github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/neon/neonvm/templates/neonvm.yaml (about) 1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 name: neonvm-system 5 --- 6 apiVersion: v1 7 kind: ServiceAccount 8 metadata: 9 labels: 10 app.kubernetes.io/component: rbac 11 app.kubernetes.io/created-by: neonvm 12 app.kubernetes.io/instance: controller 13 app.kubernetes.io/managed-by: kustomize 14 app.kubernetes.io/name: serviceaccount 15 app.kubernetes.io/part-of: neonvm 16 name: neonvm-controller 17 namespace: neonvm-system 18 --- 19 apiVersion: v1 20 kind: ServiceAccount 21 metadata: 22 name: neonvm-vxlan-controller 23 namespace: neonvm-system 24 --- 25 apiVersion: rbac.authorization.k8s.io/v1 26 kind: Role 27 metadata: 28 labels: 29 app.kubernetes.io/component: rbac 30 app.kubernetes.io/created-by: neonvm 31 app.kubernetes.io/instance: leader-election-role 32 app.kubernetes.io/managed-by: kustomize 33 app.kubernetes.io/name: role 34 app.kubernetes.io/part-of: neonvm 35 name: neonvm-leader-election-role 36 namespace: neonvm-system 37 rules: 38 - apiGroups: 39 - "" 40 resources: 41 - configmaps 42 verbs: 43 - get 44 - list 45 - watch 46 - create 47 - update 48 - patch 49 - delete 50 - apiGroups: 51 - coordination.k8s.io 52 resources: 53 - leases 54 verbs: 55 - get 56 - list 57 - watch 58 - create 59 - update 60 - patch 61 - delete 62 - apiGroups: 63 - "" 64 resources: 65 - events 66 verbs: 67 - create 68 - patch 69 --- 70 apiVersion: rbac.authorization.k8s.io/v1 71 kind: ClusterRole 72 metadata: 73 creationTimestamp: null 74 name: neonvm-manager-role 75 rules: 76 - apiGroups: 77 - "" 78 resources: 79 - events 80 verbs: 81 - create 82 - patch 83 - apiGroups: 84 - "" 85 resources: 86 - pods 87 verbs: 88 - create 89 - delete 90 - get 91 - list 92 - patch 93 - update 94 - watch 95 - apiGroups: 96 - "" 97 resources: 98 - pods/status 99 verbs: 100 - get 101 - list 102 - watch 103 - apiGroups: 104 - k8s.cni.cncf.io 105 resources: 106 - network-attachment-definitions 107 verbs: 108 - get 109 - list 110 - watch 111 - apiGroups: 112 - vm.neon.tech 113 resources: 114 - ippools 115 verbs: 116 - create 117 - delete 118 - get 119 - list 120 - patch 121 - update 122 - watch 123 - apiGroups: 124 - vm.neon.tech 125 resources: 126 - ippools/finalizers 127 verbs: 128 - update 129 - apiGroups: 130 - vm.neon.tech 131 resources: 132 - virtualmachinemigrations 133 verbs: 134 - create 135 - delete 136 - get 137 - list 138 - patch 139 - update 140 - watch 141 - apiGroups: 142 - vm.neon.tech 143 resources: 144 - virtualmachinemigrations/finalizers 145 verbs: 146 - update 147 - apiGroups: 148 - vm.neon.tech 149 resources: 150 - virtualmachinemigrations/status 151 verbs: 152 - get 153 - patch 154 - update 155 - apiGroups: 156 - vm.neon.tech 157 resources: 158 - virtualmachines 159 verbs: 160 - create 161 - delete 162 - get 163 - list 164 - patch 165 - update 166 - watch 167 - apiGroups: 168 - vm.neon.tech 169 resources: 170 - virtualmachines/finalizers 171 verbs: 172 - update 173 - apiGroups: 174 - vm.neon.tech 175 resources: 176 - virtualmachines/status 177 verbs: 178 - get 179 - patch 180 - update 181 --- 182 apiVersion: rbac.authorization.k8s.io/v1 183 kind: ClusterRole 184 metadata: 185 labels: 186 app.kubernetes.io/component: kube-rbac-proxy 187 app.kubernetes.io/created-by: neonvm 188 app.kubernetes.io/instance: metrics-reader 189 app.kubernetes.io/managed-by: kustomize 190 app.kubernetes.io/name: clusterrole 191 