standard-master.yaml | 239 +++++++++--------- .../cluster-autoscaler-standard-msi.yaml | 225 +++++++++-------- .../examples/cluster-autoscaler-standard.yaml | 231 +++++++++-------- .../cluster-autoscaler-vmss-master.yaml | 211 ++++++++-------- .../examples/cluster-autoscaler-vmss-msi.yaml | 197 ++++++++------- .../examples/cluster-autoscaler-vmss.yaml | 203 ++++++++------- 7 files changed, 780 insertions(+), 731 deletions(-) diff --git a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-containerservice.yaml b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-containerservice.yaml index edf6f25f2f46..129ab67a09aa 100644 --- a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-containerservice.yaml +++ b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-containerservice.yaml @@ -16,40 +16,45 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["events","endpoints"] - verbs: ["create", "patch"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["watch","list","get","update"] -- apiGroups: [""] - resources: ["pods","services","replicationcontrollers","persistentvolumeclaims","persistentvolumes"] - verbs: ["watch","list","get"] -- apiGroups: ["extensions"] - resources: ["replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch","list"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["watch","list","get"] + - apiGroups: [""] + resources: ["events", "endpoints"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["endpoints"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list", "get", "update"] + - apiGroups: [""] + resources: + - "pods" + - "services" + - "replicationcontrollers" + - "persistentvolumeclaims" + - "persistentvolumes" + verbs: ["watch", "list", "get"] + - apiGroups: ["extensions"] + resources: ["replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["watch", "list"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["watch", "list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -61,13 +66,15 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete","get","update","watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: + - "cluster-autoscaler-status" + - "cluster-autoscaler-priority-expander" + verbs: ["delete", "get", "update", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -139,62 +146,62 @@ spec: spec: serviceAccountName: cluster-autoscaler containers: - - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} - imagePullPolicy: Always - name: cluster-autoscaler - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - command: - - ./cluster-autoscaler - - --v=3 - - --logtostderr=true - - --cloud-provider=azure - - --skip-nodes-with-local-storage=false - - --nodes=3:10:nodepool1 - env: - - name: ARM_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: SubscriptionID - name: cluster-autoscaler-azure - - name: ARM_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: ResourceGroup - name: cluster-autoscaler-azure - - name: ARM_TENANT_ID - valueFrom: - secretKeyRef: - key: TenantID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_ID - valueFrom: - secretKeyRef: - key: ClientID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: ClientSecret - name: cluster-autoscaler-azure - - name: ARM_VM_TYPE - valueFrom: - secretKeyRef: - key: VMType - name: cluster-autoscaler-azure - - name: AZURE_CLUSTER_NAME - valueFrom: - secretKeyRef: - key: ClusterName - name: cluster-autoscaler-azure - - name: AZURE_NODE_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: NodeResourceGroup - name: cluster-autoscaler-azure + - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} + imagePullPolicy: Always + name: cluster-autoscaler + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + command: + - ./cluster-autoscaler + - --v=3 + - --logtostderr=true + - --cloud-provider=azure + - --skip-nodes-with-local-storage=false + - --nodes=3:10:nodepool1 + env: + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: cluster-autoscaler-azure + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: cluster-autoscaler-azure + - name: ARM_TENANT_ID + valueFrom: + secretKeyRef: + key: TenantID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_ID + valueFrom: + secretKeyRef: + key: ClientID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ClientSecret + name: cluster-autoscaler-azure + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: cluster-autoscaler-azure + - name: AZURE_CLUSTER_NAME + valueFrom: + secretKeyRef: + key: ClusterName + name: cluster-autoscaler-azure + - name: AZURE_NODE_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: NodeResourceGroup + name: cluster-autoscaler-azure restartPolicy: Always diff --git a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-master.yaml b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-master.yaml index 78891610b68b..1e5bbe112abc 100644 --- a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-master.yaml +++ b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-master.yaml @@ -16,40 +16,45 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["events","endpoints"] - verbs: ["create", "patch"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["watch","list","get","update"] -- apiGroups: [""] - resources: ["pods","services","replicationcontrollers","persistentvolumeclaims","persistentvolumes"] - verbs: ["watch","list","get"] -- apiGroups: ["extensions"] - resources: ["replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch","list"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["watch","list","get"] + - apiGroups: [""] + resources: ["events", "endpoints"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["endpoints"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list", "get", "update"] + - apiGroups: [""] + resources: + - "pods" + - "services" + - "replicationcontrollers" + - "persistentvolumeclaims" + - "persistentvolumes" + verbs: ["watch", "list", "get"] + - apiGroups: ["extensions"] + resources: ["replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["watch", "list"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["watch", "list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -61,13 +66,15 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete","get","update","watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: + - "cluster-autoscaler-status" + - "cluster-autoscaler-priority-expander" + verbs: ["delete", "get", "update", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -138,84 +145,84 @@ spec: spec: serviceAccountName: cluster-autoscaler tolerations: - - effect: NoSchedule - operator: "Equal" - value: "true" - key: node-role.kubernetes.io/master + - effect: NoSchedule + operator: "Equal" + value: "true" + key: node-role.kubernetes.io/master nodeSelector: kubernetes.io/role: master containers: - - command: - - ./cluster-autoscaler - - --v=3 - - --logtostderr=true - - --cloud-provider=azure - - --skip-nodes-with-local-storage=false - - --nodes=1:10:agentpool1 - - --nodes=1:10:agentpool2 - env: - - name: ARM_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: SubscriptionID - name: cluster-autoscaler-azure - - name: ARM_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: ResourceGroup - name: cluster-autoscaler-azure - - name: ARM_TENANT_ID - valueFrom: - secretKeyRef: - key: TenantID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_ID - valueFrom: - secretKeyRef: - key: ClientID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: ClientSecret - name: cluster-autoscaler-azure - - name: ARM_VM_TYPE - valueFrom: - secretKeyRef: - key: VMType - name: cluster-autoscaler-azure - - name: ARM_DEPLOYMENT - valueFrom: - secretKeyRef: - key: Deployment - name: cluster-autoscaler-azure - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} - imagePullPolicy: Always - name: cluster-autoscaler - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /etc/ssl/certs/ca-certificates.crt - name: ssl-certs - readOnly: true - - mountPath: /var/lib/azure/ - name: deploy-parameters - readOnly: true + - command: + - ./cluster-autoscaler + - --v=3 + - --logtostderr=true + - --cloud-provider=azure + - --skip-nodes-with-local-storage=false + - --nodes=1:10:agentpool1 + - --nodes=1:10:agentpool2 + env: + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: cluster-autoscaler-azure + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: cluster-autoscaler-azure + - name: ARM_TENANT_ID + valueFrom: + secretKeyRef: + key: TenantID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_ID + valueFrom: + secretKeyRef: + key: ClientID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ClientSecret + name: cluster-autoscaler-azure + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: cluster-autoscaler-azure + - name: ARM_DEPLOYMENT + valueFrom: + secretKeyRef: + key: Deployment + name: cluster-autoscaler-azure + image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} + imagePullPolicy: Always + name: cluster-autoscaler + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + volumeMounts: + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ssl-certs + readOnly: true + - mountPath: /var/lib/azure/ + name: deploy-parameters + readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always volumes: - - hostPath: - path: /etc/ssl/certs/ca-certificates.crt - type: "" - name: ssl-certs - - name: deploy-parameters - secret: - secretName: cluster-autoscaler-azure-deploy-parameters - items: - - key: deploy-parameters - path: azuredeploy.parameters.json + - hostPath: + path: /etc/ssl/certs/ca-certificates.crt + type: "" + name: ssl-certs + - name: deploy-parameters + secret: + secretName: cluster-autoscaler-azure-deploy-parameters + items: + - key: deploy-parameters + path: azuredeploy.parameters.json diff --git a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-msi.yaml b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-msi.yaml index 13758dc4bdd7..a883fdbf7cf6 100644 --- a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-msi.yaml +++ b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard-msi.yaml @@ -16,40 +16,45 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["events","endpoints"] - verbs: ["create", "patch"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["watch","list","get","update"] -- apiGroups: [""] - resources: ["pods","services","replicationcontrollers","persistentvolumeclaims","persistentvolumes"] - verbs: ["watch","list","get"] -- apiGroups: ["extensions"] - resources: ["replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch","list"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["watch","list","get"] + - apiGroups: [""] + resources: ["events", "endpoints"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["endpoints"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list", "get", "update"] + - apiGroups: [""] + resources: + - "pods" + - "services" + - "replicationcontrollers" + - "persistentvolumeclaims" + - "persistentvolumes" + verbs: ["watch", "list", "get"] + - apiGroups: ["extensions"] + resources: ["replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["watch", "list"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["watch", "list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -61,13 +66,15 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete","get","update","watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: + - "cluster-autoscaler-status" + - "cluster-autoscaler-priority-expander" + verbs: ["delete", "get", "update", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -136,77 +143,77 @@ spec: hostNetwork: true serviceAccountName: cluster-autoscaler tolerations: - - effect: NoSchedule - operator: "Equal" - value: "true" - key: node-role.kubernetes.io/master + - effect: NoSchedule + operator: "Equal" + value: "true" + key: node-role.kubernetes.io/master nodeSelector: kubernetes.io/role: master containers: - - command: - - ./cluster-autoscaler - - --v=3 - - --logtostderr=true - - --cloud-provider=azure - - --skip-nodes-with-local-storage=false - - --nodes=1:10:agentpool1 - - --nodes=1:10:agentpool2 - env: - - name: ARM_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: SubscriptionID - name: cluster-autoscaler-azure - - name: ARM_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: ResourceGroup - name: cluster-autoscaler-azure - - name: ARM_USE_MANAGED_IDENTITY_EXTENSION - value: "true" - - name: ARM_VM_TYPE - valueFrom: - secretKeyRef: - key: VMType - name: cluster-autoscaler-azure - - name: ARM_DEPLOYMENT - valueFrom: - secretKeyRef: - key: Deployment - name: cluster-autoscaler-azure - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} - imagePullPolicy: Always - name: cluster-autoscaler - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /etc/ssl/certs/ca-certificates.crt - name: ssl-certs - readOnly: true - - mountPath: /var/lib/azure/ - name: deploy-parameters - readOnly: true - - mountPath: /var/lib/waagent/ - name: waagent - readOnly: true + - command: + - ./cluster-autoscaler + - --v=3 + - --logtostderr=true + - --cloud-provider=azure + - --skip-nodes-with-local-storage=false + - --nodes=1:10:agentpool1 + - --nodes=1:10:agentpool2 + env: + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: cluster-autoscaler-azure + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: cluster-autoscaler-azure + - name: ARM_USE_MANAGED_IDENTITY_EXTENSION + value: "true" + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: cluster-autoscaler-azure + - name: ARM_DEPLOYMENT + valueFrom: + secretKeyRef: + key: Deployment + name: cluster-autoscaler-azure + image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} + imagePullPolicy: Always + name: cluster-autoscaler + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + volumeMounts: + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ssl-certs + readOnly: true + - mountPath: /var/lib/azure/ + name: deploy-parameters + readOnly: true + - mountPath: /var/lib/waagent/ + name: waagent + readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always volumes: - - hostPath: - path: /etc/ssl/certs/ca-certificates.crt - type: "" - name: ssl-certs - - name: deploy-parameters - secret: - secretName: cluster-autoscaler-azure-deploy-parameters - items: - - key: deploy-parameters - path: azuredeploy.parameters.json - - hostPath: - path: /var/lib/waagent/ - name: waagent \ No newline at end of file + - hostPath: + path: /etc/ssl/certs/ca-certificates.crt + type: "" + name: ssl-certs + - name: deploy-parameters + secret: + secretName: cluster-autoscaler-azure-deploy-parameters + items: + - key: deploy-parameters + path: azuredeploy.parameters.json + - hostPath: + path: /var/lib/waagent/ + name: waagent diff --git a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard.yaml b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard.yaml index 855531f8346c..a007de454c44 100644 --- a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard.yaml +++ b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-standard.yaml @@ -16,40 +16,45 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["events","endpoints"] - verbs: ["create", "patch"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["watch","list","get","update"] -- apiGroups: [""] - resources: ["pods","services","replicationcontrollers","persistentvolumeclaims","persistentvolumes"] - verbs: ["watch","list","get"] -- apiGroups: ["extensions"] - resources: ["replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch","list"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["watch","list","get"] + - apiGroups: [""] + resources: ["events", "endpoints"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["endpoints"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list", "get", "update"] + - apiGroups: [""] + resources: + - "pods" + - "services" + - "replicationcontrollers" + - "persistentvolumeclaims" + - "persistentvolumes" + verbs: ["watch", "list", "get"] + - apiGroups: ["extensions"] + resources: ["replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["watch", "list"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["watch", "list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -61,13 +66,15 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete","get","update","watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: + - "cluster-autoscaler-status" + - "cluster-autoscaler-priority-expander" + verbs: ["delete", "get", "update", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -138,77 +145,77 @@ spec: spec: serviceAccountName: cluster-autoscaler containers: - - command: - - ./cluster-autoscaler - - --v=3 - - --logtostderr=true - - --cloud-provider=azure - - --skip-nodes-with-local-storage=false - - --nodes=1:10:agentpool1 - - --nodes=1:10:agentpool2 - env: - - name: ARM_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: SubscriptionID - name: cluster-autoscaler-azure - - name: ARM_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: ResourceGroup - name: cluster-autoscaler-azure - - name: ARM_TENANT_ID - valueFrom: - secretKeyRef: - key: TenantID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_ID - valueFrom: - secretKeyRef: - key: ClientID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: ClientSecret - name: cluster-autoscaler-azure - - name: ARM_VM_TYPE - valueFrom: - secretKeyRef: - key: VMType - name: cluster-autoscaler-azure - - name: ARM_DEPLOYMENT - valueFrom: - secretKeyRef: - key: Deployment - name: cluster-autoscaler-azure - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} - imagePullPolicy: Always - name: cluster-autoscaler - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /etc/ssl/certs/ca-certificates.crt - name: ssl-certs - readOnly: true - - mountPath: /var/lib/azure/ - name: deploy-parameters - readOnly: true + - command: + - ./cluster-autoscaler + - --v=3 + - --logtostderr=true + - --cloud-provider=azure + - --skip-nodes-with-local-storage=false + - --nodes=1:10:agentpool1 + - --nodes=1:10:agentpool2 + env: + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: cluster-autoscaler-azure + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: cluster-autoscaler-azure + - name: ARM_TENANT_ID + valueFrom: + secretKeyRef: + key: TenantID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_ID + valueFrom: + secretKeyRef: + key: ClientID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ClientSecret + name: cluster-autoscaler-azure + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: cluster-autoscaler-azure + - name: ARM_DEPLOYMENT + valueFrom: + secretKeyRef: + key: Deployment + name: cluster-autoscaler-azure + image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} + imagePullPolicy: Always + name: cluster-autoscaler + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + volumeMounts: + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ssl-certs + readOnly: true + - mountPath: /var/lib/azure/ + name: deploy-parameters + readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always volumes: - - hostPath: - path: /etc/ssl/certs/ca-certificates.crt - type: "" - name: ssl-certs - - name: deploy-parameters - secret: - secretName: cluster-autoscaler-azure-deploy-parameters - items: - - key: deploy-parameters - path: azuredeploy.parameters.json + - hostPath: + path: /etc/ssl/certs/ca-certificates.crt + type: "" + name: ssl-certs + - name: deploy-parameters + secret: + secretName: cluster-autoscaler-azure-deploy-parameters + items: + - key: deploy-parameters + path: azuredeploy.parameters.json diff --git a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-master.yaml b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-master.yaml index b6eadbe5ad26..2d71f6ba5080 100644 --- a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-master.yaml +++ b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-master.yaml @@ -16,40 +16,45 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["events","endpoints"] - verbs: ["create", "patch"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["watch","list","get","update"] -- apiGroups: [""] - resources: ["pods","services","replicationcontrollers","persistentvolumeclaims","persistentvolumes"] - verbs: ["watch","list","get"] -- apiGroups: ["extensions"] - resources: ["replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch","list"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["watch","list","get"] + - apiGroups: [""] + resources: ["events", "endpoints"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["endpoints"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list", "get", "update"] + - apiGroups: [""] + resources: + - "pods" + - "services" + - "replicationcontrollers" + - "persistentvolumeclaims" + - "persistentvolumes" + verbs: ["watch", "list", "get"] + - apiGroups: ["extensions"] + resources: ["replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["watch", "list"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["watch", "list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -61,13 +66,15 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete","get","update","watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: + - "cluster-autoscaler-status" + - "cluster-autoscaler-priority-expander" + verbs: ["delete", "get", "update", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -137,69 +144,69 @@ spec: spec: serviceAccountName: cluster-autoscaler tolerations: - - effect: NoSchedule - operator: "Equal" - value: "true" - key: node-role.kubernetes.io/master + - effect: NoSchedule + operator: "Equal" + value: "true" + key: node-role.kubernetes.io/master nodeSelector: kubernetes.io/role: master containers: - - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} - imagePullPolicy: Always - name: cluster-autoscaler - command: - - ./cluster-autoscaler - - --v=3 - - --logtostderr=true - - --cloud-provider=azure - - --skip-nodes-with-local-storage=false - - --nodes=1:10:vmss1 - - --nodes=1:10:vmss2 - env: - - name: ARM_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: SubscriptionID - name: cluster-autoscaler-azure - - name: ARM_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: ResourceGroup - name: cluster-autoscaler-azure - - name: ARM_TENANT_ID - valueFrom: - secretKeyRef: - key: TenantID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_ID - valueFrom: - secretKeyRef: - key: ClientID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: ClientSecret - name: cluster-autoscaler-azure - - name: ARM_VM_TYPE - valueFrom: - secretKeyRef: - key: VMType - name: cluster-autoscaler-azure - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /etc/ssl/certs/ca-certificates.crt - name: ssl-certs - readOnly: true + - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} + imagePullPolicy: Always + name: cluster-autoscaler + command: + - ./cluster-autoscaler + - --v=3 + - --logtostderr=true + - --cloud-provider=azure + - --skip-nodes-with-local-storage=false + - --nodes=1:10:vmss1 + - --nodes=1:10:vmss2 + env: + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: cluster-autoscaler-azure + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: cluster-autoscaler-azure + - name: ARM_TENANT_ID + valueFrom: + secretKeyRef: + key: TenantID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_ID + valueFrom: + secretKeyRef: + key: ClientID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ClientSecret + name: cluster-autoscaler-azure + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: cluster-autoscaler-azure + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + volumeMounts: + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ssl-certs + readOnly: true restartPolicy: Always volumes: - - hostPath: - path: /etc/ssl/certs/ca-certificates.crt - type: "" - name: ssl-certs \ No newline at end of file + - hostPath: + path: /etc/ssl/certs/ca-certificates.crt + type: "" + name: ssl-certs diff --git a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-msi.yaml b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-msi.yaml index 7a79ff6f9bc5..2317154a7d5f 100644 --- a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-msi.yaml +++ b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss-msi.yaml @@ -16,40 +16,45 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["events","endpoints"] - verbs: ["create", "patch"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["watch","list","get","update"] -- apiGroups: [""] - resources: ["pods","services","replicationcontrollers","persistentvolumeclaims","persistentvolumes"] - verbs: ["watch","list","get"] -- apiGroups: ["extensions"] - resources: ["replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch","list"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["watch","list","get"] + - apiGroups: [""] + resources: ["events", "endpoints"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["endpoints"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list", "get", "update"] + - apiGroups: [""] + resources: + - "pods" + - "services" + - "replicationcontrollers" + - "persistentvolumeclaims" + - "persistentvolumes" + verbs: ["watch", "list", "get"] + - apiGroups: ["extensions"] + resources: ["replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["watch", "list"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["watch", "list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -61,13 +66,15 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete","get","update","watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: + - "cluster-autoscaler-status" + - "cluster-autoscaler-priority-expander" + verbs: ["delete", "get", "update", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -135,62 +142,62 @@ spec: hostNetwork: true serviceAccountName: cluster-autoscaler tolerations: - - effect: NoSchedule - operator: "Equal" - value: "true" - key: node-role.kubernetes.io/master + - effect: NoSchedule + operator: "Equal" + value: "true" + key: node-role.kubernetes.io/master nodeSelector: kubernetes.io/role: master containers: - - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} - imagePullPolicy: Always - name: cluster-autoscaler - command: - - ./cluster-autoscaler - - --v=3 - - --logtostderr=true - - --cloud-provider=azure - - --skip-nodes-with-local-storage=false - - --nodes=1:10:vmss1 - - --nodes=1:10:vmss2 - env: - - name: ARM_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: SubscriptionID - name: cluster-autoscaler-azure - - name: ARM_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: ResourceGroup - name: cluster-autoscaler-azure - - name: ARM_USE_MANAGED_IDENTITY_EXTENSION - value: "true" - - name: ARM_VM_TYPE - valueFrom: - secretKeyRef: - key: VMType - name: cluster-autoscaler-azure - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /etc/ssl/certs/ca-certificates.crt - name: ssl-certs - readOnly: true - - mountPath: /var/lib/waagent/ - name: waagent - readOnly: true + - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} + imagePullPolicy: Always + name: cluster-autoscaler + command: + - ./cluster-autoscaler + - --v=3 + - --logtostderr=true + - --cloud-provider=azure + - --skip-nodes-with-local-storage=false + - --nodes=1:10:vmss1 + - --nodes=1:10:vmss2 + env: + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: cluster-autoscaler-azure + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: cluster-autoscaler-azure + - name: ARM_USE_MANAGED_IDENTITY_EXTENSION + value: "true" + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: cluster-autoscaler-azure + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + volumeMounts: + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ssl-certs + readOnly: true + - mountPath: /var/lib/waagent/ + name: waagent + readOnly: true restartPolicy: Always volumes: - - hostPath: - path: /etc/ssl/certs/ca-certificates.crt - type: "" - name: ssl-certs - - hostPath: - path: /var/lib/waagent/ - name: waagent \ No newline at end of file + - hostPath: + path: /etc/ssl/certs/ca-certificates.crt + type: "" + name: ssl-certs + - hostPath: + path: /var/lib/waagent/ + name: waagent diff --git a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss.yaml b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss.yaml index efaa12c64990..e4b13e0d8452 100644 --- a/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss.yaml +++ b/cluster-autoscaler/cloudprovider/azure/examples/cluster-autoscaler-vmss.yaml @@ -16,40 +16,45 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["events","endpoints"] - verbs: ["create", "patch"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["watch","list","get","update"] -- apiGroups: [""] - resources: ["pods","services","replicationcontrollers","persistentvolumeclaims","persistentvolumes"] - verbs: ["watch","list","get"] -- apiGroups: ["extensions"] - resources: ["replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch","list"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets","daemonsets"] - verbs: ["watch","list","get"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["watch","list","get"] + - apiGroups: [""] + resources: ["events", "endpoints"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["endpoints"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list", "get", "update"] + - apiGroups: [""] + resources: + - "pods" + - "services" + - "replicationcontrollers" + - "persistentvolumeclaims" + - "persistentvolumes" + verbs: ["watch", "list", "get"] + - apiGroups: ["extensions"] + resources: ["replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["watch", "list"] + - apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "daemonsets"] + verbs: ["watch", "list", "get"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["watch", "list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -61,13 +66,15 @@ metadata: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete","get","update","watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: + - "cluster-autoscaler-status" + - "cluster-autoscaler-priority-expander" + verbs: ["delete", "get", "update", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -137,62 +144,62 @@ spec: spec: serviceAccountName: cluster-autoscaler containers: - - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} - imagePullPolicy: Always - name: cluster-autoscaler - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - command: - - ./cluster-autoscaler - - --v=3 - - --logtostderr=true - - --cloud-provider=azure - - --skip-nodes-with-local-storage=false - - --nodes=1:10:vmss1 - - --nodes=1:10:vmss2 - env: - - name: ARM_SUBSCRIPTION_ID - valueFrom: - secretKeyRef: - key: SubscriptionID - name: cluster-autoscaler-azure - - name: ARM_RESOURCE_GROUP - valueFrom: - secretKeyRef: - key: ResourceGroup - name: cluster-autoscaler-azure - - name: ARM_TENANT_ID - valueFrom: - secretKeyRef: - key: TenantID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_ID - valueFrom: - secretKeyRef: - key: ClientID - name: cluster-autoscaler-azure - - name: ARM_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: ClientSecret - name: cluster-autoscaler-azure - - name: ARM_VM_TYPE - valueFrom: - secretKeyRef: - key: VMType - name: cluster-autoscaler-azure - volumeMounts: - - mountPath: /etc/ssl/certs/ca-certificates.crt - name: ssl-certs - readOnly: true + - image: k8s.gcr.io/cluster-autoscaler:{{ ca_version }} + imagePullPolicy: Always + name: cluster-autoscaler + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + command: + - ./cluster-autoscaler + - --v=3 + - --logtostderr=true + - --cloud-provider=azure + - --skip-nodes-with-local-storage=false + - --nodes=1:10:vmss1 + - --nodes=1:10:vmss2 + env: + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: cluster-autoscaler-azure + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: cluster-autoscaler-azure + - name: ARM_TENANT_ID + valueFrom: + secretKeyRef: + key: TenantID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_ID + valueFrom: + secretKeyRef: + key: ClientID + name: cluster-autoscaler-azure + - name: ARM_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ClientSecret + name: cluster-autoscaler-azure + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: cluster-autoscaler-azure + volumeMounts: + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ssl-certs + readOnly: true restartPolicy: Always volumes: - - hostPath: - path: /etc/ssl/certs/ca-certificates.crt - type: "" - name: ssl-certs + - hostPath: + path: /etc/ssl/certs/ca-certificates.crt + type: "" + name: ssl-certs