apiVersion: v1 kind: Namespace metadata: labels: control-plane: controller-manager addonmanager.kubernetes.io/mode: Reconcile name: drainsafe-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: drainsafe-leader-election-role namespace: drainsafe-system labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - configmaps/status verbs: - get - update - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: drainsafe-manager-role labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch - create - update - patch - delete - apiGroups: - repairman.k8s.io resources: - maintenancerequests verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - nodes verbs: - get - list - watch - create - update - patch - delete - apiGroups: - apps resources: - daemonsets verbs: - get - list - watch - create - update - patch - delete - apiGroups: - extensions resources: - daemonsets verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - pods verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - pods/eviction verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - get - list - watch - create - update - patch - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: drainsafe-proxy-role labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: drainsafe-leader-election-rolebinding namespace: drainsafe-system labels: addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: drainsafe-leader-election-role subjects: - kind: ServiceAccount name: default namespace: drainsafe-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: drainsafe-manager-rolebinding labels: addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: drainsafe-manager-role subjects: - kind: ServiceAccount name: default namespace: drainsafe-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: drainsafe-proxy-rolebinding labels: addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: drainsafe-proxy-role subjects: - kind: ServiceAccount name: default namespace: drainsafe-system --- apiVersion: v1 kind: Service metadata: annotations: prometheus.io/port: "8443" prometheus.io/scheme: https prometheus.io/scrape: "true" labels: control-plane: controller-manager addonmanager.kubernetes.io/mode: Reconcile name: drainsafe-controller-manager-metrics-service namespace: drainsafe-system spec: ports: - name: https port: 8443 targetPort: https selector: control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager addonmanager.kubernetes.io/mode: Reconcile name: drainsafe-controller-manager namespace: drainsafe-system spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: {{ContainerImage "kube-rbac-proxy"}} name: kube-rbac-proxy ports: - containerPort: 8443 name: https - args: - --metrics-addr=127.0.0.1:8080 command: - /manager env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName image: {{ContainerImage "manager"}} name: manager resources: limits: cpu: 100m memory: 30Mi requests: cpu: 100m memory: 20Mi terminationGracePeriodSeconds: 10 tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: "Exists" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: "Exists" --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: control-plane: controller-manager addonmanager.kubernetes.io/mode: Reconcile name: drainsafe-controller-scheduledevent-manager namespace: drainsafe-system spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - command: - /scheduledevent-manager env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName image: {{ContainerImage "manager"}} name: manager resources: limits: cpu: 100m memory: 30Mi requests: cpu: 100m memory: 20Mi terminationGracePeriodSeconds: 10 tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: "Exists" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: "Exists"