--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterconfigurations.installer.kubesphere.io spec: group: installer.kubesphere.io versions: - name: v1alpha1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object x-kubernetes-preserve-unknown-fields: true status: type: object x-kubernetes-preserve-unknown-fields: true scope: Namespaced names: plural: clusterconfigurations singular: clusterconfiguration kind: ClusterConfiguration shortNames: - cc --- apiVersion: v1 kind: Namespace metadata: name: kubesphere-system annotations: pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/warn: privileged --- apiVersion: v1 kind: ServiceAccount metadata: name: ks-installer namespace: kubesphere-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ks-installer rules: - apiGroups: - "" resources: - "*" verbs: - "*" - apiGroups: - apps resources: - "*" verbs: - "*" - apiGroups: - extensions resources: - "*" verbs: - "*" - apiGroups: - batch resources: - "*" verbs: - "*" - apiGroups: - rbac.authorization.k8s.io resources: - "*" verbs: - "*" - apiGroups: - apiregistration.k8s.io resources: - "*" verbs: - "*" - apiGroups: - apiextensions.k8s.io resources: - "*" verbs: - "*" - apiGroups: - tenant.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - certificates.k8s.io resources: - "*" verbs: - "*" - apiGroups: - devops.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - monitoring.coreos.com resources: - "*" verbs: - "*" - apiGroups: - logging.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - jaegertracing.io resources: - "*" verbs: - "*" - apiGroups: - storage.k8s.io resources: - "*" verbs: - "*" - apiGroups: - admissionregistration.k8s.io resources: - "*" verbs: - "*" - apiGroups: - policy resources: - "*" verbs: - "*" - apiGroups: - autoscaling resources: - "*" verbs: - "*" - apiGroups: - networking.istio.io resources: - "*" verbs: - "*" - apiGroups: - config.istio.io resources: - "*" verbs: - "*" - apiGroups: - iam.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - notification.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - auditing.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - events.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - core.kubefed.io resources: - "*" verbs: - "*" - apiGroups: - installer.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - storage.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - security.istio.io resources: - "*" verbs: - "*" - apiGroups: - monitoring.kiali.io resources: - "*" verbs: - "*" - apiGroups: - kiali.io resources: - "*" verbs: - "*" - apiGroups: - networking.k8s.io resources: - "*" verbs: - "*" - apiGroups: - edgeruntime.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - types.kubefed.io resources: - "*" verbs: - "*" - apiGroups: - monitoring.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - application.kubesphere.io resources: - "*" verbs: - "*" - apiGroups: - alerting.kubesphere.io resources: - "*" verbs: - "*" --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ks-installer subjects: - kind: ServiceAccount name: ks-installer namespace: kubesphere-system roleRef: kind: ClusterRole name: ks-installer apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: ks-installer namespace: kubesphere-system labels: app: ks-installer spec: replicas: 1 selector: matchLabels: app: ks-installer template: metadata: labels: app: ks-installer spec: serviceAccountName: ks-installer containers: - name: installer image: kubesphere/ks-installer:v3.4.1 imagePullPolicy: "Always" resources: limits: cpu: "1" memory: 1Gi requests: cpu: 20m memory: 100Mi # volumeMounts: # - mountPath: /etc/localtime # name: host-time # readOnly: true # volumes: # - hostPath: # path: /etc/localtime # type: "" # name: host-time