--- apiVersion: v1 kind: ServiceAccount metadata: name: cloud-controller-manager labels: vsphere-cpi-infra: service-account component: cloud-controller-manager namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: vsphere-cloud-secret labels: vsphere-cpi-infra: secret component: cloud-controller-manager namespace: kube-system # NOTE: this is just an example configuration, update with real values based on your environment stringData: 10.0.0.1.username: "" 10.0.0.1.password: "" 1.2.3.4.username: "" 1.2.3.4.password: "" --- apiVersion: v1 kind: ConfigMap metadata: name: vsphere-cloud-config labels: vsphere-cpi-infra: config component: cloud-controller-manager namespace: kube-system data: # NOTE: this is just an example configuration, update with real values based on your environment vsphere.conf: | # Global properties in this section will be used for all specified vCenters unless overriden in VirtualCenter section. global: port: 443 # set insecureFlag to true if the vCenter uses a self-signed cert insecureFlag: true # settings for using k8s secret secretName: vsphere-cloud-secret secretNamespace: kube-system # vcenter section vcenter: your-vcenter-name-here: server: 10.0.0.1 user: use-your-vcenter-user-here password: use-your-vcenter-password-here datacenters: - hrwest - hreast could-be-a-tenant-label: server: 1.2.3.4 datacenters: - mytenantdc secretName: cpi-engineering-secret secretNamespace: kube-system # labels for regions and zones labels: region: k8s-region zone: k8s-zone --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: servicecatalog.k8s.io:apiserver-authentication-reader labels: vsphere-cpi-infra: role-binding component: cloud-controller-manager namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - apiGroup: "" kind: ServiceAccount name: cloud-controller-manager namespace: kube-system - apiGroup: "" kind: User name: cloud-controller-manager --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:cloud-controller-manager labels: vsphere-cpi-infra: cluster-role-binding component: cloud-controller-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:cloud-controller-manager subjects: - kind: ServiceAccount name: cloud-controller-manager namespace: kube-system - kind: User name: cloud-controller-manager --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:cloud-controller-manager labels: vsphere-cpi-infra: role component: cloud-controller-manager rules: - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - nodes verbs: - "*" - apiGroups: - "" resources: - nodes/status verbs: - patch - apiGroups: - "" resources: - services verbs: - list - patch - update - watch - apiGroups: - "" resources: - services/status verbs: - patch - apiGroups: - "" resources: - serviceaccounts verbs: - create - get - list - watch - update - apiGroups: - "" resources: - persistentvolumes verbs: - get - list - update - watch - apiGroups: - "" resources: - endpoints verbs: - create - get - list - watch - update - apiGroups: - "" resources: - secrets verbs: - get - list - watch - apiGroups: - "coordination.k8s.io" resources: - leases verbs: - create - get - list - watch - update --- apiVersion: apps/v1 kind: DaemonSet metadata: name: vsphere-cloud-controller-manager labels: component: cloud-controller-manager tier: control-plane namespace: kube-system spec: selector: matchLabels: name: vsphere-cloud-controller-manager updateStrategy: type: RollingUpdate template: metadata: labels: name: vsphere-cloud-controller-manager component: cloud-controller-manager tier: control-plane spec: nodeSelector: node-role.kubernetes.io/master: "" tolerations: - key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule operator: Exists - key: node.kubernetes.io/not-ready effect: NoSchedule operator: Exists securityContext: runAsUser: 1001 serviceAccountName: cloud-controller-manager priorityClassName: system-node-critical containers: - name: vsphere-cloud-controller-manager image: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.23.5 args: - --cloud-provider=vsphere - --v=2 - --cloud-config=/etc/cloud/vsphere.conf volumeMounts: - mountPath: /etc/cloud name: vsphere-config-volume readOnly: true resources: requests: cpu: 200m hostNetwork: true volumes: - name: vsphere-config-volume configMap: name: vsphere-cloud-config