Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Chu Peng 楚鹏
minikube
提交
459db36e
M
minikube
项目概览
Chu Peng 楚鹏
/
minikube
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
M
minikube
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
459db36e
编写于
11月 21, 2020
作者:
A
alonyb
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
remove yaml files
上级
be1b24c0
变更
24
展开全部
隐藏空白更改
内联
并排
Showing
24 changed file
with
0 addition
and
13060 deletion
+0
-13060
deploy/addons/ambassador/ambassador-operator-crds.yaml
deploy/addons/ambassador/ambassador-operator-crds.yaml
+0
-186
deploy/addons/ambassador/ambassador-operator.yaml
deploy/addons/ambassador/ambassador-operator.yaml
+0
-190
deploy/addons/ambassador/ambassadorinstallation.yaml
deploy/addons/ambassador/ambassadorinstallation.yaml
+0
-9
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-attacher.yaml
...ons/csi-hostpath-driver/deploy/csi-hostpath-attacher.yaml
+0
-63
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-driverinfo.yaml
...s/csi-hostpath-driver/deploy/csi-hostpath-driverinfo.yaml
+0
-13
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-plugin.yaml
...ddons/csi-hostpath-driver/deploy/csi-hostpath-plugin.yaml
+0
-143
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-provisioner.yaml
.../csi-hostpath-driver/deploy/csi-hostpath-provisioner.yaml
+0
-63
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-resizer.yaml
...dons/csi-hostpath-driver/deploy/csi-hostpath-resizer.yaml
+0
-62
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-snapshotter.yaml
.../csi-hostpath-driver/deploy/csi-hostpath-snapshotter.yaml
+0
-62
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-storageclass.yaml
...csi-hostpath-driver/deploy/csi-hostpath-storageclass.yaml
+0
-7
deploy/addons/csi-hostpath-driver/rbac/rbac-external-attacher.yaml
...dons/csi-hostpath-driver/rbac/rbac-external-attacher.yaml
+0
-84
deploy/addons/csi-hostpath-driver/rbac/rbac-external-provisioner.yaml
...s/csi-hostpath-driver/rbac/rbac-external-provisioner.yaml
+0
-101
deploy/addons/csi-hostpath-driver/rbac/rbac-external-resizer.yaml
...ddons/csi-hostpath-driver/rbac/rbac-external-resizer.yaml
+0
-85
deploy/addons/csi-hostpath-driver/rbac/rbac-external-snapshotter.yaml
...s/csi-hostpath-driver/rbac/rbac-external-snapshotter.yaml
+0
-88
deploy/addons/gcp-auth/gcp-auth-ns.yaml
deploy/addons/gcp-auth/gcp-auth-ns.yaml
+0
-20
deploy/addons/gcp-auth/gcp-auth-service.yaml
deploy/addons/gcp-auth/gcp-auth-service.yaml
+0
-12
deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl
deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl
+0
-157
deploy/addons/gvisor/gvisor-runtimeclass.yaml
deploy/addons/gvisor/gvisor-runtimeclass.yaml
+0
-22
deploy/addons/olm/crds.yaml
deploy/addons/olm/crds.yaml
+0
-10848
deploy/addons/olm/olm.yaml
deploy/addons/olm/olm.yaml
+0
-337
deploy/addons/volumesnapshots/rbac-volume-snapshot-controller.yaml
...dons/volumesnapshots/rbac-volume-snapshot-controller.yaml
+0
-99
deploy/addons/volumesnapshots/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
...pshots/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
+0
-68
deploy/addons/volumesnapshots/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
...shots/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
+0
-197
deploy/addons/volumesnapshots/snapshot.storage.k8s.io_volumesnapshots.yaml
...umesnapshots/snapshot.storage.k8s.io_volumesnapshots.yaml
+0
-144
未找到文件。
deploy/addons/ambassador/ambassador-operator-crds.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ambassadorinstallations.getambassador.io
spec
:
additionalPrinterColumns
:
-
JSONPath
:
.spec.version
name
:
VERSION
type
:
string
-
JSONPath
:
.spec.updateWindow
name
:
UPDATE-WINDOW
type
:
integer
-
JSONPath
:
.status.lastCheckTime
description
:
Last time checked
name
:
LAST-CHECK
type
:
string
-
JSONPath
:
.status.conditions[?(@.type=='Deployed')].status
description
:
Indicates if deployment has completed
name
:
DEPLOYED
type
:
string
-
JSONPath
:
.status.conditions[?(@.type=='Deployed')].reason
description
:
Reason for deployment completed
name
:
REASON
priority
:
1
type
:
string
-
JSONPath
:
.status.conditions[?(@.type=='Deployed')].message
description
:
Message for deployment completed
name
:
MESSAGE
priority
:
1
type
:
string
-
JSONPath
:
.status.deployedRelease.appVersion
description
:
Deployed version of Ambassador
name
:
DEPLOYED-VERSION
type
:
string
-
JSONPath
:
.status.deployedRelease.flavor
description
:
Deployed flavor of Ambassador (OSS or AES)
name
:
DEPLOYED-FLAVOR
type
:
string
group
:
getambassador.io
names
:
kind
:
AmbassadorInstallation
listKind
:
AmbassadorInstallationList
plural
:
ambassadorinstallations
singular
:
ambassadorinstallation
scope
:
Namespaced
subresources
:
status
:
{}
validation
:
openAPIV3Schema
:
description
:
AmbassadorInstallation is the Schema for the ambassadorinstallations
API
properties
:
apiVersion
:
description
:
'
APIVersion
defines
the
versioned
schema
of
this
representation
of
an
object.
Servers
should
convert
recognized
schemas
to
the
latest
internal
value,
and
may
reject
unrecognized
values.
More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type
:
string
kind
:
description
:
'
Kind
is
a
string
value
representing
the
REST
resource
this
object
represents.
Servers
may
infer
this
from
the
endpoint
the
client
submits
requests
to.
Cannot
be
updated.
In
CamelCase.
More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type
:
string
metadata
:
type
:
object
spec
:
description
:
AmbassadorInstallationSpec defines the desired state of AmbassadorInstallation
properties
:
baseImage
:
description
:
An (optional) image to use instead of the image specified
in the Helm chart.
type
:
string
helmRepo
:
description
:
An (optional) Helm repository.
type
:
string
installOSS
:
description
:
'
Installs
[Ambassador
OSS](https://www.getambassador.io/docs/latest/topics/install/install-ambassador-oss/)
instead
of
[AES](https://www.getambassador.io/docs/latest/topics/install/).
Default
is
false
which
means
it
installs
AES
by
default.
TODO:
1.
AES/AOSS
is
not
installed
and
the
user
installs
using
`installOSS:
true`,
then
we
straightaway
install
AOSS.
2.
AOSS
is
installed
via
operator
and
the
user
sets
`installOSS:
false`,
then
we
perform
the
migration
as
detailed
here
-
https://www.getambassador.io/docs/latest/topics/install/upgrade-to-edge-stack/
3.
AES
is
installed
and
the
user
sets
`installOSS:
true`,
then
we
point
users
to
the
docs
which
gives
them
pointers
on
how
to
do
that
themselves.'
type
:
boolean
logLevel
:
description
:
'
An
(optional)
log
level:
debug,
info...'
enum
:
-
info
-
debug
-
warn
-
warning
-
error
-
critical
-
fatal
type
:
string
updateWindow
:
description
:
"
`updateWindow`
is
an
optional
item
that
will
control
when
the
updates
can
take
place.
This
is
used
to
force
system
updates
to
happen
late
at
night
if
that’s
what
the
sysadmins
want.
\n
*
There
can
be
any
number
of
`updateWindow`
entries
(separated
by
commas).
\
*
`Never`
turns
off
automatic
updates
even
if
there
are
other
entries
in
the
comma-separated
list.
`Never`
is
used
by
sysadmins
to
disable
all
updates
during
blackout
periods
by
doing
a
`kubectl
apply`
or
using
our
Edge
Policy
Console
to
set
this.
