--- apiVersion: apps/v1 kind: Deployment metadata: labels: io.cilium/app: etcd-operator name: cilium-etcd-operator name: cilium-etcd-operator namespace: external-dns spec: replicas: 1 selector: matchLabels: io.cilium/app: etcd-operator name: cilium-etcd-operator strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: io.cilium/app: etcd-operator name: cilium-etcd-operator spec: containers: - args: #- --etcd-node-selector=disktype=ssd,cputype=high command: - /usr/bin/cilium-etcd-operator env: - name: CILIUM_ETCD_OPERATOR_CLUSTER_DOMAIN value: "cluster.local" - name: CILIUM_ETCD_OPERATOR_ETCD_CLUSTER_SIZE value: "3" - name: CILIUM_ETCD_OPERATOR_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CILIUM_ETCD_OPERATOR_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: CILIUM_ETCD_OPERATOR_POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: CILIUM_ETCD_META_ETCD_AUTO_COMPACTION_MODE value: "revision" - name: CILIUM_ETCD_META_ETCD_AUTO_COMPACTION_RETENTION value: "25000" image: docker.io/cilium/cilium-etcd-operator:v2.0.7 imagePullPolicy: IfNotPresent name: cilium-etcd-operator dnsPolicy: ClusterFirst hostNetwork: true restartPolicy: Always serviceAccount: cilium-etcd-operator serviceAccountName: cilium-etcd-operator tolerations: - operator: Exists --- apiVersion: v1 kind: ServiceAccount metadata: name: cilium-etcd-operator namespace: external-dns --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cilium-etcd-operator rules: - apiGroups: - etcd.database.coreos.com resources: - etcdclusters verbs: - get - delete - create - update - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - delete - get - create - apiGroups: - "" resources: - deployments verbs: - delete - create - get - update - apiGroups: - "" resources: - pods verbs: - list - get - delete - apiGroups: - apps resources: - deployments verbs: - delete - create - get - update - apiGroups: - "" resources: - componentstatuses verbs: - get - apiGroups: - extensions resources: - deployments verbs: - delete - create - get - update - apiGroups: - "" resources: - secrets verbs: - get - create - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cilium-etcd-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cilium-etcd-operator subjects: - kind: ServiceAccount name: cilium-etcd-operator namespace: external-dns --- apiVersion: v1 kind: ServiceAccount metadata: name: cilium-etcd-sa namespace: external-dns --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: etcd-operator rules: - apiGroups: - etcd.database.coreos.com resources: - etcdclusters - etcdbackups - etcdrestores verbs: - '*' - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - '*' - apiGroups: - "" resources: - pods - services - endpoints - persistentvolumeclaims - events - deployments verbs: - '*' - apiGroups: - apps resources: - deployments verbs: - '*' - apiGroups: - extensions resources: - deployments verbs: - create - get - list - patch - update - apiGroups: - "" resources: - secrets verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: etcd-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: etcd-operator subjects: - kind: ServiceAccount name: cilium-etcd-sa namespace: external-dns