{{- if .Values.clusterController }} {{- if .Values.clusterController.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "kubecost.clusterControllerName" . }} labels: app: {{ template "kubecost.clusterControllerName" . }} --- # # NOTE: # The following ClusterRole permissions are only created and assigned for the # cluster controller feature. They will not be added to any clusters by default. # apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "kubecost.clusterControllerName" . }} labels: app: {{ template "kubecost.clusterControllerName" . }} rules: - apiGroups: - kubecost.k8s.io resources: - turndownschedules - turndownschedules/status verbs: - get - list - watch - create - patch - update - delete - apiGroups: - "" - events.k8s.io resources: - events verbs: - create - patch - update - apiGroups: - '' resources: - deployments - nodes - pods - resourcequotas - replicationcontrollers - limitranges - pods/eviction verbs: - get - list - watch - create - patch - update - delete - apiGroups: - '' resources: - configmaps - namespaces - persistentvolumeclaims - persistentvolumes - endpoints - events - services verbs: - get - list - watch - apiGroups: - extensions resources: - daemonsets - deployments - replicasets verbs: - get - list - watch - create - patch - update - delete - apiGroups: - apps resources: - statefulsets - deployments - daemonsets - replicasets verbs: - get - list - watch - create - patch - update - delete - apiGroups: - batch resources: - cronjobs - jobs verbs: - get - list - watch - create - patch - update - delete - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - get - list - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - get - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - events.k8s.io resources: - events verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "kubecost.clusterControllerName" . }} labels: app: {{ template "kubecost.clusterControllerName" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ template "kubecost.clusterControllerName" . }} subjects: - kind: ServiceAccount name: {{ template "kubecost.clusterControllerName" . }} namespace: {{ .Release.Namespace }} --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kubecost.clusterControllerName" . }} spec: strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate selector: matchLabels: app: {{ template "kubecost.clusterControllerName" . }} template: metadata: labels: app: {{ template "kubecost.clusterControllerName" . }} spec: containers: - name: {{ template "kubecost.clusterControllerName" . }} image: {{ .Values.clusterController.image }} imagePullPolicy: {{ .Values.clusterController.imagePullPolicy }} volumeMounts: - name: cluster-controller-keys mountPath: /var/keys env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: TURNDOWN_NAMESPACE value: {{ .Release.Namespace }} - name: TURNDOWN_DEPLOYMENT value: {{ template "kubecost.clusterControllerName" . }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/keys/service-key.json ports: - name: http-server containerPort: 9731 hostPort: 9731 serviceAccount: {{ template "kubecost.clusterControllerName" . }} serviceAccountName: {{ template "kubecost.clusterControllerName" . }} volumes: - name: cluster-controller-keys secret: secretName: {{ .Values.clusterController.secretName | default "cluster-controller-service-key" }} --- apiVersion: v1 kind: Service metadata: name: {{ template "kubecost.clusterControllerName" . }}-service spec: type: ClusterIP ports: - name: http protocol: TCP port: 9731 targetPort: 9731 selector: app: {{ template "kubecost.clusterControllerName" . }} --- # TurndownSchedule Custom Resource Definition for persistence apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: turndownschedules.kubecost.k8s.io spec: group: kubecost.k8s.io version: v1alpha1 names: kind: TurndownSchedule singular: turndownschedule plural: turndownschedules shortNames: - td - tds scope: Cluster subresources: status: {} validation: openAPIV3Schema: properties: spec: type: object properties: start: type: string format: date-time end: type: string format: date-time repeat: type: string enum: [none, daily, weekly] additionalPrinterColumns: - name: State type: string description: The state of the turndownschedule JSONPath: .status.state - name: Next Turndown type: string description: The next turndown date-time JSONPath: .status.nextScaleDownTime - name: Next Turn Up type: string description: The next turn up date-time JSONPath: .status.nextScaleUpTime {{- end }} {{- end }}