app.kubernetes.io/part-of: neonvm 192 name: neonvm-metrics-reader 193 rules: 194 - nonResourceURLs: 195 - /metrics 196 verbs: 197 - get 198 --- 199 apiVersion: rbac.authorization.k8s.io/v1 200 kind: ClusterRole 201 metadata: 202 labels: 203 app.kubernetes.io/component: kube-rbac-proxy 204 app.kubernetes.io/created-by: neonvm 205 app.kubernetes.io/instance: proxy-role 206 app.kubernetes.io/managed-by: kustomize 207 app.kubernetes.io/name: clusterrole 208 app.kubernetes.io/part-of: neonvm 209 name: neonvm-proxy-role 210 rules: 211 - apiGroups: 212 - authentication.k8s.io 213 resources: 214 - tokenreviews 215 verbs: 216 - create 217 - apiGroups: 218 - authorization.k8s.io 219 resources: 220 - subjectaccessreviews 221 verbs: 222 - create 223 --- 224 apiVersion: rbac.authorization.k8s.io/v1 225 kind: ClusterRole 226 metadata: 227 labels: 228 app.kubernetes.io/component: rbac 229 app.kubernetes.io/created-by: neonvm 230 app.kubernetes.io/instance: virtualmachine-editor-role 231 app.kubernetes.io/managed-by: kustomize 232 app.kubernetes.io/name: clusterrole 233 app.kubernetes.io/part-of: neonvm 234 name: neonvm-virtualmachine-editor-role 235 rules: 236 - apiGroups: 237 - vm.neon.tech 238 resources: 239 - virtualmachines 240 verbs: 241 - create 242 - delete 243 - get 244 - list 245 - patch 246 - update 247 - watch 248 - apiGroups: 249 - vm.neon.tech 250 resources: 251 - virtualmachines/status 252 verbs: 253 - get 254 --- 255 apiVersion: rbac.authorization.k8s.io/v1 256 kind: ClusterRole 257 metadata: 258 labels: 259 app.kubernetes.io/component: rbac 260 app.kubernetes.io/created-by: neonvm 261 app.kubernetes.io/instance: virtualmachine-viewer-role 262 app.kubernetes.io/managed-by: kustomize 263 app.kubernetes.io/name: clusterrole 264 app.kubernetes.io/part-of: neonvm 265 name: neonvm-virtualmachine-viewer-role 266 rules: 267 - apiGroups: 268 - vm.neon.tech 269 resources: 270 - virtualmachines 271 verbs: 272 - get 273 - list 274 - watch 275 - apiGroups: 276 - vm.neon.tech 277 resources: 278 - virtualmachines/status 279 verbs: 280 - get 281 --- 282 apiVersion: rbac.authorization.k8s.io/v1 283 kind: ClusterRole 284 metadata: 285 labels: 286 app.kubernetes.io/component: rbac 287 app.kubernetes.io/created-by: neonvm 288 app.kubernetes.io/instance: virtualmachinemigration-editor-role 289 app.kubernetes.io/managed-by: kustomize 290 app.kubernetes.io/name: clusterrole 291 app.kubernetes.io/part-of: neonvm 292 name: neonvm-virtualmachinemigration-editor-role 293 rules: 294 - apiGroups: 295 - vm.neon.tech 296 resources: 297 - virtualmachinemigrations 298 verbs: 299 - create 300 - delete 301 - get 302 - list 303 - patch 304 - update 305 - watch 306 - apiGroups: 307 - vm.neon.tech 308 resources: 309 - virtualmachinemigrations/status 310 verbs: 311 - get 312 --- 313 apiVersion: rbac.authorization.k8s.io/v1 314 kind: ClusterRole 315 metadata: 316 labels: 317 app.kubernetes.io/component: rbac 318 app.kubernetes.io/created-by: neonvm 319 app.kubernetes.io/instance: virtualmachinemigration-viewer-role 320 app.kubernetes.io/managed-by: kustomize 321 app.kubernetes.io/name: clusterrole 322 app.kubernetes.io/part-of: neonvm 323 name: neonvm-virtualmachinemigration-viewer-role 324 rules: 325 - apiGroups: 326 - vm.neon.tech 327 resources: 328 - virtualmachinemigrations 329 verbs: 330 - get 331 - list 332 - watch 333 - apiGroups: 334 - vm.neon.tech 335 resources: 336 - virtualmachinemigrations/status 337 verbs: 338 - get 339 --- 340 apiVersion: rbac.authorization.k8s.io/v1 341 kind: ClusterRole 342 metadata: 343 name: neonvm-vxlan-controller 344 rules: 345 - apiGroups: 346 - "" 347 resources: 348 - nodes 349 verbs: 350 - list 351 --- 352 apiVersion: rbac.authorization.k8s.io/v1 353 kind: RoleBinding 354 metadata: 355 labels: 356 app.kubernetes.io/component: rbac 357 app.kubernetes.io/created-by: neonvm 358 app.kubernetes.io/instance: leader-election-rolebinding 359 app.kubernetes.io/managed-by: kustomize 360 app.kubernetes.io/name: rolebinding 361 app.kubernetes.io/part-of: neonvm 362 name: neonvm-leader-election-rolebinding 363 namespace: neonvm-system 364 roleRef: 365 apiGroup: rbac.authorization.k8s.io 366 kind: Role 367 name: neonvm-leader-election-role 368 subjects: 369 - kind: ServiceAccount 370 name: neonvm-controller 371 namespace: neonvm-system 372 --- 373 apiVersion: rbac.authorization.k8s.io/v1 374 kind: ClusterRoleBinding 375 metadata: 376 labels: 377 app.kubernetes.io/component: rbac 378 app.kubernetes.io/created-by: neonvm 379 app.kubernetes.io/instance: manager-rolebinding 380 app.kubernetes.io/managed-by: kustomize 381 app.kubernetes.io/name: clusterrolebinding 382 app.kubernetes.io/part-of: neonvm 383 name: neonvm-manager-rolebinding 384 roleRef: 385 apiGroup: rbac.authorization.k8s.io 386 kind: ClusterRole 387 name: neonvm-manager-role 388 subjects: 389 - kind: ServiceAccount 390 name: neonvm-controller 391 namespace: neonvm-system 392 --- 393 apiVersion: rbac.authorization.k8s.io/v1 394 kind: ClusterRoleBinding 395 metadata: 396 labels: 397 app.kubernetes.io/component: kube-rbac-proxy 398 app.kubernetes.io/created-by: neonvm 399 app.kubernetes.io/instance: proxy-rolebinding 400 app.kubernetes.io/managed-by: kustomize 401 app.kubernetes.io/name: clusterrolebinding 402 app.kubernetes.io/part-of: neonvm 403 name: neonvm-proxy-rolebinding 404 roleRef: 405 apiGroup: rbac.authorization.k8s.io 406 kind: ClusterRole 407 name: neonvm-proxy-role 408 subjects: 409 - kind: ServiceAccount 410 name: neonvm-controller 411 namespace: neonvm-system 412 --- 413 apiVersion: rbac.authorization.k8s.io/v1 414 kind: ClusterRoleBinding 415 metadata: 416 name: neonvm-vxlan-controller 417 roleRef: 418 apiGroup: rbac.authorization.k8s.io 419 kind: ClusterRole 420 name: neonvm-vxlan-controller 421 subjects: 422 - kind: ServiceAccount 423 name: neonvm-vxlan-controller 424 namespace: neonvm-system 425 426 --- 427 apiVersion: v1 428 kind: Service 429 metadata: 430 labels: 431 app.kubernetes.io/component: kube-rbac-proxy 432 app.kubernetes.io/created-by: neonvm 433 app.kubernetes.io/instance: controller-metrics-service 434 app.kubernetes.io/managed-by: kustomize 435 app.kubernetes.io/name: service 436 app.kubernetes.io/part-of: neonvm 437 control-plane: controller 438 name: neonvm-controller-metrics-service 439 namespace: neonvm-system 440 spec: 441 ports: 442 - name: https 443 port: 8443 444 protocol: TCP 445 targetPort: https 446 selector: 447 control-plane: controller 448 --- 449 apiVersion: v1 450 kind: Service 451 metadata: 452 labels: 453 app.kubernetes.io/component: webhook 454 app.kubernetes.io/created-by: neonvm 455 app.kubernetes.io/instance: webhook-service 456 app.kubernetes.io/managed-by: kustomize 457 app.kubernetes.io/name: service 458 app.kubernetes.io/part-of: neonvm 459 name: neonvm-webhook-service 460 namespace: neonvm-system 461 spec: 462 ports: 463 - port: 443 464 protocol: TCP 465 targetPort: 9443 466 selector: 467 control-plane: controller