*
Each
`updateWindow`
is
in
crontab
format
(see
https://crontab.guru/)
Some
examples
of
`updateWindows`
are:
-
`*
0-6
*
*
*
SUN`:
every
Sunday,
from
_0am_
to
_6am_
-
`*
5
1
*
*
*`:
every
first
day
of
the
month,
at
_5am_
*
The
Operator
cannot
guarantee
minute
time
granularity,
so
specifying
\
a
minute
in
the
crontab
expression
can
lead
to
some
updates
happening
\
sooner/later
than
expected."
type
:
string
version
:
description
:
"
We
are
using
SemVer
for
the
version
number
and
it
can
be
specified
with
any
level
of
precision
and
can
optionally
end
in
`*`.
These
are
interpreted
as:
\n
*
`1.0`
=
exactly
version
1.0
*
`1.1`
=
exactly
version
1.1
*
`1.1.*`
=
version
1.1
and
any
bug
fix
versions
`1.1.1`,
`1.1.2`,
`1.1.3`,
etc.
*
`2.*`
=
version
2.0
and
any
incremental
and
bug
fix
versions
`2.0`,
`2.0.1`,
`2.0.2`,
`2.1`,
`2.2`,
`2.2.1`,
etc.
*
`*`
=
all
versions.
*
`3.0-ea`
=
version
`3.0-ea1`
and
any
subsequent
EA
releases
on
`3.0`.
Also
selects
the
final
3.0
once
the
final
GA
version
is
released.
*
`4.*-ea`
=
version
`4.0-ea1`
and
any
subsequent
EA
release
on
`4.0`.
Also
selects
the
final
GA
`4.0`.
Also
selects
any
incremental
and
bug
fix
versions
`4.*`
and
`4.*.*`.
Also
selects
the
most
recent
`4.*`
EA
release
i.e.,
if
`4.0.5`
is
the
last
GA
version
and
there
is
a
`4.1-EA3`,
then
this
\
selects
`4.1-EA3`
over
the
`4.0.5`
GA.
\n
You
can
find
the
reference
docs
about
the
SemVer
syntax
accepted
[here](https://github.com/Masterminds/semver#basic-comparisons)."
type
:
string
type
:
object
status
:
description
:
AmbassadorInstallationStatus defines the observed state of
AmbassadorInstallation
properties
:
conditions
:
description
:
List of conditions the installation has experienced.
items
:
description
:
AmbInsCondition defines an Ambassador installation condition,
as well as the last time there was a transition to this condition..
properties
:
lastTransitionTime
:
format
:
date-time
type
:
string
message
:
type
:
string
reason
:
type
:
string
status
:
type
:
string
type
:
type
:
string
required
:
-
status
-
type
type
:
object
type
:
array
deployedRelease
:
description
:
the currently deployed Helm chart
nullable
:
true
properties
:
appVersion
:
type
:
string
flavor
:
type
:
string
manifest
:
type
:
string
name
:
type
:
string
version
:
type
:
string
type
:
object
lastCheckTime
:
description
:
Last time a successful update check was performed.
format
:
date-time
nullable
:
true
type
:
string
required
:
-
conditions
type
:
object
type
:
object
version
:
v2
versions
:
-
name
:
v2
served
:
true
storage
:
true
deploy/addons/ambassador/ambassador-operator.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
---
apiVersion
:
v1
kind
:
Namespace
metadata
:
name
:
ambassador
labels
:
addonmanager.kubernetes.io/mode
:
Reconcile
---
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
ambassador-operator
namespace
:
ambassador
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
Role
metadata
:
name
:
ambassador-operator
namespace
:
ambassador
rules
:
-
apiGroups
:
-
"
"
resources
:
-
pods
-
services
-
services/finalizers
-
endpoints
-
persistentvolumeclaims
-
events
-
configmaps
-
secrets
verbs
:
-
create
-
delete
-
get
-
list
-
patch
-
update
-
watch
-
apiGroups
:
-
apps
resources
:
-
deployments
-
daemonsets
-
replicasets
-
statefulsets
-
customresourcedefinitions
verbs
:
-
create
-
delete
-
get
-
list
-
patch
-
update
-
watch
-
apiGroups
:
-
monitoring.coreos.com
resources
:
-
servicemonitors
verbs
:
-
get
-
create
-
apiGroups
:
-
apps
resourceNames
:
-
ambassador-operator
resources
:
-
deployments/finalizers
verbs
:
-
update
-
apiGroups
:
-
"
"
resources
:
-
pods
verbs
:
-
get
-
apiGroups
:
-
apps
resources
:
-
replicasets
-
deployments
verbs
:
-
get
-
apiGroups
:
-
getambassador.io
resources
:
-
'
*'
verbs
:
-
create
-
delete
-
get
-
list
-
patch
-
update
-
watch
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRole
metadata
:
name
:
ambassador-operator-cluster
namespace
:
ambassador
rules
:
-
apiGroups
:
[
'
*'
]
resources
:
[
'
*'
]
verbs
:
[
'
*'
]
-
nonResourceURLs
:
[
'
*'
]
verbs
:
[
'
*'
]
---
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
ambassador-operator
namespace
:
ambassador
subjects
:
-
kind
:
ServiceAccount
name
:
ambassador-operator
roleRef
:
kind
:
Role
name
:
ambassador-operator
apiGroup
:
rbac.authorization.k8s.io
---
kind
:
ClusterRoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
ambassador-operator-cluster
namespace
:
ambassador
subjects
:
-
kind
:
ServiceAccount
name
:
ambassador-operator
namespace
:
ambassador
roleRef
:
kind
:
ClusterRole
name
:
ambassador-operator-cluster
apiGroup
:
rbac.authorization.k8s.io
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
static-helm-values
namespace
:
ambassador
data
:
values.yaml
:
|+
deploymentTool: amb-oper-manifest
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
ambassador-operator
namespace
:
ambassador
labels
:
getambassador.io/installer
:
operator
spec
:
replicas
:
1
selector
:
matchLabels
:
name
:
ambassador-operator
template
:
metadata
:
labels
:
name
:
ambassador-operator
getambassador.io/installer
:
operator
spec
:
serviceAccountName
:
ambassador-operator
containers
:
-
name
:
ambassador-operator
# Replace this with the built image name
image
:
quay.io/datawire/ambassador-operator:v1.2.3
command
:
-
ambassador-operator
imagePullPolicy
:
Always
env
:
-
name
:
WATCH_NAMESPACE
valueFrom
:
fieldRef
:
fieldPath
:
metadata.namespace
-
name
:
POD_NAME
valueFrom
:
fieldRef
:
fieldPath
:
metadata.name
-
name
:
OPERATOR_NAME
value
:
"
ambassador-operator"
volumeMounts
:
-
name
:
static-helm-values
mountPath
:
/tmp/helm
volumes
:
-
name
:
static-helm-values
configMap
:
name
:
static-helm-values
deploy/addons/ambassador/ambassadorinstallation.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
getambassador.io/v2
kind
:
AmbassadorInstallation
metadata
:
name
:
ambassador
namespace
:
ambassador
spec
:
installOSS
:
true
helmValues
:
deploymentTool
:
amb-oper-minikube
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-attacher.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
kind
:
Service
apiVersion
:
v1
metadata
:
name
:
csi-hostpath-attacher
namespace
:
kube-system
labels
:
app
:
csi-hostpath-attacher
spec
:
selector
:
app
:
csi-hostpath-attacher
ports
:
-
name
:
dummy
port
:
12345
---
kind
:
StatefulSet
apiVersion
:
apps/v1
metadata
:
name
:
csi-hostpath-attacher
namespace
:
kube-system
spec
:
serviceName
:
"
csi-hostpath-attacher"
replicas
:
1
selector
:
matchLabels
:
app
:
csi-hostpath-attacher
template
:
metadata
:
labels
:
app
:
csi-hostpath-attacher
kubernetes.io/minikube-addons
:
csi-hostpath-driver
spec
:
affinity
:
podAffinity
:
requiredDuringSchedulingIgnoredDuringExecution
:
-
labelSelector
:
matchExpressions
:
-
key
:
app
operator
:
In
values
:
-
csi-hostpathplugin
topologyKey
:
kubernetes.io/hostname
serviceAccountName
:
csi-attacher
containers
:
-
name
:
csi-attacher
image
:
quay.io/k8scsi/csi-attacher:v3.0.0-rc1
args
:
-
--v=5
-
--csi-address=/csi/csi.sock
securityContext
:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged
:
true
volumeMounts
:
-
mountPath
:
/csi
name
:
socket-dir
volumes
:
-
hostPath
:
path
:
/var/lib/kubelet/plugins/csi-hostpath
type
:
DirectoryOrCreate
name
:
socket-dir
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-driverinfo.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
storage.k8s.io/v1
kind
:
CSIDriver
metadata
:
name
:
hostpath.csi.k8s.io
namespace
:
kube-system
spec
:
