github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/neon/templates/neonvm-deploy.yaml (about) 1 --- 2 apiVersion: apps/v1 3 kind: Deployment 4 metadata: 5 labels: 6 app.kubernetes.io/component: manager 7 app.kubernetes.io/created-by: neonvm 8 app.kubernetes.io/instance: controller 9 app.kubernetes.io/managed-by: kustomize 10 app.kubernetes.io/name: deployment 11 app.kubernetes.io/part-of: neonvm 12 control-plane: controller 13 name: neonvm-controller 14 namespace: neonvm-system 15 spec: 16 replicas: 1 17 selector: 18 matchLabels: 19 control-plane: controller 20 template: 21 metadata: 22 annotations: 23 kubectl.kubernetes.io/default-container: manager 24 labels: 25 control-plane: controller 26 spec: 27 affinity: 28 nodeAffinity: 29 requiredDuringSchedulingIgnoredDuringExecution: 30 nodeSelectorTerms: 31 - matchExpressions: 32 - key: kubernetes.io/arch 33 operator: In 34 values: 35 - amd64 36 - arm64 37 - ppc64le 38 - s390x 39 - key: kubernetes.io/os 40 operator: In 41 values: 42 - linux 43 containers: 44 - args: 45 - --health-probe-bind-address=:8081 46 - --metrics-bind-address=127.0.0.1:8080 47 - --leader-elect 48 - --zap-devel=false 49 - --zap-time-encoding=iso8601 50 - --zap-log-level=info 51 - --zap-stacktrace-level=panic 52 command: 53 - /manager 54 env: 55 - name: NAD_IPAM_NAME 56 value: neonvm-overlay-ipam 57 - name: NAD_IPAM_NAMESPACE 58 value: neonvm-system 59 - name: NAD_RUNNER_NAME 60 value: neonvm-overlay-for-vms 61 - name: NAD_RUNNER_NAMESPACE 62 value: neonvm-system 63 image: neondatabase/neonvm-controller:v0.17.0 64 livenessProbe: 65 httpGet: 66 path: /healthz 67 port: 8081 68 initialDelaySeconds: 15 69 periodSeconds: 20 70 name: manager 71 ports: 72 - containerPort: 9443 73 name: webhook-server 74 protocol: TCP 75 readinessProbe: 76 httpGet: 77 path: /readyz 78 port: 8081 79 initialDelaySeconds: 5 80 periodSeconds: 10 81 resources: 82 limits: 83 cpu: 2000m 84 memory: 1024Mi 85 requests: 86 cpu: 500m 87 memory: 512Mi 88 securityContext: 89 allowPrivilegeEscalation: false 90 capabilities: 91 drop: 92 - ALL 93 volumeMounts: 94 - mountPath: /tmp/k8s-webhook-server/serving-certs 95 name: cert 96 readOnly: true 97 - args: 98 - --secure-listen-address=0.0.0.0:8443 99 - --upstream=http://127.0.0.1:8080/ 100 - --logtostderr=true 101 - --v=0 102 image: docker.io/apecloud/kube-rbac-proxy:v0.13.0 103 name: kube-rbac-proxy 104 ports: 105 - containerPort: 8443 106 name: https 107 protocol: TCP 108 resources: 109 limits: 110 cpu: 500m 111 memory: 128Mi 112 requests: 113 cpu: 5m 114 memory: 64Mi 115 securityContext: 116 allowPrivilegeEscalation: false 117 capabilities: 118 drop: 119 - ALL 120 securityContext: 121 runAsNonRoot: true 122 serviceAccountName: neonvm-controller 123 terminationGracePeriodSeconds: 10 124 volumes: 125 - name: cert 126 secret: 127 defaultMode: 420 128 secretName: webhook-server-cert 129 --- 130 apiVersion: apps/v1 131 kind: DaemonSet 132 metadata: 133 labels: 134 app.kubernetes.io/name: device-plugin 135 name: neonvm-device-plugin 136 namespace: neonvm-system 137 spec: 138 selector: 139 matchLabels: 140 app.kubernetes.io/name: device-plugin 141 template: 142 metadata: 143 labels: 144 app.kubernetes.io/name: device-plugin 145 spec: 146 containers: 147 - args: 148 - --log-level 149 - info 150 - --domain 151 - neonvm 152 - --device 153 - | 154 name: kvm 155 groups: 156 - count: 1000 157 paths: 158 - path: /dev/kvm 159 - --device 160 - | 161 name: vhost-net 162 groups: 163 - count: 1000 164 paths: 165 - path: /dev/vhost-net 166 image: squat/generic-device-plugin 167 name: generic-device-plugin 168 ports: 169 - containerPort: 8080 170 name: http 171 resources: 172 limits: 173 cpu: 50m 174 memory: 512Mi 175 requests: 176 cpu: 50m 177 memory: 10Mi 178 securityContext: 179 privileged: true 180 volumeMounts: 181 - mountPath: /var/lib/kubelet/device-plugins 182 name: device-plugin 183 - mountPath: /dev 184 name: dev 185 priorityClassName: system-node-critical 186 tolerations: 187 - effect: NoExecute 188 operator: Exists 189 - effect: NoSchedule 190 operator: Exists 191 volumes: 192 - hostPath: 193 path: /var/lib/kubelet/device-plugins 194 name: device-plugin 195 - hostPath: 196 path: /dev 197 name: dev 198 updateStrategy: 199 type: RollingUpdate 