github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-02-14 10:00:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9d1a993e2c6f0023595e1902c953adbb15089c8a
open-cluster-management/manifests/klusterlet/management/klusterlet-agent-deployment.yaml
Yang Le 9d1a993e2c
Some checks failed
Post / images (amd64, placement) (push) Failing after 50s
Post / images (amd64, registration) (push) Failing after 41s
Post / images (amd64, registration-operator) (push) Failing after 40s
Post / images (amd64, work) (push) Failing after 44s
Post / images (arm64, addon-manager) (push) Failing after 41s
Post / images (arm64, placement) (push) Failing after 42s
Post / images (arm64, registration) (push) Failing after 41s
Post / images (amd64, addon-manager) (push) Failing after 5m29s
Post / images (arm64, registration-operator) (push) Failing after 43s
Post / images (arm64, work) (push) Failing after 5m35s
Post / image manifest (addon-manager) (push) Has been skipped
Post / image manifest (placement) (push) Has been skipped
Post / image manifest (registration) (push) Has been skipped
Post / image manifest (registration-operator) (push) Has been skipped
Post / image manifest (work) (push) Has been skipped
Post / trigger clusteradm e2e (push) Has been skipped
Post / coverage (push) Failing after 40m4s
Scorecard supply-chain security / Scorecard analysis (push) Failing after 4m1s
add token driver for addon registration (#1343) 
Signed-off-by: Yang Le <yangle@redhat.com>
2026-01-28 05:41:52 +00:00

260 lines
8.6 KiB
YAML
Raw Blame History

kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ .KlusterletName }}-agent
namespace: {{ .AgentNamespace }}
labels:
app: klusterlet-agent
{{ if gt (len .Labels) 0 }}
{{ range $key, $value := .Labels }}
"{{ $key }}": "{{ $value }}"
{{ end }}
{{ end }}
spec:
replicas: {{ .Replica }}
selector:
matchLabels:
app: klusterlet-agent
template:
metadata:
annotations:
target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
labels:
app: klusterlet-agent
{{ if gt (len .Labels) 0 }}
{{ range $key, $value := .Labels }}
"{{ $key }}": "{{ $value }}"
{{ end }}
{{ end }}
spec:
{{if .HubApiServerHostAlias }}
hostAliases:
- ip: {{ .HubApiServerHostAlias.IP }}
hostnames:
- {{ .HubApiServerHostAlias.Hostname }}
{{end}}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 70
podAffinityTerm:
topologyKey: failure-domain.beta.kubernetes.io/zone
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- klusterlet-agent
- weight: 30
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- klusterlet-agent
serviceAccountName: {{ .KlusterletName }}-work-sa
containers:
- name: klusterlet-agent
image: {{ .SingletonImage }}
args:
- "/registration-operator"
- "agent"
- "--spoke-cluster-name={{ .ClusterName }}"
{{if .MultipleHubs}}
{{range .BootStrapKubeConfigSecrets}}
- "--bootstrap-kubeconfigs=/spoke/{{.}}/kubeconfig"
{{end}}
- "--hub-connection-timeout-seconds={{ .HubConnectionTimeoutSeconds }}"
{{else}}
- "--bootstrap-kubeconfig=/spoke/bootstrap/kubeconfig"
{{end}}
- "--agent-id={{ .AgentID }}"
{{if eq .RegistrationDriver.AuthType "grpc"}}
- "--workload-source-driver=grpc"
- "--workload-source-config=/spoke/hub-kubeconfig/config.yaml"
- "--cloudevents-client-id={{ .ClusterName }}-klusterlet-agent"
{{else}}
- "--workload-source-driver=kube"
- "--workload-source-config=/spoke/hub-kubeconfig/kubeconfig"
{{end}}
{{ if gt (len .WorkFeatureGates) 0 }}
{{range .WorkFeatureGates}}
- {{ . }}
{{end}}
{{ end }}
{{ if gt (len .RegistrationFeatureGates) 0 }}
{{range .RegistrationFeatureGates}}
- {{ . }}
{{end}}
{{ end }}
{{if .ExternalServerURL}}
- "--spoke-external-server-urls={{ .ExternalServerURL }}"
{{end}}
{{if .WorkStatusSyncInterval}}
- "--status-sync-interval={{ .WorkStatusSyncInterval }}"
{{else if eq .Replica 1}}
- "--status-sync-interval=60s"
{{end}}
{{if gt .ClientCertExpirationSeconds 0}}
- "--client-cert-expiration-seconds={{ .ClientCertExpirationSeconds }}"