# Supports persistent and ephemeral inline volumes.
volumeLifecycleModes
:
-
Persistent
-
Ephemeral
# To determine at runtime which mode a volume uses, pod info and its
# "csi.storage.k8s.io/ephemeral" entry are needed.
podInfoOnMount
:
true
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-plugin.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# Service defined here, plus serviceName below in StatefulSet,
# are needed only because of condition explained in
# https://github.com/kubernetes/kubernetes/issues/69608
kind
:
Service
apiVersion
:
v1
metadata
:
name
:
csi-hostpathplugin
namespace
:
kube-system
labels
:
app
:
csi-hostpathplugin
spec
:
selector
:
app
:
csi-hostpathplugin
ports
:
-
name
:
dummy
port
:
12345
---
kind
:
StatefulSet
apiVersion
:
apps/v1
metadata
:
name
:
csi-hostpathplugin
namespace
:
kube-system
spec
:
serviceName
:
"
csi-hostpathplugin"
# One replica only:
# Host path driver only works when everything runs
# on a single node. We achieve that by starting it once and then
# co-locate all other pods via inter-pod affinity
replicas
:
1
selector
:
matchLabels
:
app
:
csi-hostpathplugin
template
:
metadata
:
labels
:
app
:
csi-hostpathplugin
kubernetes.io/minikube-addons
:
csi-hostpath-driver
spec
:
containers
:
-
name
:
node-driver-registrar
image
:
quay.io/k8scsi/csi-node-driver-registrar:v1.3.0
args
:
-
--v=5
-
--csi-address=/csi/csi.sock
-
--kubelet-registration-path=/var/lib/kubelet/plugins/csi-hostpath/csi.sock
securityContext
:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged
:
true
env
:
-
name
:
KUBE_NODE_NAME
valueFrom
:
fieldRef
:
apiVersion
:
v1
fieldPath
:
spec.nodeName
volumeMounts
:
-
mountPath
:
/csi
name
:
socket-dir
-
mountPath
:
/registration
name
:
registration-dir
-
mountPath
:
/csi-data-dir
name
:
csi-data-dir
-
name
:
hostpath
image
:
quay.io/k8scsi/hostpathplugin:v1.4.0-rc2
args
:
-
"
--drivername=hostpath.csi.k8s.io"
-
"
--v=5"
-
"
--endpoint=$(CSI_ENDPOINT)"
-
"
--nodeid=$(KUBE_NODE_NAME)"
env
:
-
name
:
CSI_ENDPOINT
value
:
unix:///csi/csi.sock
-
name
:
KUBE_NODE_NAME
valueFrom
:
fieldRef
:
apiVersion
:
v1
fieldPath
:
spec.nodeName
securityContext
:
privileged
:
true
ports
:
-
containerPort
:
9898
name
:
healthz
protocol
:
TCP
livenessProbe
:
failureThreshold
:
5
httpGet
:
path
:
/healthz
port
:
healthz
initialDelaySeconds
:
10
timeoutSeconds
:
3
periodSeconds
:
2
volumeMounts
:
-
mountPath
:
/csi
name
:
socket-dir
-
mountPath
:
/var/lib/kubelet/pods
mountPropagation
:
Bidirectional
name
:
mountpoint-dir
-
mountPath
:
/var/lib/kubelet/plugins
mountPropagation
:
Bidirectional
name
:
plugins-dir
-
mountPath
:
/csi-data-dir
name
:
csi-data-dir
-
mountPath
:
/dev
name
:
dev-dir
-
name
:
liveness-probe
volumeMounts
:
-
mountPath
:
/csi
name
:
socket-dir
image
:
quay.io/k8scsi/livenessprobe:v1.1.0
args
:
-
--csi-address=/csi/csi.sock
-
--health-port=9898
volumes
:
-
hostPath
:
path
:
/var/lib/kubelet/plugins/csi-hostpath
type
:
DirectoryOrCreate
name
:
socket-dir
-
hostPath
:
path
:
/var/lib/kubelet/pods
type
:
DirectoryOrCreate
name
:
mountpoint-dir
-
hostPath
:
path
:
/var/lib/kubelet/plugins_registry
type
:
Directory
name
:
registration-dir
-
hostPath
:
path
:
/var/lib/kubelet/plugins
type
:
Directory
name
:
plugins-dir
-
hostPath
:
# 'path' is where PV data is persisted on host.
# using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot
path
:
/var/lib/csi-hostpath-data/
type
:
DirectoryOrCreate
name
:
csi-data-dir
-
hostPath
:
path
:
/dev
type
:
Directory
name
:
dev-dir
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-provisioner.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
kind
:
Service
apiVersion
:
v1
metadata
:
name
:
csi-hostpath-provisioner
namespace
:
kube-system
labels
:
app
:
csi-hostpath-provisioner
spec
:
selector
:
app
:
csi-hostpath-provisioner
ports
:
-
name
:
dummy
port
:
12345
---
kind
:
StatefulSet
apiVersion
:
apps/v1
metadata
:
name
:
csi-hostpath-provisioner
namespace
:
kube-system
spec
:
serviceName
:
"
csi-hostpath-provisioner"
replicas
:
1
selector
:
matchLabels
:
app
:
csi-hostpath-provisioner
template
:
metadata
:
labels
:
app
:
csi-hostpath-provisioner
kubernetes.io/minikube-addons
:
csi-hostpath-driver
spec
:
affinity
:
podAffinity
:
requiredDuringSchedulingIgnoredDuringExecution
:
-
labelSelector
:
matchExpressions
:
-
key
:
app
operator
:
In
values
:
-
csi-hostpathplugin
topologyKey
:
kubernetes.io/hostname
serviceAccountName
:
csi-provisioner
containers
:
-
name
:
csi-provisioner
image
:
gcr.io/k8s-staging-sig-storage/csi-provisioner:v2.0.0-rc2
args
:
-
-v=5
-
--csi-address=/csi/csi.sock
-
--feature-gates=Topology=true
securityContext
:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged
:
true
volumeMounts
:
-
mountPath
:
/csi
name
:
socket-dir
volumes
:
-
hostPath
:
path
:
/var/lib/kubelet/plugins/csi-hostpath
type
:
DirectoryOrCreate
name
:
socket-dir
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-resizer.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
kind
:
Service
apiVersion
:
v1
metadata
:
name
:
csi-hostpath-resizer
namespace
:
kube-system
labels
:
app
:
csi-hostpath-resizer
spec
:
selector
:
app
:
csi-hostpath-resizer
ports
:
-
name
:
dummy
port
:
12345
---
kind
:
StatefulSet
apiVersion
:
apps/v1
metadata
:
name
:
csi-hostpath-resizer
namespace
:
kube-system
spec
:
serviceName
:
"
csi-hostpath-resizer"
replicas
:
1
selector
:
matchLabels
:
app
:
csi-hostpath-resizer
template
:
metadata
:
labels
:
app
:
csi-hostpath-resizer
kubernetes.io/minikube-addons
:
csi-hostpath-driver
spec
:
affinity
:
podAffinity
:
requiredDuringSchedulingIgnoredDuringExecution
:
-
labelSelector
:
matchExpressions
:
-
key
:
app
operator
:
In
values
:
-
csi-hostpathplugin
topologyKey
:
kubernetes.io/hostname
serviceAccountName
:
csi-resizer
containers
:
-
name
:
csi-resizer
image
:
quay.io/k8scsi/csi-resizer:v0.6.0-rc1
args
:
-
-v=5
-
-csi-address=/csi/csi.sock
securityContext
:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged
:
true
volumeMounts
:
-
mountPath
:
/csi
name
:
socket-dir
volumes
:
-
hostPath
:
path
:
/var/lib/kubelet/plugins/csi-hostpath
type
:
DirectoryOrCreate
name
:
socket-dir
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-snapshotter.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
kind
:
Service
apiVersion
:
v1
metadata
:
name
:
csi-hostpath-snapshotter
namespace
:
kube-system
labels
:
app
:
csi-hostpath-snapshotter
spec
:
selector
:
app
:
csi-hostpath-snapshotter
ports
:
-
name
:
dummy
port
:
12345
---
kind
:
StatefulSet
apiVersion
:
apps/v1
metadata
:
name
:
csi-hostpath-snapshotter
namespace
:
kube-system
spec
:
serviceName
:
"
csi-hostpath-snapshotter"
replicas
:
1
selector
:
matchLabels
:
app
:
csi-hostpath-snapshotter
template
:
metadata
:
labels
:
app
:
csi-hostpath-snapshotter
kubernetes.io/minikube-addons
:
csi-hostpath-driver
spec
:
affinity
:
podAffinity
:
requiredDuringSchedulingIgnoredDuringExecution
:
-
labelSelector
:
matchExpressions
:
-
key
:
app
operator
:
In
values
:
-
csi-hostpathplugin
topologyKey
:
kubernetes.io/hostname
serviceAccount
:
csi-snapshotter
containers
:
-
name
:
csi-snapshotter
image
:
quay.io/k8scsi/csi-snapshotter:v2.1.0
args
:
-
-v=5
-
--csi-address=/csi/csi.sock
securityContext
:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged
:
true
volumeMounts
:
-
mountPath
:
/csi
name
:
socket-dir
volumes
:
-
hostPath
:
path
:
/var/lib/kubelet/plugins/csi-hostpath
type
:
DirectoryOrCreate
name
:
socket-dir
deploy/addons/csi-hostpath-driver/deploy/csi-hostpath-storageclass.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
storage.k8s.io/v1
kind
:
StorageClass
metadata
:
name
:
csi-hostpath-sc
provisioner
:
hostpath.csi.k8s.io
#csi-hostpath
reclaimPolicy
:
Delete
volumeBindingMode
:
Immediate
deploy/addons/csi-hostpath-driver/rbac/rbac-external-attacher.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# This YAML file contains all RBAC objects that are necessary to run external
