luthermonson · January 8, 2024 18:46
diff --git a/ccm manifest b/ccm manifest
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: ccm-linode
  namespace: kube-system
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: system:ccm-linode
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  # TODO: make these permissions more fine-grained
  name: cluster-admin
 subjects:
  - kind: ServiceAccount
    name: ccm-linode
    namespace: kube-system
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: ccm-linode
  labels:
    app: ccm-linode
  namespace: kube-system
 spec:
  selector:
    matchLabels:
      app: ccm-linode
  template:
    metadata:
      labels:
        app: ccm-linode
    spec:
      serviceAccountName: ccm-linode
      nodeSelector:
        # The CCM will only run on a Node labelled as a master, you may want to change this
        kubernetes.io/os: linux
      tolerations:
        # The CCM can run on Nodes tainted as masters
        - key: "node-role.kubernetes.io/master"
          effect: "NoSchedule"
        # The CCM is a "critical addon"
        - key: "CriticalAddonsOnly"
          operator: "Exists"
        # This taint is set on all Nodes when an external CCM is used
        - key: node.cloudprovider.kubernetes.io/uninitialized
          value: "true"
          effect: NoSchedule
        - key: node.kubernetes.io/not-ready
          operator: Exists
          effect: NoSchedule
        - key: node.kubernetes.io/unreachable
          operator: Exists
          effect: NoSchedule
      hostNetwork: true
      containers:
        - image: <image for your build of the ccm>
          imagePullPolicy: Always
          name: ccm-linode
          args:
            - --cloud-provider=linode
            - --leader-elect-resource-lock=endpoints
            - --v=3
          volumeMounts:
            - mountPath: /etc/kubernetes
              name: k8s
          env:
            - name: LINODE_API_TOKEN
              value: <your linode api token>
            - name: LINODE_REGION
              value: <lke cluster region>
      volumes:
        - name: k8s
          hostPath:
            path: /etc/kubernetes
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: ccm-linode
	namespace: kube-system
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: system:ccm-linode
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	# TODO: make these permissions more fine-grained
	name: cluster-admin
	subjects:
	- kind: ServiceAccount
	name: ccm-linode
	namespace: kube-system
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: ccm-linode
	labels:
	app: ccm-linode
	namespace: kube-system
	spec:
	selector:
	matchLabels:
	app: ccm-linode
	template:
	metadata:
	labels:
	app: ccm-linode
	spec:
	serviceAccountName: ccm-linode
	nodeSelector:
	# The CCM will only run on a Node labelled as a master, you may want to change this
	kubernetes.io/os: linux
	tolerations:
	# The CCM can run on Nodes tainted as masters
	- key: "node-role.kubernetes.io/master"
	effect: "NoSchedule"
	# The CCM is a "critical addon"
	- key: "CriticalAddonsOnly"
	operator: "Exists"
	# This taint is set on all Nodes when an external CCM is used
	- key: node.cloudprovider.kubernetes.io/uninitialized
	value: "true"
	effect: NoSchedule
	- key: node.kubernetes.io/not-ready
	operator: Exists
	effect: NoSchedule
	- key: node.kubernetes.io/unreachable
	operator: Exists
	effect: NoSchedule
	hostNetwork: true
	containers:
	- image: <image for your build of the ccm>
	imagePullPolicy: Always
	name: ccm-linode
	args:
	- --cloud-provider=linode
	- --leader-elect-resource-lock=endpoints
	- --v=3
	volumeMounts:
	- mountPath: /etc/kubernetes
	name: k8s
	env:
	- name: LINODE_API_TOKEN
	value: <your linode api token>
	- name: LINODE_REGION
	value: <lke cluster region>
	volumes:
	- name: k8s
	hostPath:
	path: /etc/kubernetes