volcano.sh/volcano@v1.9.0/installer/helm/chart/volcano/templates/controllers.yaml (about) 1 {{- if .Values.custom.controller_enable }} 2 {{ $controller_affinity := or .Values.custom.controller_affinity .Values.custom.default_affinity }} 3 {{ $controller_tolerations := or .Values.custom.controller_tolerations .Values.custom.default_tolerations }} 4 {{ $controller_sc := or .Values.custom.controller_sc .Values.custom.default_sc }} 5 {{ $controller_ns := or .Values.custom.controller_ns .Values.custom.default_ns }} 6 apiVersion: v1 7 kind: ServiceAccount 8 metadata: 9 name: {{ .Release.Name }}-controllers 10 namespace: {{ .Release.Namespace }} 11 12 --- 13 kind: ClusterRole 14 apiVersion: rbac.authorization.k8s.io/v1 15 metadata: 16 name: {{ .Release.Name }}-controllers 17 rules: 18 - apiGroups: ["apiextensions.k8s.io"] 19 resources: ["customresourcedefinitions"] 20 verbs: ["create", "get", "list", "watch", "delete"] 21 - apiGroups: ["batch.volcano.sh"] 22 resources: ["jobs"] 23 verbs: ["create", "get", "list", "watch", "update", "delete"] 24 - apiGroups: ["batch.volcano.sh"] 25 resources: ["jobs/status", "jobs/finalizers"] 26 verbs: ["update", "patch"] 27 - apiGroups: ["bus.volcano.sh"] 28 resources: ["commands"] 29 verbs: ["get", "list", "watch", "delete"] 30 - apiGroups: [""] 31 resources: ["events"] 32 verbs: ["create", "list", "watch", "update", "patch"] 33 - apiGroups: [""] 34 resources: ["pods"] 35 verbs: ["create", "get", "list", "watch", "update", "bind", "delete", "patch"] 36 - apiGroups: [""] 37 resources: ["pods/finalizers"] 38 verbs: ["update", "patch"] 39 - apiGroups: [""] 40 resources: ["persistentvolumeclaims"] 41 verbs: ["get", "list", "watch", "create"] 42 - apiGroups: [""] 43 resources: ["services"] 44 verbs: ["get", "list", "watch", "create", "delete"] 45 - apiGroups: [""] 46 resources: ["configmaps"] 47 verbs: ["get", "list", "watch", "create", "delete", "update"] 48 - apiGroups: [""] 49 resources: ["secrets"] 50 verbs: ["get", "create", "delete", "update"] 51 - apiGroups: ["scheduling.incubator.k8s.io", "scheduling.volcano.sh"] 52 resources: ["podgroups", "queues", "queues/status"] 53 verbs: ["get", "list", "watch", "create", "delete", "update"] 54 - apiGroups: ["flow.volcano.sh"] 55 resources: ["jobflows", "jobtemplates"] 56 verbs: ["get", "list", "watch", "create", "delete", "update"] 57 - apiGroups: [ "flow.volcano.sh" ] 58 resources: [ "jobflows/status", "jobs/finalizers","jobtemplates/status", "jobtemplates/finalizers" ] 59 verbs: [ "update", "patch" ] 60 - apiGroups: ["scheduling.k8s.io"] 61 resources: ["priorityclasses"] 62 verbs: ["get", "list", "watch", "create", "delete"] 63 - apiGroups: ["networking.k8s.io"] 64 resources: ["networkpolicies"] 65 verbs: ["get", "create", "delete"] 66 - apiGroups: ["apps"] 67 resources: ["daemonsets", "statefulsets"] 68 verbs: ["get"] 69 - apiGroups: ["apps"] 70 resources: ["replicasets"] 71 verbs: ["get", "list", "watch"] 72 - apiGroups: ["batch"] 73 resources: ["jobs"] 74 verbs: ["get"] 75 - apiGroups: ["coordination.k8s.io"] 76 resources: ["leases"] 77 verbs: ["get", "create", "update", "watch"] 78 --- 79 kind: ClusterRoleBinding 80 apiVersion: rbac.authorization.k8s.io/v1 81 metadata: 82 name: {{ .Release.Name }}-controllers-role 83 subjects: 84 - kind: ServiceAccount 85 name: {{ .Release.Name }}-controllers 86 namespace: {{ .Release.Namespace }} 87 roleRef: 88 kind: ClusterRole 89 name: {{ .Release.Name }}-controllers 90 apiGroup: rbac.authorization.k8s.io 91 92 --- 93 kind: Deployment 94 apiVersion: apps/v1 95 metadata: 96 name: {{ .Release.Name }}-controllers 97 namespace: {{ .Release.Namespace }} 98 labels: 99 app: volcano-controller 100 {{- if .Values.custom.controller_labels }} 101 {{- toYaml .Values.custom.controller_labels | nindent 4 }} 102 {{- end }} 103 spec: 104 replicas: {{ .Values.custom.controller_replicas }} 105 selector: 106 matchLabels: 107 app: volcano-controller 108 template: 109 metadata: 110 labels: 111 app: volcano-controller 112 {{- if .Values.custom.controller_podLabels }} 113 {{- toYaml .Values.custom.controller_podLabels | nindent 8 }} 114 {{- end }} 115 spec: 116 {{- if $controller_tolerations }} 117 tolerations: {{- toYaml $controller_tolerations | nindent 8 }} 118 {{- end }} 119 {{- if $controller_ns }} 120 nodeSelector: {{- toYaml $controller_ns | nindent 8 }} 121 {{- end }} 122 {{- if $controller_affinity }} 123 affinity: 124 {{- toYaml $controller_affinity | nindent 8 }} 125 {{- end }} 126 {{- if $controller_sc }} 127 securityContext: 128 {{- toYaml $controller_sc | nindent 8 }} 129 {{- end }} 130 serviceAccount: {{ .Release.Name }}-controllers 131 priorityClassName: system-cluster-critical 132 {{- if .Values.basic.image_pull_secret }} 133 imagePullSecrets: 134 - name: {{ .Values.basic.image_pull_secret }} 135 {{- end }} 136 containers: 137 - name: {{ .Release.Name }}-controllers 138 {{- if .Values.custom.controller_resources }} 139 resources: 140 {{- toYaml .Values.custom.controller_resources | nindent 14 }} 141 {{- end }} 142 image: {{.Values.basic.controller_image_name}}:{{.Values.basic.image_tag_version}} 143 args: 144 - --logtostderr 145 - --enable-healthz=true 146 - --leader-elect={{ .Values.custom.leader_elect_enable }} 147 {{- if .Values.custom.leader_elect_enable }} 148 - --lock-object-namespace={{ .Release.Namespace }} 149 {{- end }} 150 - -v=4 151 - 2>&1 152 imagePullPolicy: {{ .Values.basic.image_pull_policy }} 153 {{- end }}