# CSI attacher.
#
# In production, each CSI driver deployment has to be customized:
# - to avoid conflicts, use non-default namespace and different names
# for non-namespaced entities like the ClusterRole
# - decide whether the deployment replicates the external CSI
# attacher, in which case leadership election must be enabled;
# this influences the RBAC setup, see below
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
csi-attacher
namespace
:
kube-system
---
# Attacher must be able to work with PVs, CSINodes and VolumeAttachments
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
external-attacher-runner
rules
:
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
patch"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
csinodes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
volumeattachments"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
patch"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
volumeattachments/status"
]
verbs
:
[
"
patch"
]
#Secret permission is optional.
#Enable it if you need value from secret.
#For example, you have key `csi.storage.k8s.io/controller-publish-secret-name` in StorageClass.parameters
#see https://kubernetes-csi.github.io/docs/secrets-and-credentials.html
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list"]
---
kind
:
ClusterRoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-attacher-role
subjects
:
-
kind
:
ServiceAccount
name
:
csi-attacher
namespace
:
kube-system
roleRef
:
kind
:
ClusterRole
name
:
external-attacher-runner
apiGroup
:
rbac.authorization.k8s.io
---
# Attacher must be able to work with configmaps or leases in the current namespace
# if (and only if) leadership election is enabled
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
namespace
:
kube-system
name
:
external-attacher-cfg
rules
:
-
apiGroups
:
[
"
coordination.k8s.io"
]
resources
:
[
"
leases"
]
verbs
:
[
"
get"
,
"
watch"
,
"
list"
,
"
delete"
,
"
update"
,
"
create"
]
---
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-attacher-role-cfg
namespace
:
kube-system
subjects
:
-
kind
:
ServiceAccount
name
:
csi-attacher
namespace
:
kube-system
roleRef
:
kind
:
Role
name
:
external-attacher-cfg
apiGroup
:
rbac.authorization.k8s.io
deploy/addons/csi-hostpath-driver/rbac/rbac-external-provisioner.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# This YAML file contains all RBAC objects that are necessary to run external
# CSI provisioner.
#
# In production, each CSI driver deployment has to be customized:
# - to avoid conflicts, use non-default namespace and different names
# for non-namespaced entities like the ClusterRole
# - decide whether the deployment replicates the external CSI
# provisioner, in which case leadership election must be enabled;
# this influences the RBAC setup, see below
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
csi-provisioner
namespace
:
kube-system
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
external-provisioner-runner
rules
:
# The following rule should be uncommented for plugins that require secrets
# for provisioning.
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list"]
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
create"
,
"
delete"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumeclaims"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
update"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
storageclasses"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
events"
]
verbs
:
[
"
list"
,
"
watch"
,
"
create"
,
"
update"
,
"
patch"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshots"
]
verbs
:
[
"
get"
,
"
list"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshotcontents"
]
verbs
:
[
"
get"
,
"
list"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
csinodes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
nodes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
volumeattachments"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
---
kind
:
ClusterRoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-provisioner-role
subjects
:
-
kind
:
ServiceAccount
name
:
csi-provisioner
namespace
:
kube-system
roleRef
:
kind
:
ClusterRole
name
:
external-provisioner-runner
apiGroup
:
rbac.authorization.k8s.io
---
# Provisioner must be able to work with endpoints in current namespace
# if (and only if) leadership election is enabled
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
namespace
:
kube-system
name
:
external-provisioner-cfg
rules
:
# Only one of the following rules for endpoints or leases is required based on
# what is set for `--leader-election-type`. Endpoints are deprecated in favor of Leases.
-
apiGroups
:
[
"
"
]
resources
:
[
"
endpoints"
]
verbs
:
[
"
get"
,
"
watch"
,
"
list"
,
"
delete"
,
"
update"
,
"
create"
]
-
apiGroups
:
[
"
coordination.k8s.io"
]
resources
:
[
"
leases"
]
verbs
:
[
"
get"
,
"
watch"
,
"
list"
,
"
delete"
,
"
update"
,
"
create"
]
---
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-provisioner-role-cfg
namespace
:
kube-system
subjects
:
-
kind
:
ServiceAccount
name
:
csi-provisioner
namespace
:
kube-system
roleRef
:
kind
:
Role
name
:
external-provisioner-cfg
apiGroup
:
rbac.authorization.k8s.io
deploy/addons/csi-hostpath-driver/rbac/rbac-external-resizer.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# This YAML file contains all RBAC objects that are necessary to run external
# CSI resizer.
#
# In production, each CSI driver deployment has to be customized:
# - to avoid conflicts, use non-default namespace and different names
# for non-namespaced entities like the ClusterRole
# - decide whether the deployment replicates the external CSI
# resizer, in which case leadership election must be enabled;
# this influences the RBAC setup, see below
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
csi-resizer
namespace
:
kube-system
---
# Resizer must be able to work with PVCs, PVs, SCs.
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
external-resizer-runner
rules
:
# The following rule should be uncommented for plugins that require secrets
# for provisioning.
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list", "watch"]
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
patch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumeclaims"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
pods"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumeclaims/status"
]
verbs
:
[
"
patch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
events"
]
verbs
:
[
"
list"
,
"
watch"
,
"
create"
,
"
update"
,
"
patch"
]
---
kind
:
ClusterRoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-resizer-role
subjects
:
-
kind
:
ServiceAccount
name
:
csi-resizer
namespace
:
kube-system
roleRef
:
kind
:
ClusterRole
name
:
external-resizer-runner
apiGroup
:
rbac.authorization.k8s.io
---
# Resizer must be able to work with end point in current namespace
# if (and only if) leadership election is enabled
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
namespace
:
kube-system
name
:
external-resizer-cfg
rules
:
-
apiGroups
:
[
"
coordination.k8s.io"
]
resources
:
[
"
leases"
]
verbs
:
[
"
get"
,
"
watch"
,
"
list"
,
"
delete"
,
"
update"
,
"
create"
]
---
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-resizer-role-cfg
namespace
:
kube-system
subjects
:
-
kind
:
ServiceAccount
name
:
csi-resizer
namespace
:
kube-system
roleRef
:
kind
:
Role
name
:
external-resizer-cfg
apiGroup
:
rbac.authorization.k8s.io
deploy/addons/csi-hostpath-driver/rbac/rbac-external-snapshotter.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# RBAC file for the snapshot controller.
