--- # Source: cmk/templates/serviceaccount.yml apiVersion: v1 kind: ServiceAccount metadata: name: cmk namespace: kube-system --- # Source: cmk/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: cmk-custom-resource-definition-controller namespace: kube-system rules: - apiGroups: ["intel.com"] resources: ["*"] verbs: ["*"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions", "customresourcedefinitions.extensions"] verbs: ["*"] --- # Source: cmk/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: cmk-daemonset-controller namespace: kube-system rules: - apiGroups: ["extensions"] resources: ["daemonsets", "daemonsets.extensions"] verbs: ["*"] --- # Source: cmk/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: cmk-third-party-resource-controller namespace: kube-system rules: - apiGroups: ["cmk.intel.com"] resources: ["*"] verbs: ["*"] - apiGroups: ["extensions"] resources: ["thirdpartyresources", "thirdpartyresources.extensions"] verbs: ["*"] --- # Source: cmk/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: cmk-version-controller namespace: kube-system rules: - nonResourceURLs: ["*"] verbs: - get --- # Source: cmk/templates/rbac.yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: cmk-role-binding-version namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cmk-version-controller subjects: - kind: ServiceAccount name: cmk namespace: kube-system --- # Source: cmk/templates/rbac.yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: cmk-role-binding-daemonset namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cmk-daemonset-controller subjects: - kind: ServiceAccount name: cmk namespace: kube-system --- # Source: cmk/templates/rbac.yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: cmk-role-binding-node namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:node subjects: - kind: ServiceAccount name: cmk namespace: kube-system --- # Source: cmk/templates/rbac.yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: cmk-role-binding-tpr namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cmk-third-party-resource-controller subjects: - kind: ServiceAccount name: cmk namespace: kube-system --- # Source: cmk/templates/rbac.yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: cmk-role-binding-crd namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cmk-custom-resource-definition-controller subjects: - kind: ServiceAccount name: cmk namespace: kube-system --- # Source: cmk/templates/daemonset.yml apiVersion: apps/v1 kind: DaemonSet metadata: name: cmk labels: app: cmk namespace: kube-system spec: selector: matchLabels: name: cmk template: metadata: labels: name: cmk spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: serviceAccountName: cmk tolerations: - key: cmk operator: Exists containers: - name: reconcile image: localhost:5000/cmk:v1.4.1 imagePullPolicy: IfNotPresent env: - name: CMK_RECONCILE_SLEEP_TIME value: '60' - name: CMK_PROC_FS value: /proc - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName command: ["/bin/bash", "-c"] args: - "/cmk/cmk.py isolate --pool=infra /cmk/cmk.py -- reconcile --interval=$CMK_RECONCILE_SLEEP_TIME --publish" volumeMounts: - mountPath: /proc name: host-proc readOnly: false - mountPath: /etc/cmk name: cmk-conf-dir - mountPath: /opt/bin name: cmk-install-dir - name: nodereport image: localhost:5000/cmk:v1.4.1 imagePullPolicy: IfNotPresent env: - name: CMK_NODE_REPORT_SLEEP_TIME value: '60' - name: CMK_PROC_FS value: /proc - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName command: ["/bin/bash", "-c"] args: - "/cmk/cmk.py isolate --pool=infra /cmk/cmk.py -- node-report --interval=$CMK_NODE_REPORT_SLEEP_TIME --publish" volumeMounts: - mountPath: /proc name: host-proc readOnly: false - mountPath: /etc/cmk name: cmk-conf-dir - mountPath: /opt/bin name: cmk-install-dir initContainers: - name: init image: localhost:5000/cmk:v1.4.1 imagePullPolicy: IfNotPresent env: - name: CMK_PROC_FS value: "/proc" - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName command: ["/bin/bash", "-c"] args: - "/cmk/cmk.py init --conf-dir=/etc/cmk --exclusive-mode=packed --num-exclusive-cores=0 --shared-mode=packed --num-shared-cores=0" volumeMounts: - mountPath: /proc name: host-proc readOnly: false - mountPath: /etc/cmk name: cmk-conf-dir readOnly: false - mountPath: /opt/bin name: cmk-install-dir readOnly: false - name: discover image: localhost:5000/cmk:v1.4.1 imagePullPolicy: IfNotPresent env: - name: CMK_PROC_FS value: /proc - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName command: ["/bin/bash", "-c"] args: # - "echo -en '\n'; ls -a /etc/cmk; sleep 10;" - "until [ -d /etc/cmk ]; do sleep 1; done; /cmk/cmk.py discover" volumeMounts: - mountPath: /proc name: host-proc readOnly: false - mountPath: /etc/cmk name: cmk-conf-dir readOnly: false - mountPath: /opt/bin name: cmk-install-dir readOnly: false - name: install image: localhost:5000/cmk:v1.4.1 imagePullPolicy: IfNotPresent env: - name: CMK_PROC_FS value: /proc - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName command: ["/bin/bash", "-c"] args: - "/cmk/cmk.py install" volumeMounts: - mountPath: /proc name: host-proc readOnly: false - mountPath: /etc/cmk name: cmk-conf-dir - mountPath: /opt/bin name: cmk-install-dir # restartPolicy: Never volumes: - hostPath: path: /proc # type: "" name: host-proc - hostPath: path: /etc/cmk # type: "" name: cmk-conf-dir - hostPath: path: /opt/bin # type: "" name: cmk-install-dir