Skip to content

Instantly share code, notes, and snippets.

@kyxap1

kyxap1/ebs-storage-classes.yaml

Last active December 20, 2018 22:55
Download ZIP

Revisions

  1. kyxap1 revised this gist Dec 20, 2018. 1 changed file with 21 additions and 0 deletions.
    21 changes: 21 additions & 0 deletions ebs-storage-classes.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,21 @@
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
    name: st1
    annotations:
    storageclass.kubernetes.io/is-default-class: "false"
    provisioner: kubernetes.io/aws-ebs
    parameters:
    type: st1
    fsType: ext4
    ---
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
    name: sc1
    annotations:
    storageclass.kubernetes.io/is-default-class: "false"
    provisioner: kubernetes.io/aws-ebs
    parameters:
    type: sc1
    fsType: ext4
  2. kyxap1 revised this gist Dec 20, 2018. 1 changed file with 70 additions and 0 deletions.
    70 changes: 70 additions & 0 deletions kube2iam-calico-service-account-daemonset.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,70 @@
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: kube2iam
    namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRole
    metadata:
    name: kube2iam
    namespace: kube-system
    rules:
    - apiGroups: [""]
    resources: ["namespaces","pods"]
    verbs: ["get","watch","list"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: kube2iam
    namespace: kube-system
    subjects:
    - kind: ServiceAccount
    name: kube2iam
    namespace: kube-system
    roleRef:
    kind: ClusterRole
    name: kube2iam
    apiGroup: rbac.authorization.k8s.io
    ---
    apiVersion: extensions/v1beta1
    kind: DaemonSet
    metadata:
    name: kube2iam
    namespace: kube-system
    labels:
    app: kube2iam
    spec:
    template:
    metadata:
    labels:
    name: kube2iam
    spec:
    serviceAccountName: kube2iam
    hostNetwork: true
    containers:
    - image: jtblin/kube2iam:latest
    name: kube2iam
    args:
    - "--auto-discover-base-arn"
    - "--auto-discover-default-role"
    - "--iptables=true"
    - "--host-ip=$(HOST_IP)"
    - "--host-interface=cali+}"
    - "--node=$(NODE_NAME)"
    env:
    - name: HOST_IP
    valueFrom:
    fieldRef:
    fieldPath: status.podIP
    - name: NODE_NAME
    valueFrom:
    fieldRef:
    fieldPath: spec.nodeName
    ports:
    - containerPort: 8181
    hostPort: 8181
    name: http
    securityContext:
    privileged: true
  3. kyxap1 revised this gist Dec 20, 2018. 1 changed file with 18 additions and 0 deletions.
    18 changes: 18 additions & 0 deletions tiller-service-account.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,18 @@
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: tiller
    namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: tiller
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
    subjects:
    - kind: ServiceAccount
    name: tiller
    namespace: kube-system
  4. kyxap1 created this gist Dec 20, 2018.
    18 changes: 18 additions & 0 deletions eks-admin-service-account.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,18 @@
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: eks-admin
    namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: eks-admin
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
    subjects:
    - kind: ServiceAccount
    name: eks-admin
    namespace: kube-system