#
# The snapshot controller implements the control loop for CSI snapshot functionality.
# It should be installed as part of the base Kubernetes distribution in an appropriate
# namespace for components implementing base system functionality. For installing with
# Vanilla Kubernetes, kube-system makes sense for the namespace.
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
csi-snapshotter
namespace
:
kube-system
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
# rename if there are conflicts
name
:
csi-snapshotter-runner
rules
:
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumeclaims"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
update"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
storageclasses"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
events"
]
verbs
:
[
"
list"
,
"
watch"
,
"
create"
,
"
update"
,
"
patch"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshotclasses"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshotcontents"
]
verbs
:
[
"
create"
,
"
get"
,
"
list"
,
"
watch"
,
"
update"
,
"
delete"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshotcontents/status"
]
verbs
:
[
"
update"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshots"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
update"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshots/status"
]
verbs
:
[
"
update"
]
---
kind
:
ClusterRoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-snapshotter-role
subjects
:
-
kind
:
ServiceAccount
name
:
csi-snapshotter
namespace
:
kube-system
roleRef
:
kind
:
ClusterRole
# change the name also here if the ClusterRole gets renamed
name
:
csi-snapshotter-runner
apiGroup
:
rbac.authorization.k8s.io
---
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
namespace
:
kube-system
name
:
csi-snapshotter-leaderelection
rules
:
-
apiGroups
:
[
"
coordination.k8s.io"
]
resources
:
[
"
leases"
]
verbs
:
[
"
get"
,
"
watch"
,
"
list"
,
"
delete"
,
"
update"
,
"
create"
]
---
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
csi-snapshotter-leaderelection
namespace
:
kube-system
subjects
:
-
kind
:
ServiceAccount
name
:
csi-snapshotter
namespace
:
kube-system
roleRef
:
kind
:
Role
name
:
csi-snapshotter-leaderelection
apiGroup
:
rbac.authorization.k8s.io
\ No newline at end of file
deploy/addons/gcp-auth/gcp-auth-ns.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion
:
v1
kind
:
Namespace
metadata
:
name
:
gcp-auth
labels
:
kubernetes.io/minikube-addons
:
gcp-auth
deploy/addons/gcp-auth/gcp-auth-service.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
gcp-auth
namespace
:
gcp-auth
spec
:
ports
:
-
port
:
443
targetPort
:
8443
protocol
:
TCP
selector
:
app
:
gcp-auth
deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl
已删除
100644 → 0
浏览文件 @
be1b24c0
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: minikube-gcp-auth-certs
namespace: gcp-auth
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: minikube-gcp-auth-certs
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- list
- get
- create
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: minikube-gcp-auth-certs
namespace: metadata
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: minikube-gcp-auth-certs
subjects:
- kind: ServiceAccount
name: minikube-gcp-auth-certs
namespace: gcp-auth
---
apiVersion: batch/v1
kind: Job
metadata:
name: gcp-auth-certs-create
namespace: gcp-auth
spec:
template:
metadata:
name: gcp-auth-certs-create
spec:
serviceAccountName: minikube-gcp-auth-certs
containers:
- name: create
image: {{default "jettech" .ImageRepository}}/kube-webhook-certgen:v1.3.0
imagePullPolicy: IfNotPresent
args:
- create
- --host=gcp-auth,gcp-auth.gcp-auth,gcp-auth.gcp-auth.svc
- --namespace=gcp-auth
- --secret-name=gcp-auth-certs
restartPolicy: OnFailure
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gcp-auth
namespace: gcp-auth
spec:
selector:
matchLabels:
app: gcp-auth
template:
metadata:
labels:
app: gcp-auth
kubernetes.io/minikube-addons: gcp-auth
spec:
containers:
- name: gcp-auth
image: {{default "gcr.io/k8s-minikube" .ImageRepository}}/gcp-auth-webhook:v0.0.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
volumeMounts:
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
- name: gcp-project
mountPath: /var/lib/minikube/google_cloud_project
readOnly: true
volumes:
- name: webhook-certs
secret:
secretName: gcp-auth-certs
- name: gcp-project
hostPath:
path: /var/lib/minikube/google_cloud_project
type: File
---
apiVersion: batch/v1
kind: Job
metadata:
name: gcp-auth-certs-patch
namespace: gcp-auth
spec:
template:
metadata:
name: gcp-auth-certs-patch
spec:
serviceAccountName: minikube-gcp-auth-certs
containers:
- name: patch
image: {{default "jettech" .ImageRepository}}/kube-webhook-certgen:v1.3.0
imagePullPolicy: IfNotPresent
args:
- patch
- --secret-name=gcp-auth-certs
- --namespace=gcp-auth
- --patch-validating=false
- --webhook-name=gcp-auth-webhook-cfg
restartPolicy: OnFailure
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: gcp-auth-webhook-cfg
labels:
app: gcp-auth
webhooks:
- name: gcp-auth-mutate.k8s.io
failurePolicy: Ignore
objectSelector:
matchExpressions:
- key: gcp-auth-skip-secret
operator: DoesNotExist
namespaceSelector:
matchExpressions:
- key: name
operator: NotIn
values:
- kube-system
sideEffects: None
admissionReviewVersions: ["v1","v1beta1"]
clientConfig:
service:
name: gcp-auth
namespace: gcp-auth
path: "/mutate"
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["*"]
apiVersions: ["*"]
resources: ["pods"]
scope: "*"
\ No newline at end of file
deploy/addons/gvisor/gvisor-runtimeclass.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# Copyright 2018 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion
:
node.k8s.io/v1beta1
kind
:
RuntimeClass
metadata
:
name
:
gvisor
labels
:
kubernetes.io/minikube-addons
:
gvisor
addonmanager.kubernetes.io/mode
:
Reconcile
handler
:
runsc
deploy/addons/olm/crds.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
此差异已折叠。
点击以展开。
deploy/addons/olm/olm.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
---
apiVersion
:
v1
kind
:
Namespace
metadata
:
name
:
olm
---
apiVersion
:
v1
kind
:
Namespace
metadata
:
name
:
operators
---
kind
:
ServiceAccount
apiVersion
:
v1
metadata
:
name
:
olm-operator-serviceaccount
namespace
:
olm
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRole
metadata
:
name
:
system:controller:operator-lifecycle-manager
rules
:
-
apiGroups
:
[
"
*"
]
resources
:
[
"
*"
]
verbs
:
[
"
*"
]
-
nonResourceURLs
:
[
