apiVersion: v1 kind: ServiceAccount metadata: name: stork-scheduler-account namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "patch", "update"] - apiGroups: [""] resources: ["endpoints"] verbs: ["create"] - apiGroups: [""] resourceNames: ["kube-scheduler"] resources: ["endpoints"] verbs: ["delete", "get", "patch", "update"] - apiGroups: [""] resources: ["nodes","namespaces"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods"] verbs: ["delete", "get", "list", "watch"] - apiGroups: [""] resources: ["bindings", "pods/binding"] verbs: ["create"] - apiGroups: [""] resources: ["pods/status"] verbs: ["patch", "update"] - apiGroups: [""] resources: ["replicationcontrollers", "services"] verbs: ["get", "list", "watch"] - apiGroups: ["*"] resources: ["replicasets"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["statefulsets"] verbs: ["get", "list", "watch"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims", "persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes","csidrivers", "csistoragecapacities"] verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "update", "create"] - apiGroups: ["events.k8s.io"] resources: ["events"] verbs: ["create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role-binding subjects: - kind: ServiceAccount name: stork-scheduler-account namespace: kube-system roleRef: kind: ClusterRole name: stork-scheduler-role apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: labels: component: scheduler tier: control-plane name: stork-scheduler namespace: kube-system spec: replicas: 3 selector: matchLabels: name: stork-scheduler template: metadata: labels: component: scheduler tier: control-plane name: stork-scheduler name: stork-scheduler spec: containers: - command: - /usr/local/bin/kube-scheduler - --bind-address=0.0.0.0 - --config=/etc/kubernetes/stork-config.yaml image: k8s.gcr.io/kube-scheduler-amd64: livenessProbe: httpGet: path: /healthz port: 10259 scheme: HTTPS initialDelaySeconds: 15 name: stork-scheduler readinessProbe: httpGet: path: /healthz port: 10259 scheme: HTTPS resources: requests: cpu: '0.1' securityContext: privileged: false volumeMounts: - mountPath: /etc/kubernetes name: scheduler-config affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - stork-scheduler topologyKey: "kubernetes.io/hostname" hostPID: false serviceAccountName: stork-scheduler-account volumes: - configMap: name: stork-config name: scheduler-config