200 --- 201 apiVersion: apps/v1 202 kind: DaemonSet 203 metadata: 204 labels: 205 app.kubernetes.io/component: vxlan-controller 206 app.kubernetes.io/created-by: neonvm 207 app.kubernetes.io/instance: vxlan-controller 208 app.kubernetes.io/managed-by: kustomize 209 app.kubernetes.io/name: daemonset 210 app.kubernetes.io/part-of: neonvm 211 control-plane: vxlan-controller 212 name: neonvm-vxlan-controller 213 namespace: neonvm-system 214 spec: 215 revisionHistoryLimit: 10 216 selector: 217 matchLabels: 218 app.kubernetes.io/component: vxlan-controller 219 template: 220 metadata: 221 annotations: 222 kubectl.kubernetes.io/default-container: vxlan-controller 223 labels: 224 app.kubernetes.io/component: vxlan-controller 225 spec: 226 affinity: 227 nodeAffinity: 228 requiredDuringSchedulingIgnoredDuringExecution: 229 nodeSelectorTerms: 230 - matchExpressions: 231 - key: kubernetes.io/arch 232 operator: In 233 values: 234 - amd64 235 - key: kubernetes.io/os 236 operator: In 237 values: 238 - linux 239 containers: 240 - env: 241 - name: MY_NODE_IP 242 valueFrom: 243 fieldRef: 244 fieldPath: status.hostIP 245 image: neondatabase/neonvm-vxlan-controller:v0.17.0 246 imagePullPolicy: IfNotPresent 247 lifecycle: 248 preStop: 249 exec: 250 command: 251 - vxlan-controller 252 - -delete 253 name: vxlan-controller 254 resources: 255 limits: 256 cpu: 100m 257 memory: 512Mi 258 requests: 259 cpu: 100m 260 memory: 50Mi 261 securityContext: 262 capabilities: 263 add: 264 - NET_RAW 265 - NET_ADMIN 266 privileged: false 267 volumeMounts: 268 - mountPath: /host/opt/cni/bin 269 name: cni-bin-dir 270 dnsPolicy: ClusterFirstWithHostNet 271 hostNetwork: true 272 initContainers: 273 - command: 274 - /bin/sh 275 - -c 276 - cp -rf /opt/cni/bin /host/opt/cni 277 image: neondatabase/neonvm-vxlan-controller:v0.17.0 278 imagePullPolicy: IfNotPresent 279 name: install-cni 280 volumeMounts: 281 - mountPath: /host/opt/cni/bin 282 name: cni-bin-dir 283 securityContext: {} 284 serviceAccount: vxlan-controller 285 serviceAccountName: neonvm-vxlan-controller 286 terminationGracePeriodSeconds: 10 287 tolerations: 288 - operator: Exists 289 volumes: 290 - hostPath: 291 path: /opt/cni/bin 292 name: cni-bin-dir 293 --- 294 apiVersion: cert-manager.io/v1 295 kind: Certificate 296 metadata: 297 labels: 298 app.kubernetes.io/component: certificate 299 app.kubernetes.io/created-by: neonvm 300 app.kubernetes.io/instance: serving-cert 301 app.kubernetes.io/managed-by: kustomize 302 app.kubernetes.io/name: certificate 303 app.kubernetes.io/part-of: neonvm 304 name: neonvm-serving-cert 305 namespace: neonvm-system 306 spec: 307 dnsNames: 308 - neonvm-webhook-service.neonvm-system.svc 309 - neonvm-webhook-service.neonvm-system.svc.cluster.local 310 issuerRef: 311 kind: Issuer 312 name: neonvm-selfsigned-issuer 313 secretName: webhook-server-cert 314 --- 315 apiVersion: cert-manager.io/v1 316 kind: Issuer 317 metadata: 318 labels: 319 app.kubernetes.io/component: certificate 320 app.kubernetes.io/created-by: neonvm 321 app.kubernetes.io/instance: selfsigned-issuer 322 app.kubernetes.io/managed-by: kustomize 323 app.kubernetes.io/name: issuer 324 app.kubernetes.io/part-of: neonvm 325 name: neonvm-selfsigned-issuer 326 namespace: neonvm-system 327 spec: 328 selfSigned: {} 329 --- 330 apiVersion: k8s.cni.cncf.io/v1 331 kind: NetworkAttachmentDefinition 332 metadata: 333 name: neonvm-overlay-for-pods 334 namespace: neonvm-system 335 spec: 336 config: '{ "cniVersion": "0.3.1", "name": "overlay-for-pods", "type": "bridge", 337 "bridge": "neon-br0", "ipam": { "type": "whereabouts", "range": "10.100.0.0/16", 338 "range_start": "10.100.1.0", "range_end": "10.100.127.255" } }' 339 --- 340 apiVersion: k8s.cni.cncf.io/v1 341 kind: NetworkAttachmentDefinition 342 metadata: 343 name: neonvm-overlay-for-vms 344 namespace: neonvm-system 345 spec: 346 config: '{ "cniVersion": "0.3.1", "name": "overlay-for-vms", "type": "bridge", "bridge": 347 "neon-br0", "ipam": {} }' 348 --- 349 apiVersion: k8s.cni.cncf.io/v1 350 kind: NetworkAttachmentDefinition 351 metadata: 352 name: neonvm-overlay-ipam 353 namespace: neonvm-system 354 spec: 355 config: '{ "ipam": { "range": "10.100.0.0/16", "range_start": "10.100.128.0", "network_name": 356 "neonvm" } }'