"
*"
]
verbs
:
[
"
*"
]
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRoleBinding
metadata
:
name
:
olm-operator-binding-olm
roleRef
:
apiGroup
:
rbac.authorization.k8s.io
kind
:
ClusterRole
name
:
system:controller:operator-lifecycle-manager
subjects
:
-
kind
:
ServiceAccount
name
:
olm-operator-serviceaccount
namespace
:
olm
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
olm-operator
namespace
:
olm
labels
:
app
:
olm-operator
spec
:
strategy
:
type
:
RollingUpdate
replicas
:
1
selector
:
matchLabels
:
app
:
olm-operator
template
:
metadata
:
labels
:
app
:
olm-operator
spec
:
serviceAccountName
:
olm-operator-serviceaccount
containers
:
-
name
:
olm-operator
command
:
-
/bin/olm
args
:
-
-namespace
-
$(OPERATOR_NAMESPACE)
-
-writeStatusName
-
"
"
image
:
quay.io/operator-framework/olm@sha256:0d15ffb5d10a176ef6e831d7865f98d51255ea5b0d16403618c94a004d049373
imagePullPolicy
:
IfNotPresent
ports
:
-
containerPort
:
8080
-
containerPort
:
8081
name
:
metrics
protocol
:
TCP
livenessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
readinessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
terminationMessagePolicy
:
FallbackToLogsOnError
env
:
-
name
:
OPERATOR_NAMESPACE
valueFrom
:
fieldRef
:
fieldPath
:
metadata.namespace
-
name
:
OPERATOR_NAME
value
:
olm-operator
resources
:
requests
:
cpu
:
10m
memory
:
160Mi
nodeSelector
:
beta.kubernetes.io/os
:
linux
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
catalog-operator
namespace
:
olm
labels
:
app
:
catalog-operator
spec
:
strategy
:
type
:
RollingUpdate
replicas
:
1
selector
:
matchLabels
:
app
:
catalog-operator
template
:
metadata
:
labels
:
app
:
catalog-operator
spec
:
serviceAccountName
:
olm-operator-serviceaccount
containers
:
-
name
:
catalog-operator
command
:
-
/bin/catalog
args
:
-
'
-namespace'
-
olm
-
-configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest
image
:
quay.io/operator-framework/olm@sha256:0d15ffb5d10a176ef6e831d7865f98d51255ea5b0d16403618c94a004d049373
imagePullPolicy
:
IfNotPresent
ports
:
-
containerPort
:
8080
-
containerPort
:
8081
name
:
metrics
protocol
:
TCP
livenessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
readinessProbe
:
httpGet
:
path
:
/healthz
port
:
8080
terminationMessagePolicy
:
FallbackToLogsOnError
env
:
resources
:
requests
:
cpu
:
10m
memory
:
80Mi
nodeSelector
:
beta.kubernetes.io/os
:
linux
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
aggregate-olm-edit
labels
:
rbac.authorization.k8s.io/aggregate-to-admin
:
"
true"
rbac.authorization.k8s.io/aggregate-to-edit
:
"
true"
rules
:
-
apiGroups
:
[
"
operators.coreos.com"
]
resources
:
[
"
subscriptions"
]
verbs
:
[
"
create"
,
"
update"
,
"
patch"
,
"
delete"
]
-
apiGroups
:
[
"
operators.coreos.com"
]
resources
:
[
"
clusterserviceversions"
,
"
catalogsources"
,
"
installplans"
,
"
subscriptions"
]
verbs
:
[
"
delete"
]
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
aggregate-olm-view
labels
:
rbac.authorization.k8s.io/aggregate-to-admin
:
"
true"
rbac.authorization.k8s.io/aggregate-to-edit
:
"
true"
rbac.authorization.k8s.io/aggregate-to-view
:
"
true"
rules
:
-
apiGroups
:
[
"
operators.coreos.com"
]
resources
:
[
"
clusterserviceversions"
,
"
catalogsources"
,
"
installplans"
,
"
subscriptions"
,
"
operatorgroups"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
packages.operators.coreos.com"
]
resources
:
[
"
packagemanifests"
,
"
packagemanifests/icon"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
---
apiVersion
:
operators.coreos.com/v1
kind
:
OperatorGroup
metadata
:
name
:
global-operators
namespace
:
operators
---
apiVersion
:
operators.coreos.com/v1
kind
:
OperatorGroup
metadata
:
name
:
olm-operators
namespace
:
olm
spec
:
targetNamespaces
:
-
olm
---
apiVersion
:
operators.coreos.com/v1alpha1
kind
:
ClusterServiceVersion
metadata
:
name
:
packageserver
namespace
:
olm
labels
:
olm.version
:
0.14.1
spec
:
displayName
:
Package Server
description
:
Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion.
minKubeVersion
:
1.11.0
keywords
:
[
'
packagemanifests'
,
'
olm'
,
'
packages'
]
maintainers
:
-
name
:
Red Hat
email
:
openshift-operators@redhat.com
provider
:
name
:
Red Hat
links
:
-
name
:
Package Server
url
:
https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server
installModes
:
-
type
:
OwnNamespace
supported
:
true
-
type
:
SingleNamespace
supported
:
true
-
type
:
MultiNamespace
supported
:
true
-
type
:
AllNamespaces
supported
:
true
install
:
strategy
:
deployment
spec
:
clusterPermissions
:
-
serviceAccountName
:
olm-operator-serviceaccount
rules
:
-
apiGroups
:
-
authorization.k8s.io
resources
:
-
subjectaccessreviews
verbs
:
-
create
-
get
-
apiGroups
:
-
"
"
resources
:
-
configmaps
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
"
operators.coreos.com"
resources
:
-
catalogsources
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
"
packages.operators.coreos.com"
resources
:
-
packagemanifests
verbs
:
-
get
-
list
deployments
:
-
name
:
packageserver
spec
:
strategy
:
type
:
RollingUpdate
replicas
:
2
selector
:
matchLabels
:
app
:
packageserver
template
:
metadata
:
labels
:
app
:
packageserver
spec
:
serviceAccountName
:
olm-operator-serviceaccount
nodeSelector
:
beta.kubernetes.io/os
:
linux
containers
:
-
name
:
packageserver
command
:
-
/bin/package-server
-
-v=4
-
--secure-port
-
"
5443"
-
--global-namespace
-
olm
image
:
quay.io/operator-framework/olm@sha256:0d15ffb5d10a176ef6e831d7865f98d51255ea5b0d16403618c94a004d049373
imagePullPolicy
:
Always
ports
:
-
containerPort
:
5443
livenessProbe
:
httpGet
:
scheme
:
HTTPS
path
:
/healthz
port
:
5443
readinessProbe
:
httpGet
:
scheme
:
HTTPS
path
:
/healthz
port
:
5443
terminationMessagePolicy
:
FallbackToLogsOnError
resources
:
requests
:
cpu
:
10m
memory
:
50Mi
maturity
:
alpha
version
:
0.14.1
apiservicedefinitions
:
owned
:
-
group
:
packages.operators.coreos.com
version
:
v1
kind
:
PackageManifest
name
:
packagemanifests
displayName
:
PackageManifest
description
:
A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps
deploymentName
:
packageserver
containerPort
:
5443
---
apiVersion
:
operators.coreos.com/v1alpha1
kind
:
CatalogSource
metadata
:
name
:
operatorhubio-catalog
namespace
:
olm
spec
:
sourceType
:
grpc
image
:
quay.io/operator-framework/upstream-community-operators:latest
displayName
:
Community Operators
publisher
:
OperatorHub.io
deploy/addons/volumesnapshots/rbac-volume-snapshot-controller.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
