1f360788c1
This uses the Downward API to inject the runtime namespace of the controller as an env var, rather than hard-coding it as 'vino-system'. It then uses the runtime namespace to lookup the default DaemonSet template, and then to co-locate the generated DaemonSet and bound ConfigMap with the controller, so that a static service account can be used by the DaemonSet, regardless of which namespace Vino CRs are created in. The names of the generated objects are now uniquely identified by the namespace/name of the Vino CR to avoid conflicts. Some other future use cases for the injected runtime namespace could include: - create ipam CRs in the same namespace as the controller - tenant namespacing, e.g. add a flag to limit the controller to only watch for Vino CRs in the runtime namespace Signed-off-by: Sean Eagan <seaneagan1@gmail.com> Change-Id: I47994782342c9c4ef749054017969386cefad3b8
46 lines
965 B
YAML
46 lines
965 B
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
name: system
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: controller-manager
|
|
namespace: system
|
|
labels:
|
|
control-plane: controller-manager
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
control-plane: controller-manager
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- /manager
|
|
args:
|
|
- --enable-leader-election
|
|
image: quay.io/airshipit/vino
|
|
imagePullPolicy: IfNotPresent
|
|
name: manager
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 30Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 20Mi
|
|
env:
|
|
- name: RUNTIME_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
terminationGracePeriodSeconds: 10
|