{{end}}
{{if .ClusterAnnotationsString}}
- "--cluster-annotations={{ .ClusterAnnotationsString }}"
{{end}}
{{if eq .InstallMode "SingletonHosted"}}
- "--spoke-kubeconfig=/spoke/config/kubeconfig"
- "--terminate-on-files=/spoke/config/kubeconfig"
{{end}}
{{if gt .AgentKubeAPIQPS 0.0}}
- "--kube-api-qps={{ .AgentKubeAPIQPS }}"
{{end}}
{{if gt .AgentKubeAPIBurst 0}}
- "--kube-api-burst={{ .AgentKubeAPIBurst }}"
{{end}}
{{if gt .WorkHubKubeAPIQPS 0.0}}
- "--hub-kube-api-qps={{ .WorkHubKubeAPIQPS }}"
{{end}}
{{if gt .WorkHubKubeAPIBurst 0}}
- "--hub-kube-api-burst={{ .WorkHubKubeAPIBurst }}"
{{end}}
{{if .MaxCustomClusterClaims}}
- "--max-custom-cluster-claims={{ .MaxCustomClusterClaims }}"
{{end}}
{{if .ReservedClusterClaimSuffixes}}
- "--reserved-cluster-claim-suffixes={{ .ReservedClusterClaimSuffixes }}"
{{end}}
{{if .AddOnKubeClientRegistrationAuth}}
- "--addon-kubeclient-registration-auth={{ .AddOnKubeClientRegistrationAuth }}"
{{end}}
{{if gt .AddOnTokenExpirationSeconds 0}}
- "--addon-token-expiration-seconds={{ .AddOnTokenExpirationSeconds }}"
{{end}}
{{if .AppliedManifestWorkEvictionGracePeriod}}
- "--appliedmanifestwork-eviction-grace-period={{ .AppliedManifestWorkEvictionGracePeriod }}"
{{end}}
{{if eq .RegistrationDriver.AuthType "awsirsa"}}
- "--registration-auth={{ .RegistrationDriver.AuthType }}"
- "--hub-cluster-arn={{ .RegistrationDriver.AwsIrsa.HubClusterArn }}"
- "--managed-cluster-arn={{ .RegistrationDriver.AwsIrsa.ManagedClusterArn }}"
{{if .ManagedClusterRoleSuffix}}
- "--managed-cluster-role-suffix={{ .ManagedClusterRoleSuffix }}"
{{end}}
{{end}}
{{if eq .RegistrationDriver.AuthType "grpc"}}
- "--registration-auth=grpc"
- "--grpc-bootstrap-config=/spoke/bootstrap/config.yaml"
- "--grpc-config=/spoke/hub-kubeconfig/config.yaml"
{{end}}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsNonRoot: true
readOnlyRootFilesystem: true
volumeMounts:
{{if .MultipleHubs}}
{{range .BootStrapKubeConfigSecrets}}
- name: {{.}}
mountPath: "/spoke/{{.}}"
readOnly: true
{{end}}
{{else}}
- name: bootstrap-secret
mountPath: "/spoke/bootstrap"
readOnly: true
{{end}}
- name: hub-kubeconfig
mountPath: "/spoke/hub-kubeconfig"
- name: tmpdir
mountPath: /tmp
{{if eq .RegistrationDriver.AuthType "awsirsa"}}
- name: dot-aws
mountPath: /.aws
- name: awscli
mountPath: "/awscli"
{{end}}
{{if eq .InstallMode "SingletonHosted"}}
- name: spoke-kubeconfig-secret
mountPath: "/spoke/config"
readOnly: true
{{end}}
livenessProbe:
httpGet:
path: /healthz
scheme: HTTPS
port: 8443
initialDelaySeconds: 2
periodSeconds: 10
readinessProbe:
httpGet:
path: /healthz
scheme: HTTPS
port: 8443
initialDelaySeconds: 2
{{- if or (eq .ResourceRequirementResourceType "Default") (eq .ResourceRequirementResourceType "") }}
resources:
requests:
cpu: 2m
memory: 16Mi
{{- end }}
{{- if eq .ResourceRequirementResourceType "BestEffort" }}
resources: {}
{{- end }}
{{- if eq .ResourceRequirementResourceType "ResourceRequirement" }}
resources:
{{ .ResourceRequirements | indent 10 }}
{{- end }}
{{if eq .RegistrationDriver.AuthType "awsirsa"}}
initContainers:
- command:
- cp
- -vr
- /usr/local/aws-cli/v2/current/dist
- /awscli
image: amazon/aws-cli:latest
name: load-awscli
volumeMounts:
- mountPath: /awscli
name: awscli
{{end}}
{{- if .PriorityClassName }}
priorityClassName: "{{ .PriorityClassName }}"
{{- end }}
volumes:
{{if .MultipleHubs}}
{{range .BootStrapKubeConfigSecrets}}
- name: {{.}}
secret:
secretName: {{.}}
{{end}}
{{else}}
- name: bootstrap-secret
secret:
secretName: {{ .BootStrapKubeConfigSecret }}
{{end}}
- name: hub-kubeconfig
emptyDir:
medium: Memory
- name: tmpdir
emptyDir: { }
{{if eq .RegistrationDriver.AuthType "awsirsa"}}
- name: dot-aws
emptyDir: { }
- name: awscli
emptyDir: { }
{{end}}
{{if eq .InstallMode "SingletonHosted"}}
- name: spoke-kubeconfig-secret
secret:
secretName: {{ .ExternalManagedKubeConfigAgentSecret }}
{{end}}
Reference in New Issue View Git Blame Copy Permalink