# RBAC file for the volume snapshot controller.
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
volume-snapshot-controller
namespace
:
kube-system
labels
:
kubernetes.io/cluster-service
:
"
true"
addonmanager.kubernetes.io/mode
:
Reconcile
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
# rename if there are conflicts
name
:
volume-snapshot-controller-runner
namespace
:
kube-system
labels
:
kubernetes.io/cluster-service
:
"
true"
addonmanager.kubernetes.io/mode
:
Reconcile
rules
:
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumes"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
persistentvolumeclaims"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
update"
]
-
apiGroups
:
[
"
storage.k8s.io"
]
resources
:
[
"
storageclasses"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
"
]
resources
:
[
"
events"
]
verbs
:
[
"
list"
,
"
watch"
,
"
create"
,
"
update"
,
"
patch"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshotclasses"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshotcontents"
]
verbs
:
[
"
create"
,
"
get"
,
"
list"
,
"
watch"
,
"
update"
,
"
delete"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshots"
]
verbs
:
[
"
get"
,
"
list"
,
"
watch"
,
"
update"
]
-
apiGroups
:
[
"
snapshot.storage.k8s.io"
]
resources
:
[
"
volumesnapshots/status"
]
verbs
:
[
"
update"
]
-
apiGroups
:
[
"
apiextensions.k8s.io"
]
resources
:
[
"
customresourcedefinitions"
]
verbs
:
[
"
create"
,
"
list"
,
"
watch"
,
"
delete"
,
"
get"
,
"
update"
]
---
kind
:
ClusterRoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
volume-snapshot-controller-role
namespace
:
kube-system
labels
:
kubernetes.io/cluster-service
:
"
true"
addonmanager.kubernetes.io/mode
:
Reconcile
subjects
:
-
kind
:
ServiceAccount
name
:
volume-snapshot-controller
namespace
:
kube-system
roleRef
:
kind
:
ClusterRole
# change the name also here if the ClusterRole gets renamed
name
:
volume-snapshot-controller-runner
apiGroup
:
rbac.authorization.k8s.io
---
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
volume-snapshot-controller-leaderelection
namespace
:
kube-system
labels
:
kubernetes.io/cluster-service
:
"
true"
addonmanager.kubernetes.io/mode
:
Reconcile
rules
:
-
apiGroups
:
[
"
coordination.k8s.io"
]
resources
:
[
"
leases"
]
verbs
:
[
"
get"
,
"
watch"
,
"
list"
,
"
delete"
,
"
update"
,
"
create"
]
---
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
volume-snapshot-controller-leaderelection
namespace
:
kube-system
labels
:
kubernetes.io/cluster-service
:
"
true"
addonmanager.kubernetes.io/mode
:
Reconcile
subjects
:
-
kind
:
ServiceAccount
name
:
volume-snapshot-controller
namespace
:
kube-system
roleRef
:
kind
:
Role
name
:
volume-snapshot-controller-leaderelection
apiGroup
:
rbac.authorization.k8s.io
deploy/addons/volumesnapshots/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
volumesnapshotclasses.snapshot.storage.k8s.io
labels
:
addonmanager.kubernetes.io/mode
:
Reconcile
spec
:
group
:
snapshot.storage.k8s.io
names
:
kind
:
VolumeSnapshotClass
listKind
:
VolumeSnapshotClassList
plural
:
volumesnapshotclasses
singular
:
volumesnapshotclass
scope
:
Cluster
preserveUnknownFields
:
false
validation
:
openAPIV3Schema
:
description
:
VolumeSnapshotClass specifies parameters that a underlying storage
system uses when creating a volume snapshot. A specific VolumeSnapshotClass
is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses
are non-namespaced
properties
:
apiVersion
:
description
:
'
APIVersion
defines
the
versioned
schema
of
this
representation
of
an
object.
Servers
should
convert
recognized
schemas
to
the
latest
internal
value,
and
may
reject
unrecognized
values.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type
:
string
deletionPolicy
:
description
:
deletionPolicy determines whether a VolumeSnapshotContent created
through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot
is deleted. Supported values are "Retain" and "Delete". "Retain" means
that the VolumeSnapshotContent and its physical snapshot on underlying
storage system are kept. "Delete" means that the VolumeSnapshotContent
and its physical snapshot on underlying storage system are deleted. Required.
enum
:
-
Delete
-
Retain
type
:
string
driver
:
description
:
driver is the name of the storage driver that handles this
VolumeSnapshotClass. Required.
type
:
string
kind
:
description
:
'
Kind
is
a
string
value
representing
the
REST
resource
this
object
represents.
Servers
may
infer
this
from
the
endpoint
the
client
submits
requests
to.
Cannot
be
updated.
In
CamelCase.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type
:
string
parameters
:
additionalProperties
:
type
:
string
description
:
parameters is a key-value map with storage driver specific
parameters for creating snapshots. These values are opaque to Kubernetes.
type
:
object
required
:
-
deletionPolicy
-
driver
type
:
object
version
:
v1beta1
versions
:
-
name
:
v1beta1
served
:
true
storage
:
true
status
:
acceptedNames
:
kind
:
"
"
plural
:
"
"
conditions
:
[]
storedVersions
:
[]
deploy/addons/volumesnapshots/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
volumesnapshotcontents.snapshot.storage.k8s.io
labels
:
addonmanager.kubernetes.io/mode
:
Reconcile
spec
:
group
:
snapshot.storage.k8s.io
names
:
kind
:
VolumeSnapshotContent
listKind
:
VolumeSnapshotContentList
plural
:
volumesnapshotcontents
singular
:
volumesnapshotcontent
scope
:
Cluster
subresources
:
status
:
{}
preserveUnknownFields
:
false
validation
:
openAPIV3Schema
:
description
:
VolumeSnapshotContent represents the actual "on-disk" snapshot
object in the underlying storage system
properties
:
apiVersion
:
description
:
'
APIVersion
defines
the
versioned
schema
of
this
representation
of
an
object.
Servers
should
convert
recognized
schemas
to
the
latest
internal
value,
and
may
reject
unrecognized
values.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type
:
string
kind
:
description
:
'
Kind
is
a
string
value
representing
the
REST
resource
this
object
represents.
Servers
may
infer
this
from
the
endpoint
the
client
submits
requests
to.
Cannot
be
updated.
In
CamelCase.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type
:
string
spec
:
description
:
spec defines properties of a VolumeSnapshotContent created
by the underlying storage system. Required.
properties
:
deletionPolicy
:
description
:
deletionPolicy determines whether this VolumeSnapshotContent
and its physical snapshot on the underlying storage system should
be deleted when its bound VolumeSnapshot is deleted. Supported values
are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent
and its physical snapshot on underlying storage system are kept. "Delete"
means that the VolumeSnapshotContent and its physical snapshot on
underlying storage system are deleted. In dynamic snapshot creation
case, this field will be filled in with the "DeletionPolicy" field
defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For
pre-existing snapshots, users MUST specify this field when creating
the VolumeSnapshotContent object. Required.
enum
:
-
Delete
-
Retain
type
:
string
driver
:
description
:
driver is the name of the CSI driver used to create the
physical snapshot on the underlying storage system. This MUST be the
same as the name returned by the CSI GetPluginName() call for that
driver. Required.
type
:
string
source
:
description
:
source specifies from where a snapshot will be created.
This field is immutable after creation. Required.
properties
:
snapshotHandle
:
description
:
snapshotHandle specifies the CSI "snapshot_id" of a
pre-existing snapshot on the underlying storage system. This field
is immutable.
type
:
string
volumeHandle
:
description
:
volumeHandle specifies the CSI "volume_id" of the volume
from which a snapshot should be dynamically taken from. This field
is immutable.
type
:
string
type
:
object
volumeSnapshotClassName
:
description
:
name of the VolumeSnapshotClass to which this snapshot
belongs.
type
:
string
volumeSnapshotRef
:
description
:
volumeSnapshotRef specifies the VolumeSnapshot object to
which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName
field must reference to this VolumeSnapshotContent's name for the
bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent
object, name and namespace of the VolumeSnapshot object MUST be provided
for binding to happen. This field is immutable after creation. Required.
properties
:
apiVersion
:
description
:
API version of the referent.
type
:
string
fieldPath
:
description
:
'
If
referring
to
a
piece
of
an
object
instead
of
an
entire
object,
this
string
should
contain
a
valid
JSON/Go
field
access
statement,
such
as
desiredState.manifest.containers[2].
For
example,
if
the
object
reference
is
to
a
container
within
a
pod,
this
would
take
on
a
value
like:
"spec.containers{name}"
(where
"name"
refers
to
the
name
of
the
container
that
triggered
the
event)
or
if
no
container
name
is
specified
"spec.containers[2]"
(container
with
index
2
in
this
pod).
This
syntax
is
chosen
only
to
have
some
well-defined
way
of
referencing
a
part
of
an
object.
TODO:
this
design
is
not
final
and
this
field
is
subject
to
change
in
the
future.'
type
:
string
kind
:
description
:
'
Kind
of
the
referent.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type
:
string
name
:
description
:
'
Name
of
the
referent.
More
info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type
:
string
namespace
:
description
:
'
Namespace
of
the
referent.
More
info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type
:
string
resourceVersion
:
description
:
'
Specific
resourceVersion
to
which
this
reference
is
made,
if
any.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency'
type
:
string
uid
:
description
:
'
UID
of
the
referent.
More
info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type
:
string
type
:
object
required
:
-
deletionPolicy
-
driver
-
source
-
volumeSnapshotRef
type
:
object
status
:
description
:
status represents the current information of a snapshot.
properties
:
creationTime
:
description
:
creationTime is the timestamp when the point-in-time snapshot
is taken by the underlying storage system. In dynamic snapshot creation
case, this field will be filled in with the "creation_time" value
returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing
snapshot, this field will be filled with the "creation_time" value
returned from the CSI "ListSnapshots" gRPC call if the driver supports
it. If not specified, it indicates the creation time is unknown. The
format of this field is a Unix nanoseconds time encoded as an int64.
