apiVersion: apps/v1 kind: Deployment metadata: name: cluster-autoscaler namespace: kube-system labels: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler spec: replicas: 1 selector: matchLabels: k8s-app: cluster-autoscaler template: metadata: labels: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler annotations: scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated", "value":"master"}]' spec: serviceAccountName: cluster-autoscaler containers: - name: cluster-autoscaler image: k8s.gcr.io/autoscaling/cluster-autoscaler:v1.21.0 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 100m memory: 300Mi command: - ./cluster-autoscaler - --cloud-provider=aws - --skip-nodes-with-local-storage=false - --nodes=${ASG_MIN_NODES}:${ASG_MAX_NODES}:${ASG_NAME} - --alsologtostderr env: - name: AWS_REGION value: ${AWS_REGION} volumeMounts: - name: ssl-certs mountPath: /etc/ssl/certs/ca-certificates.crt readOnly: true volumes: - name: ssl-certs hostPath: path: /etc/ssl/certs/ca-certificates.crt nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: "node-role.kubernetes.io/master" effect: NoSchedule --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler name: cluster-autoscaler namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cluster-autoscaler labels: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: - apiGroups: - "" resources: - events - endpoints verbs: - create - patch - apiGroups: - "" resources: - endpoints resourceNames: - cluster-autoscaler verbs: - get - update - apiGroups: - "" resources: - pods - services - replicasets - replicationcontrollers - persistentvolumeclaims - persistentvolumes verbs: - get - watch - list - apiGroups: - "" resources: - nodes verbs: - get - watch - list - update - apiGroups: - "" resources: - pods/status verbs: - update - apiGroups: - extensions resources: - replicasets - daemonsets verbs: - watch - list - apiGroups: - apps resources: - statefulsets verbs: - watch - list - apiGroups: - policy resources: - poddisruptionbudgets verbs: - watch - list - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cluster-autoscaler namespace: kube-system labels: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler rules: - apiGroups: - "" resources: - configmaps verbs: - create - apiGroups: - "" resources: - configmaps resourceNames: - cluster-autoscaler-status verbs: - delete - get - update - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cluster-autoscaler labels: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-autoscaler subjects: - kind: ServiceAccount name: cluster-autoscaler namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cluster-autoscaler namespace: kube-system labels: k8s-addon: cluster-autoscaler.addons.k8s.io k8s-app: cluster-autoscaler roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: cluster-autoscaler subjects: - kind: ServiceAccount name: cluster-autoscaler namespace: kube-system