--- apiVersion: v1 kind: ServiceAccount metadata: name: cloud-controller-manager namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" name: system:cloud-controller-manager rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - patch - create - update - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - configmaps/status verbs: - get - update - patch - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - nodes verbs: - '*' - apiGroups: - "" resources: - nodes/status verbs: - patch - apiGroups: - "" resources: - services verbs: - list - patch - update - watch - apiGroups: - "" resources: - services/status verbs: - list - patch - update - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - get - list - watch - update - apiGroups: - "" resources: - endpoints verbs: - create - get - list - watch - update - apiGroups: - "" resources: - secrets verbs: - create - get - list - patch - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: system:cloud-controller-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:cloud-controller-manager subjects: - kind: ServiceAccount name: cloud-controller-manager namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: vmware-cloud-director-ccm name: vmware-cloud-director-ccm namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 2 selector: matchLabels: app: vmware-cloud-director-ccm template: metadata: labels: app: vmware-cloud-director-ccm annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: dnsPolicy: Default hostNetwork: true serviceAccountName: cloud-controller-manager securityContext: runAsUser: 1000 containers: - name: vmware-cloud-director-ccm image: projects.registry.vmware.com/vmware-cloud-director/cloud-provider-for-cloud-director:1.6.0 imagePullPolicy: IfNotPresent command: - /opt/vcloud/bin/cloud-provider-for-cloud-director - --cloud-provider=vmware-cloud-director - --cloud-config=/etc/kubernetes/vcloud/vcloud-ccm-config.yaml - --allow-untagged-cloud=true volumeMounts: - name: vcloud-ccm-config-volume mountPath: /etc/kubernetes/vcloud - name: vcloud-ccm-vcloud-basic-auth-volume mountPath: /etc/kubernetes/vcloud/basic-auth tolerations: - key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" - key: node-role.kubernetes.io/master effect: NoSchedule - key: node-role.kubernetes.io/control-plane effect: NoSchedule affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: "Exists" volumes: - name: vcloud-ccm-config-volume configMap: name: vcloud-ccm-configmap - name: vcloud-ccm-vcloud-basic-auth-volume secret: secretName: vcloud-basic-auth ---