On Unix, the command `date +%s%N` returns the current time in nanoseconds
since 1970-01-01 00:00:00 UTC.
format
:
int64
type
:
integer
error
:
description
:
error is the latest observed error during snapshot creation,
if any.
properties
:
message
:
description
:
'
message
is
a
string
detailing
the
encountered
error
during
snapshot
creation
if
specified.
NOTE:
message
may
be
logged,
and
it
should
not
contain
sensitive
information.'
type
:
string
time
:
description
:
time is the timestamp when the error was encountered.
format
:
date-time
type
:
string
type
:
object
readyToUse
:
description
:
readyToUse indicates if a snapshot is ready to be used
to restore a volume. In dynamic snapshot creation case, this field
will be filled in with the "ready_to_use" value returned from CSI
"CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this
field will be filled with the "ready_to_use" value returned from the
CSI "ListSnapshots" gRPC call if the driver supports it, otherwise,
this field will be set to "True". If not specified, it means the readiness
of a snapshot is unknown.
type
:
boolean
restoreSize
:
description
:
restoreSize represents the complete size of the snapshot
in bytes. In dynamic snapshot creation case, this field will be filled
in with the "size_bytes" value returned from CSI "CreateSnapshotRequest"
gRPC call. For a pre-existing snapshot, this field will be filled
with the "size_bytes" value returned from the CSI "ListSnapshots"
gRPC call if the driver supports it. When restoring a volume from
this snapshot, the size of the volume MUST NOT be smaller than the
restoreSize if it is specified, otherwise the restoration will fail.
If not specified, it indicates that the size is unknown.
format
:
int64
minimum
:
0
type
:
integer
snapshotHandle
:
description
:
snapshotHandle is the CSI "snapshot_id" of a snapshot on
the underlying storage system. If not specified, it indicates that
dynamic snapshot creation has either failed or it is still in progress.
type
:
string
type
:
object
required
:
-
spec
type
:
object
version
:
v1beta1
versions
:
-
name
:
v1beta1
served
:
true
storage
:
true
status
:
acceptedNames
:
kind
:
"
"
plural
:
"
"
conditions
:
[]
storedVersions
:
[]
deploy/addons/volumesnapshots/snapshot.storage.k8s.io_volumesnapshots.yaml
已删除
100644 → 0
浏览文件 @
be1b24c0
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
volumesnapshots.snapshot.storage.k8s.io
labels
:
addonmanager.kubernetes.io/mode
:
Reconcile
spec
:
group
:
snapshot.storage.k8s.io
names
:
kind
:
VolumeSnapshot
listKind
:
VolumeSnapshotList
plural
:
volumesnapshots
singular
:
volumesnapshot
scope
:
Namespaced
subresources
:
status
:
{}
preserveUnknownFields
:
false
validation
:
openAPIV3Schema
:
description
:
VolumeSnapshot is a user's request for either creating a point-in-time
snapshot of a persistent volume, or binding to a pre-existing snapshot.
properties
:
apiVersion
:
description
:
'
APIVersion
defines
the
versioned
schema
of
this
representation
of
an
object.
Servers
should
convert
recognized
schemas
to
the
latest
internal
value,
and
may
reject
unrecognized
values.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type
:
string
kind
:
description
:
'
Kind
is
a
string
value
representing
the
REST
resource
this
object
represents.
Servers
may
infer
this
from
the
endpoint
the
client
submits
requests
to.
Cannot
be
updated.
In
CamelCase.
More
info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type
:
string
spec
:
description
:
'
spec
defines
the
desired
characteristics
of
a
snapshot
requested
by
a
user.
More
info:
https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
Required.'
properties
:
source
:
description
:
source specifies where a snapshot will be created from.
This field is immutable after creation. Required.
properties
:
persistentVolumeClaimName
:
description
:
persistentVolumeClaimName specifies the name of the
PersistentVolumeClaim object in the same namespace as the VolumeSnapshot
object where the snapshot should be dynamically taken from. This
field is immutable.
type
:
string
volumeSnapshotContentName
:
description
:
volumeSnapshotContentName specifies the name of a pre-existing
VolumeSnapshotContent object. This field is immutable.
type
:
string
type
:
object
volumeSnapshotClassName
:
description
:
'
volumeSnapshotClassName
is
the
name
of
the
VolumeSnapshotClass
requested
by
the
VolumeSnapshot.
If
not
specified,
the
default
snapshot
class
will
be
used
if
one
exists.
If
not
specified,
and
there
is
no
default
snapshot
class,
dynamic
snapshot
creation
will
fail.
Empty
string
is
not
allowed
for
this
field.
TODO(xiangqian):
a
webhook
validation
on
empty
string.
More
info:
https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes'
type
:
string
required
:
-
source
type
:
object
status
:
description
:
'
status
represents
the
current
information
of
a
snapshot.
NOTE:
status
can
be
modified
by
sources
other
than
system
controllers,
and
must
not
be
depended
upon
for
accuracy.
Controllers
should
only
use
information
from
the
VolumeSnapshotContent
object
after
verifying
that
the
binding
is
accurate
and
complete.'
properties
:
boundVolumeSnapshotContentName
:
description
:
'
boundVolumeSnapshotContentName
represents
the
name
of
the
VolumeSnapshotContent
object
to
which
the
VolumeSnapshot
object
is
bound.
If
not
specified,
it
indicates
that
the
VolumeSnapshot
object
has
not
been
successfully
bound
to
a
VolumeSnapshotContent
object
yet.
NOTE:
Specified
boundVolumeSnapshotContentName
alone
does
not
mean
binding
is
valid.
Controllers
MUST
always
verify
bidirectional
binding
between
VolumeSnapshot
and
VolumeSnapshotContent
to
avoid
possible
security
issues.'
type
:
string
creationTime
:
description
:
creationTime is the timestamp when the point-in-time snapshot
is taken by the underlying storage system. In dynamic snapshot creation
case, this field will be filled in with the "creation_time" value
returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing
snapshot, this field will be filled with the "creation_time" value
returned from the CSI "ListSnapshots" gRPC call if the driver supports
it. If not specified, it indicates that the creation time of the snapshot
is unknown.
format
:
date-time
type
:
string
error
:
description
:
error is the last observed error during snapshot creation,
if any. This field could be helpful to upper level controllers(i.e.,
application controller) to decide whether they should continue on
waiting for the snapshot to be created based on the type of error
reported.
properties
:
message
:
description
:
'
message
is
a
string
detailing
the
encountered
error
during
snapshot
creation
if
specified.
NOTE:
message
may
be
logged,
and
it
should
not
contain
sensitive
information.'
type
:
string
time
:
description
:
time is the timestamp when the error was encountered.
format
:
date-time
type
:
string
type
:
object
readyToUse
:
description
:
readyToUse indicates if a snapshot is ready to be used
to restore a volume. In dynamic snapshot creation case, this field
will be filled in with the "ready_to_use" value returned from CSI
"CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this
field will be filled with the "ready_to_use" value returned from the
CSI "ListSnapshots" gRPC call if the driver supports it, otherwise,
this field will be set to "True". If not specified, it means the readiness
of a snapshot is unknown.
type
:
boolean
restoreSize
:
description
:
restoreSize represents the complete size of the snapshot
in bytes. In dynamic snapshot creation case, this field will be filled
in with the "size_bytes" value returned from CSI "CreateSnapshotRequest"
gRPC call. For a pre-existing snapshot, this field will be filled
with the "size_bytes" value returned from the CSI "ListSnapshots"
gRPC call if the driver supports it. When restoring a volume from
this snapshot, the size of the volume MUST NOT be smaller than the
restoreSize if it is specified, otherwise the restoration will fail.
If not specified, it indicates that the size is unknown.
type
:
string
type
:
object
required
:
-
spec
type
:
object
version
:
v1beta1
versions
:
-
name
:
v1beta1
served
:
true
storage
:
true
status
:
acceptedNames
:
kind
:
"
"
plural
:
"
"
conditions
:
[]
storedVersions
:
[]
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录