platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
3ee4369cc1810a6c860075637172d303974268b1
manifests/charts/sys/templates/pre-cluster/label-and-taint-nodes.yaml
T

97 lines
2.0 KiB
YAML
Raw Blame History

{{ if .Values.cluster_config.nodes }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: label-and-taint-nodes
namespace: kube-system
spec:
backoffLimit: 1
template:
metadata:
annotations:
linkerd.io/inject: disable
spec:
restartPolicy: Never
serviceAccountName: label-and-taint-nodes
securityContext:
runAsUser: 12000
runAsGroup: 13000
fsGroup: 10000
affinity:
tolerations:
- key: unschedulable
value: "true"
effect: NoSchedule
containers:
- image: bitnami/kubectl:1.24
name: kubectl
resources: {}
securityContext:
allowPrivilegeEscalation: false
command:
- "/bin/sh"
- -c
- /tmp/scripts/script.sh
volumeMounts:
- name: scripts
mountPath: /tmp/scripts
volumes:
- name: scripts
configMap:
name: label-and-taint-scripts
defaultMode: 0755
---
apiVersion: v1
data:
script.sh: |
#! /bin/bash
{{- range $node := .Values.cluster_config.nodes }}
{{- range .labels }}
kubectl label nodes --overwrite=true {{ $node.name }} {{ . | quote }}
{{- end }}
{{- range .taints }}
kubectl taint nodes --overwrite=true {{ $node.name }} {{ . | quote }}
{{- end }}
{{- end }}
kind: ConfigMap
metadata:
name: label-and-taint-scripts
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: label-and-taint-nodes
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: label-and-taint-nodes
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- update
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: label-and-taint-nodes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: label-and-taint-nodes
subjects:
- kind: ServiceAccount
name: label-and-taint-nodes
namespace: kube-system
{{ end }}
Reference in New Issue View Git Blame Copy Permalink