github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/neon/neonvm/templates/neonvm.yaml (about)

     1  apiVersion: v1
     2  kind: Namespace
     3  metadata:
     4    name: neonvm-system
     5  ---
     6  apiVersion: v1
     7  kind: ServiceAccount
     8  metadata:
     9    labels:
    10      app.kubernetes.io/component: rbac
    11      app.kubernetes.io/created-by: neonvm
    12      app.kubernetes.io/instance: controller
    13      app.kubernetes.io/managed-by: kustomize
    14      app.kubernetes.io/name: serviceaccount
    15      app.kubernetes.io/part-of: neonvm
    16    name: neonvm-controller
    17    namespace: neonvm-system
    18  ---
    19  apiVersion: v1
    20  kind: ServiceAccount
    21  metadata:
    22    name: neonvm-vxlan-controller
    23    namespace: neonvm-system
    24  ---
    25  apiVersion: rbac.authorization.k8s.io/v1
    26  kind: Role
    27  metadata:
    28    labels:
    29      app.kubernetes.io/component: rbac
    30      app.kubernetes.io/created-by: neonvm
    31      app.kubernetes.io/instance: leader-election-role
    32      app.kubernetes.io/managed-by: kustomize
    33      app.kubernetes.io/name: role
    34      app.kubernetes.io/part-of: neonvm
    35    name: neonvm-leader-election-role
    36    namespace: neonvm-system
    37  rules:
    38    - apiGroups:
    39        - ""
    40      resources:
    41        - configmaps
    42      verbs:
    43        - get
    44        - list
    45        - watch
    46        - create
    47        - update
    48        - patch
    49        - delete
    50    - apiGroups:
    51        - coordination.k8s.io
    52      resources:
    53        - leases
    54      verbs:
    55        - get
    56        - list
    57        - watch
    58        - create
    59        - update
    60        - patch
    61        - delete
    62    - apiGroups:
    63        - ""
    64      resources:
    65        - events
    66      verbs:
    67        - create
    68        - patch
    69  ---
    70  apiVersion: rbac.authorization.k8s.io/v1
    71  kind: ClusterRole
    72  metadata:
    73    creationTimestamp: null
    74    name: neonvm-manager-role
    75  rules:
    76    - apiGroups:
    77        - ""
    78      resources:
    79        - events
    80      verbs:
    81        - create
    82        - patch
    83    - apiGroups:
    84        - ""
    85      resources:
    86        - pods
    87      verbs:
    88        - create
    89        - delete
    90        - get
    91        - list
    92        - patch
    93        - update
    94        - watch
    95    - apiGroups:
    96        - ""
    97      resources:
    98        - pods/status
    99      verbs:
   100        - get
   101        - list
   102        - watch
   103    - apiGroups:
   104        - k8s.cni.cncf.io
   105      resources:
   106        - network-attachment-definitions
   107      verbs:
   108        - get
   109        - list
   110        - watch
   111    - apiGroups:
   112        - vm.neon.tech
   113      resources:
   114        - ippools
   115      verbs:
   116        - create
   117        - delete
   118        - get
   119        - list
   120        - patch
   121        - update
   122        - watch
   123    - apiGroups:
   124        - vm.neon.tech
   125      resources:
   126        - ippools/finalizers
   127      verbs:
   128        - update
   129    - apiGroups:
   130        - vm.neon.tech
   131      resources:
   132        - virtualmachinemigrations
   133      verbs:
   134        - create
   135        - delete
   136        - get
   137        - list
   138        - patch
   139        - update
   140        - watch
   141    - apiGroups:
   142        - vm.neon.tech
   143      resources:
   144        - virtualmachinemigrations/finalizers
   145      verbs:
   146        - update
   147    - apiGroups:
   148        - vm.neon.tech
   149      resources:
   150        - virtualmachinemigrations/status
   151      verbs:
   152        - get
   153        - patch
   154        - update
   155    - apiGroups:
   156        - vm.neon.tech
   157      resources:
   158        - virtualmachines
   159      verbs:
   160        - create
   161        - delete
   162        - get
   163        - list
   164        - patch
   165        - update
   166        - watch
   167    - apiGroups:
   168        - vm.neon.tech
   169      resources:
   170        - virtualmachines/finalizers
   171      verbs:
   172        - update
   173    - apiGroups:
   174        - vm.neon.tech
   175      resources:
   176        - virtualmachines/status
   177      verbs:
