# SOURCE: https://install.portworx.com/?mc=false&kbver=1.18.2&oem=esse&user=d4f15375-d0bb-11ea-a2c5-c24e499c7467&b=true&f=true&j=auto&c=px-cluster-a09d6d11-b585-424f-ad96-08dd5d07b079&stork=true&lh=true&st=k8s --- kind: Service apiVersion: v1 metadata: name: portworx-service namespace: kube-system labels: name: portworx spec: selector: name: portworx type: ClusterIP ports: - name: px-api protocol: TCP port: 9001 targetPort: 9001 - name: px-kvdb protocol: TCP port: 9019 targetPort: 9019 - name: px-sdk protocol: TCP port: 9020 targetPort: 9020 - name: px-rest-gateway protocol: TCP port: 9021 targetPort: 9021 --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: volumeplacementstrategies.portworx.io spec: group: portworx.io versions: - name: v1beta2 served: true storage: true - name: v1beta1 served: false storage: false scope: Cluster names: plural: volumeplacementstrategies singular: volumeplacementstrategy kind: VolumePlacementStrategy shortNames: - vps - vp preserveUnknownFields: false validation: openAPIV3Schema: type: object required: - spec properties: spec: type: object description: The desired spec of the volume placement strategy properties: replicaAffinity: type: array description: Allows you to specify a rule which creates an affinity for replicas within a volume items: type: object properties: affected_replicas: type: integer description: The number of volume replicas affected by the replica affinity enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the replica affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator replicaAntiAffinity: type: array description: Allows you to specify a rule that creates an anti-affinity for replicas within a volume items: type: object properties: affected_replicas: type: integer description: The number of volume replicas affected by the replica anti affinity enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. required: - topologyKey volumeAffinity: type: array description: Allows you to colocate volumes by specifying rules that place replicas of a volume together with those of another volume for which the specified labels match items: type: object properties: enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the volume affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator required: - matchExpressions volumeAntiAffinity: type: array description: Allows you to specify dissociation rules between 2 or more volumes that match the given labels items: type: object properties: enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the volume anti affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator required: - matchExpressions --- apiVersion: v1 kind: ServiceAccount metadata: name: px-account namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: node-get-put-list-role rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["nodes"] verbs: ["watch", "get", "update", "list"] - apiGroups: [""] resources: ["pods"] verbs: ["delete", "get", "list", "watch", "update"] - apiGroups: [""] resources: ["persistentvolumeclaims", "persistentvolumes"] verbs: ["get", "list"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "update", "create"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: ["privileged"] verbs: ["use"] - apiGroups: ["portworx.io"] resources: ["volumeplacementstrategies"] verbs: ["get", "list"] - apiGroups: ["stork.libopenstorage.org"] resources: ["backuplocations"] verbs: ["get", "list"] - apiGroups: ["core.libopenstorage.org"] resources: ["*"] verbs: ["*"] - apiGroups: [""] resources: ["events"] verbs: ["create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: node-role-binding subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: ClusterRole name: node-get-put-list-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Namespace metadata: name: portworx --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role namespace: portworx rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create", "update", "patch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role-binding namespace: portworx subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: Role name: px-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Secret metadata: name: px-essential namespace: kube-system data: px-essen-user-id: ZDRmMTUzNzUtZDBiYi0xMWVhLWEyYzUtYzI0ZTQ5OWM3NDY3 px-osb-endpoint: aHR0cHM6Ly9weGVzc2VudGlhbHMucG9ydHdvcnguY29tL29zYi9iaWxsaW5nL3YxL3JlZ2lzdGVy --- apiVersion: apps/v1 kind: DaemonSet metadata: name: portworx namespace: kube-system labels: name: portworx annotations: portworx.com/install-source: "https://install.portworx.com/?mc=false&kbver=1.18.2&oem=esse&user=d4f15375-d0bb-11ea-a2c5-c24e499c7467&b=true&f=true&j=auto&c=px-cluster-a09d6d11-b585-424f-ad96-08dd5d07b079&stork=true&lh=true&st=k8s" spec: selector: matchLabels: name: portworx minReadySeconds: 0 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 template: metadata: labels: name: portworx spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: px/enabled operator: NotIn values: - "false" - key: node-role.kubernetes.io/master operator: DoesNotExist hostNetwork: true hostPID: false containers: - name: portworx image: portworx/oci-monitor:2.5.7 imagePullPolicy: Always args: ["-c", "px-cluster-a09d6d11-b585-424f-ad96-08dd5d07b079", "-A", "-f", "-secret_type", "k8s", "-j", "auto", "-b", "--oem", "esse", "-x", "kubernetes"] env: - name: "AUTO_NODE_RECOVERY_TIMEOUT_IN_SECS" value: "1500" - name: "PX_TEMPLATE_VERSION" value: "v4" livenessProbe: periodSeconds: 30 initialDelaySeconds: 840 # allow image pull in slow networks httpGet: host: 127.0.0.1 path: /status port: 9001 readinessProbe: periodSeconds: 10 httpGet: host: 127.0.0.1 path: /health port: 9015 terminationMessagePath: "/tmp/px-termination-log" securityContext: privileged: true volumeMounts: - name: diagsdump mountPath: /var/cores - name: dockersock mountPath: /var/run/docker.sock - name: containerdsock mountPath: /run/containerd - name: criosock mountPath: /var/run/crio - name: crioconf mountPath: /etc/crictl.yaml - name: etcpwx mountPath: /etc/pwx - name: dev mountPath: /dev - name: optpwx mountPath: /opt/pwx - name: procmount mountPath: /host_proc - name: sysdmount mountPath: /etc/systemd/system - name: journalmount1 mountPath: /var/run/log readOnly: true - name: journalmount2 mountPath: /var/log readOnly: true - name: dbusmount mountPath: /var/run/dbus restartPolicy: Always serviceAccountName: px-account volumes: - name: diagsdump hostPath: path: /var/cores - name: dockersock hostPath: path: /var/run/docker.sock - name: containerdsock hostPath: path: /run/containerd - name: criosock hostPath: path: /var/run/crio - name: crioconf hostPath: path: /etc/crictl.yaml type: FileOrCreate - name: etcpwx hostPath: path: /etc/pwx - name: dev hostPath: path: /dev - name: optpwx hostPath: path: /opt/pwx - name: procmount hostPath: path: /proc - name: sysdmount hostPath: path: /etc/systemd/system - name: journalmount1 hostPath: path: /var/run/log - name: journalmount2 hostPath: path: /var/log - name: dbusmount hostPath: path: /var/run/dbus --- kind: Service apiVersion: v1 metadata: name: portworx-api namespace: kube-system labels: name: portworx-api spec: selector: name: portworx-api type: ClusterIP ports: - name: px-api protocol: TCP port: 9001 targetPort: 9001 - name: px-sdk protocol: TCP port: 9020 targetPort: 9020 - name: px-rest-gateway protocol: TCP port: 9021 targetPort: 9021 --- apiVersion: apps/v1 kind: DaemonSet metadata: name: portworx-api namespace: kube-system labels: name: portworx-api spec: selector: matchLabels: name: portworx-api minReadySeconds: 0 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 100% template: metadata: labels: name: portworx-api spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: px/enabled operator: NotIn values: - "false" - key: node-role.kubernetes.io/master operator: DoesNotExist hostNetwork: true hostPID: false containers: - name: portworx-api image: k8s.gcr.io/pause:3.1 imagePullPolicy: Always readinessProbe: periodSeconds: 10 httpGet: host: 127.0.0.1 path: /status port: 9001 restartPolicy: Always serviceAccountName: px-account --- apiVersion: v1 kind: ServiceAccount metadata: name: stork-account namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-role-binding subjects: - kind: ServiceAccount name: stork-account namespace: kube-system roleRef: kind: ClusterRole name: stork-role apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: tier: control-plane name: stork namespace: kube-system spec: selector: matchLabels: name: stork strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate replicas: 3 template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: name: stork tier: control-plane spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - stork topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /stork - --driver=pxd - --verbose - --leader-elect=true - --health-monitor-interval=120 - --webhook-controller=false image: openstorage/stork:2.4.4 imagePullPolicy: Always env: - name: "PX_SERVICE_NAME" value: "portworx-api" resources: requests: cpu: '0.1' name: stork serviceAccountName: stork-account --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: stork-snapshot-sc provisioner: stork-snapshot --- kind: Service apiVersion: v1 metadata: name: stork-service namespace: kube-system spec: selector: name: stork ports: - name: extender protocol: TCP port: 8099 targetPort: 8099 - name: webhook protocol: TCP port: 443 targetPort: 443 --- apiVersion: v1 kind: ConfigMap metadata: name: stork-config namespace: kube-system data: policy.cfg: |- { "kind": "Policy", "apiVersion": "v1", "extenders": [ { "urlPrefix": "http://stork-service.kube-system:8099", "apiVersion": "v1beta1", "filterVerb": "filter", "prioritizeVerb": "prioritize", "weight": 5, "enableHttps": false, "nodeCacheCapable": false, "httpTimeout": 300000000000 } ] } --- apiVersion: v1 kind: ServiceAccount metadata: name: stork-scheduler-account namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "create", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["create", "patch", "update"] - apiGroups: [""] resourceNames: ["kube-scheduler"] resources: ["endpoints"] verbs: ["delete", "get", "patch", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods"] verbs: ["delete", "get", "list", "watch"] - apiGroups: [""] resources: ["bindings", "pods/binding"] verbs: ["create"] - apiGroups: [""] resources: ["pods/status"] verbs: ["patch", "update"] - apiGroups: [""] resources: ["replicationcontrollers", "services"] verbs: ["get", "list", "watch"] - apiGroups: ["apps", "extensions"] resources: ["replicasets"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["statefulsets"] verbs: ["get", "list", "watch"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims", "persistentvolumes"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes"] verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["create", "update", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role-binding subjects: - kind: ServiceAccount name: stork-scheduler-account namespace: kube-system roleRef: kind: ClusterRole name: stork-scheduler-role apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: labels: component: scheduler tier: control-plane name: stork-scheduler name: stork-scheduler namespace: kube-system spec: selector: matchLabels: name: stork-scheduler replicas: 3 template: metadata: labels: component: scheduler tier: control-plane name: stork-scheduler name: stork-scheduler spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - stork-scheduler topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /usr/local/bin/kube-scheduler - --address=0.0.0.0 - --leader-elect=true - --scheduler-name=stork - --policy-configmap=stork-config - --policy-configmap-namespace=kube-system - --lock-object-name=stork-scheduler image: gcr.io/google_containers/kube-scheduler-amd64:v1.18.2 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 10251 initialDelaySeconds: 15 name: stork-scheduler readinessProbe: httpGet: path: /healthz port: 10251 resources: requests: cpu: '0.1' serviceAccountName: stork-scheduler-account --- apiVersion: v1 kind: ServiceAccount metadata: name: px-lh-account namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-lh-role namespace: kube-system rules: - apiGroups: [""] resources: ["pods"] verbs: ["list", "get"] - apiGroups: - extensions - apps resources: - deployments verbs: ["get", "list"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "create", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "create", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["services"] verbs: ["create", "get", "list", "watch"] - apiGroups: ["stork.libopenstorage.org"] resources: ["clusterpairs","migrations","groupvolumesnapshots"] verbs: ["get", "list", "create", "update", "delete"] - apiGroups: ["monitoring.coreos.com"] resources: - alertmanagers - prometheuses - prometheuses/finalizers - servicemonitors verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-lh-role-binding namespace: kube-system subjects: - kind: ServiceAccount name: px-lh-account namespace: kube-system roleRef: kind: ClusterRole name: px-lh-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Service metadata: name: px-lighthouse namespace: kube-system labels: tier: px-web-console spec: type: NodePort ports: - name: http port: 80 - name: https port: 443 selector: tier: px-web-console --- apiVersion: apps/v1 kind: Deployment metadata: name: px-lighthouse namespace: kube-system labels: tier: px-web-console spec: selector: matchLabels: tier: px-web-console strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate selector: matchLabels: tier: px-web-console replicas: 1 template: metadata: labels: tier: px-web-console spec: initContainers: - name: config-init image: portworx/lh-config-sync:2.0.7 imagePullPolicy: Always args: - "init" volumeMounts: - name: config mountPath: /config/lh containers: - name: px-lighthouse image: portworx/px-lighthouse:2.0.7 imagePullPolicy: Always args: [ "-kubernetes", "true" ] ports: - containerPort: 80 - containerPort: 443 volumeMounts: - name: config mountPath: /config/lh - name: config-sync image: portworx/lh-config-sync:2.0.7 imagePullPolicy: Always args: - "sync" volumeMounts: - name: config mountPath: /config/lh - name: stork-connector image: portworx/lh-stork-connector:2.0.7 imagePullPolicy: Always serviceAccountName: px-lh-account volumes: - name: config emptyDir: {} --- apiVersion: v1 kind: ConfigMap metadata: name: autopilot-config namespace: kube-system data: config.yaml: |- providers: - name: default type: prometheus params: url=http://prometheus:9090 min_poll_interval: 2 --- apiVersion: v1 kind: ServiceAccount metadata: name: autopilot-account namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: autopilot-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: autopilot-role-binding subjects: - kind: ServiceAccount name: autopilot-account namespace: kube-system roleRef: kind: ClusterRole name: autopilot-role apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: tier: control-plane name: autopilot namespace: kube-system spec: selector: matchLabels: name: autopilot strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate replicas: 1 template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: name: autopilot tier: control-plane spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - autopilot topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /autopilot - -f - ./etc/config/config.yaml - -log-level - debug imagePullPolicy: Always image: portworx/autopilot:1.2.1 resources: requests: cpu: '0.1' securityContext: privileged: false name: autopilot volumeMounts: - name: config-volume mountPath: /etc/config serviceAccountName: autopilot-account volumes: - name: config-volume configMap: name: autopilot-config items: - key: config.yaml path: config.yaml --- apiVersion: v1 kind: Service metadata: name: autopilot namespace: kube-system labels: name: autopilot-service spec: ports: - name: autopilot protocol: TCP port: 9628 selector: name: autopilot tier: control-plane