   178        - get
   179        - patch
   180        - update
   181  ---
   182  apiVersion: rbac.authorization.k8s.io/v1
   183  kind: ClusterRole
   184  metadata:
   185    labels:
   186      app.kubernetes.io/component: kube-rbac-proxy
   187      app.kubernetes.io/created-by: neonvm
   188      app.kubernetes.io/instance: metrics-reader
   189      app.kubernetes.io/managed-by: kustomize
   190      app.kubernetes.io/name: clusterrole
   191      app.kubernetes.io/part-of: neonvm
   192    name: neonvm-metrics-reader
   193  rules:
   194    - nonResourceURLs:
   195        - /metrics
   196      verbs:
   197        - get
   198  ---
   199  apiVersion: rbac.authorization.k8s.io/v1
   200  kind: ClusterRole
   201  metadata:
   202    labels:
   203      app.kubernetes.io/component: kube-rbac-proxy
   204      app.kubernetes.io/created-by: neonvm
   205      app.kubernetes.io/instance: proxy-role
   206      app.kubernetes.io/managed-by: kustomize
   207      app.kubernetes.io/name: clusterrole
   208      app.kubernetes.io/part-of: neonvm
   209    name: neonvm-proxy-role
   210  rules:
   211    - apiGroups:
   212        - authentication.k8s.io
   213      resources:
   214        - tokenreviews
   215      verbs:
   216        - create
   217    - apiGroups:
   218        - authorization.k8s.io
   219      resources:
   220        - subjectaccessreviews
   221      verbs:
   222        - create
   223  ---
   224  apiVersion: rbac.authorization.k8s.io/v1
   225  kind: ClusterRole
   226  metadata:
   227    labels:
   228      app.kubernetes.io/component: rbac
   229      app.kubernetes.io/created-by: neonvm
   230      app.kubernetes.io/instance: virtualmachine-editor-role
   231      app.kubernetes.io/managed-by: kustomize
   232      app.kubernetes.io/name: clusterrole
   233      app.kubernetes.io/part-of: neonvm
   234    name: neonvm-virtualmachine-editor-role
   235  rules:
   236    - apiGroups:
   237        - vm.neon.tech
   238      resources:
   239        - virtualmachines
   240      verbs:
   241        - create
   242        - delete
   243        - get
   244        - list
   245        - patch
   246        - update
   247        - watch
   248    - apiGroups:
   249        - vm.neon.tech
   250      resources:
   251        - virtualmachines/status
   252      verbs:
   253        - get
   254  ---
   255  apiVersion: rbac.authorization.k8s.io/v1
   256  kind: ClusterRole
   257  metadata:
   258    labels:
   259      app.kubernetes.io/component: rbac
   260      app.kubernetes.io/created-by: neonvm
   261      app.kubernetes.io/instance: virtualmachine-viewer-role
   262      app.kubernetes.io/managed-by: kustomize
   263      app.kubernetes.io/name: clusterrole
   264      app.kubernetes.io/part-of: neonvm
   265    name: neonvm-virtualmachine-viewer-role
   266  rules:
   267    - apiGroups:
   268        - vm.neon.tech
   269      resources:
   270        - virtualmachines
   271      verbs:
   272        - get
   273        - list
   274        - watch
   275    - apiGroups:
   276        - vm.neon.tech
   277      resources:
   278        - virtualmachines/status
   279      verbs:
   280        - get
   281  ---
   282  apiVersion: rbac.authorization.k8s.io/v1
   283  kind: ClusterRole
   284  metadata:
   285    labels:
   286      app.kubernetes.io/component: rbac
   287      app.kubernetes.io/created-by: neonvm
   288      app.kubernetes.io/instance: virtualmachinemigration-editor-role
   289      app.kubernetes.io/managed-by: kustomize
   290      app.kubernetes.io/name: clusterrole
   291      app.kubernetes.io/part-of: neonvm
   292    name: neonvm-virtualmachinemigration-editor-role
   293  rules:
   294    - apiGroups:
   295        - vm.neon.tech
   296      resources:
   297        - virtualmachinemigrations
   298      verbs:
   299        - create
   300        - delete
   301        - get
   302        - list
   303        - patch
   304        - update
   305        - watch
   306    - apiGroups:
   307        - vm.neon.tech
   308      resources:
   309        - virtualmachinemigrations/status
   310      verbs:
   311        - get
   312  ---
   313  apiVersion: rbac.authorization.k8s.io/v1
   314  kind: ClusterRole
   315  metadata:
   316    labels:
   317      app.kubernetes.io/component: rbac
   318      app.kubernetes.io/created-by: neonvm
   319      app.kubernetes.io/instance: virtualmachinemigration-viewer-role
   320      app.kubernetes.io/managed-by: kustomize
   321      app.kubernetes.io/name: clusterrole
   322      app.kubernetes.io/part-of: neonvm
   323    name: neonvm-virtualmachinemigration-viewer-role
   324  rules:
   325    - apiGroups:
   326        - vm.neon.tech
   327      resources:
   328        - virtualmachinemigrations
   329      verbs:
   330        - get
   331        - list
   332        - watch
   333    - apiGroups:
   334        - vm.neon.tech
   335      resources:
   336        - virtualmachinemigrations/status
   337      verbs:
   338        - get
   339  ---
   340  apiVersion: rbac.authorization.k8s.io/v1
   341  kind: ClusterRole
   342  metadata:
   343    name: neonvm-vxlan-controller
   344  rules:
   345    - apiGroups:
   346        - ""
   347      resources:
   348        - nodes
   349      verbs:
   350        - list
   351  ---
   352  apiVersion: rbac.authorization.k8s.io/v1
   353  kind: RoleBinding
   354  metadata:
   355    labels:
   356      app.kubernetes.io/component: rbac
   357      app.kubernetes.io/created-by: neonvm
   358      app.kubernetes.io/instance: leader-election-rolebinding
   359      app.kubernetes.io/managed-by: kustomize
   360      app.kubernetes.io/name: rolebinding
   361      app.kubernetes.io/part-of: neonvm
   362    name: neonvm-leader-election-rolebinding
   363    namespace: neonvm-system
   364  roleRef:
   365    apiGroup: rbac.authorization.k8s.io
   366    kind: Role
   367    name: neonvm-leader-election-role
   368  subjects:
   369    - kind: ServiceAccount
   370      name: neonvm-controller
   371      namespace: neonvm-system
   372  ---
   373  apiVersion: rbac.authorization.k8s.io/v1
   374  kind: ClusterRoleBinding
   375  metadata:
   376    labels:
   377      app.kubernetes.io/component: rbac
   378      app.kubernetes.io/created-by: neonvm
   379      app.kubernetes.io/instance: manager-rolebinding
   380      app.kubernetes.io/managed-by: kustomize
   381      app.kubernetes.io/name: clusterrolebinding
   382      app.kubernetes.io/part-of: neonvm
   383    name: neonvm-manager-rolebinding
   384  roleRef:
   385    apiGroup: rbac.authorization.k8s.io
   386    kind: ClusterRole
   387    name: neonvm-manager-role
   388  subjects:
   389    - kind: ServiceAccount
   390      name: neonvm-controller
   391      namespace: neonvm-system
   392  ---
   393  apiVersion: rbac.authorization.k8s.io/v1
   394  kind: ClusterRoleBinding
   395  metadata:
   396    labels:
   397      app.kubernetes.io/component: kube-rbac-proxy
   398      app.kubernetes.io/created-by: neonvm
   399      app.kubernetes.io/instance: proxy-rolebinding
   400      app.kubernetes.io/managed-by: kustomize
   401      app.kubernetes.io/name: clusterrolebinding
   402      app.kubernetes.io/part-of: neonvm
   403    name: neonvm-proxy-rolebinding
   404  roleRef:
   405    apiGroup: rbac.authorization.k8s.io
   406    kind: ClusterRole
   407    name: neonvm-proxy-role
   408  subjects:
   409    - kind: ServiceAccount
   410      name: neonvm-controller
   411      namespace: neonvm-system
   412  ---
   413  apiVersion: rbac.authorization.k8s.io/v1
   414  kind: ClusterRoleBinding
   415  metadata:
   416    name: neonvm-vxlan-controller
   417  roleRef:
   418    apiGroup: rbac.authorization.k8s.io
   419    kind: ClusterRole
   420    name: neonvm-vxlan-controller
   421  subjects:
   422    - kind: ServiceAccount
   423      name: neonvm-vxlan-controller
   424      namespace: neonvm-system
   425  
   426  ---
   427  apiVersion: v1
   428  kind: Service
   429  metadata:
   430    labels:
   431      app.kubernetes.io/component: kube-rbac-proxy
   432      app.kubernetes.io/created-by: neonvm
   433      app.kubernetes.io/instance: controller-metrics-service
   434      app.kubernetes.io/managed-by: kustomize
   435      app.kubernetes.io/name: service
   436      app.kubernetes.io/part-of: neonvm
   437      control-plane: controller
   438    name: neonvm-controller-metrics-service
   439    namespace: neonvm-system
   440  spec:
   441    ports:
   442      - name: https
   443        port: 8443
   444        protocol: TCP
   445        targetPort: https
   446    selector:
   447      control-plane: controller
   448  ---
   449  apiVersion: v1
   450  kind: Service
   451  metadata:
   452    labels:
   453      app.kubernetes.io/component: webhook
   454      app.kubernetes.io/created-by: neonvm
   455      app.kubernetes.io/instance: webhook-service
   456      app.kubernetes.io/managed-by: kustomize
   457      app.kubernetes.io/name: service
   458      app.kubernetes.io/part-of: neonvm
   459    name: neonvm-webhook-service
   460    namespace: neonvm-system
   461  spec:
   462    ports:
   463      - port: 443
   464        protocol: TCP
   465        targetPort: 9443
   466    selector:
   467      control-plane: controller