|
|
@@ -0,0 +1,152 @@
|
|
|
+apiVersion: v1
|
|
|
+kind: ConfigMap
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+ namespace: kube-system
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: kilo
|
|
|
+data:
|
|
|
+ cni-conf.json: |
|
|
|
+ {
|
|
|
+ "cniVersion":"0.3.1",
|
|
|
+ "name":"kilo",
|
|
|
+ "plugins":[
|
|
|
+ {
|
|
|
+ "name":"kubernetes",
|
|
|
+ "type":"bridge",
|
|
|
+ "bridge":"kube-bridge",
|
|
|
+ "isDefaultGateway":true,
|
|
|
+ "ipam":{
|
|
|
+ "type":"host-local"
|
|
|
+ }
|
|
|
+ },
|
|
|
+ {
|
|
|
+ "type":"portmap",
|
|
|
+ "snat":true,
|
|
|
+ "capabilities":{
|
|
|
+ "portMappings":true
|
|
|
+ }
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: ServiceAccount
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+ namespace: kube-system
|
|
|
+---
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
|
+kind: ClusterRole
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+rules:
|
|
|
+- apiGroups:
|
|
|
+ - ""
|
|
|
+ resources:
|
|
|
+ - nodes
|
|
|
+ verbs:
|
|
|
+ - list
|
|
|
+ - patch
|
|
|
+ - watch
|
|
|
+- apiGroups:
|
|
|
+ - kilo.squat.ai
|
|
|
+ resources:
|
|
|
+ - peers
|
|
|
+ verbs:
|
|
|
+ - list
|
|
|
+ - update
|
|
|
+ - watch
|
|
|
+- apiGroups:
|
|
|
+ - apiextensions.k8s.io
|
|
|
+ resources:
|
|
|
+ - customresourcedefinitions
|
|
|
+ verbs:
|
|
|
+ - create
|
|
|
+---
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+kind: ClusterRoleBinding
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+roleRef:
|
|
|
+ apiGroup: rbac.authorization.k8s.io
|
|
|
+ kind: ClusterRole
|
|
|
+ name: kilo
|
|
|
+subjects:
|
|
|
+ - kind: ServiceAccount
|
|
|
+ name: kilo
|
|
|
+ namespace: kube-system
|
|
|
+---
|
|
|
+apiVersion: extensions/v1beta1
|
|
|
+kind: DaemonSet
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+ namespace: kube-system
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: kilo
|
|
|
+spec:
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: kilo
|
|
|
+ spec:
|
|
|
+ serviceAccountName: kilo
|
|
|
+ hostNetwork: true
|
|
|
+ containers:
|
|
|
+ - name: kilo
|
|
|
+ image: squat/kilo
|
|
|
+ args:
|
|
|
+ - --kubeconfig=/etc/kubernetes/kubeconfig
|
|
|
+ securityContext:
|
|
|
+ privileged: true
|
|
|
+ volumeMounts:
|
|
|
+ - name: cni-conf-dir
|
|
|
+ mountPath: /etc/cni/net.d
|
|
|
+ - name: kilo-dir
|
|
|
+ mountPath: /var/lib/kilo
|
|
|
+ - name: kubeconfig
|
|
|
+ mountPath: /etc/kubernetes/kubeconfig
|
|
|
+ readOnly: true
|
|
|
+ initContainers:
|
|
|
+ - name: install-cni
|
|
|
+ image: squat/kilo
|
|
|
+ command:
|
|
|
+ - /bin/sh
|
|
|
+ - -c
|
|
|
+ - set -e -x;
|
|
|
+ cp /opt/cni/bin/* /host/opt/cni/bin/;
|
|
|
+ TMP_CONF="$CNI_CONF_NAME".tmp;
|
|
|
+ echo "$CNI_NETWORK_CONFIG" > $TMP_CONF;
|
|
|
+ rm -f /host/etc/cni/net.d/*;
|
|
|
+ mv $TMP_CONF /host/etc/cni/net.d/$CNI_CONF_NAME
|
|
|
+ env:
|
|
|
+ - name: CNI_CONF_NAME
|
|
|
+ value: 10-kilo.conflist
|
|
|
+ - name: CNI_NETWORK_CONFIG
|
|
|
+ valueFrom:
|
|
|
+ configMapKeyRef:
|
|
|
+ name: kilo
|
|
|
+ key: cni-conf.json
|
|
|
+ volumeMounts:
|
|
|
+ - name: cni-bin-dir
|
|
|
+ mountPath: /host/opt/cni/bin
|
|
|
+ - name: cni-conf-dir
|
|
|
+ mountPath: /host/etc/cni/net.d
|
|
|
+ tolerations:
|
|
|
+ - effect: NoSchedule
|
|
|
+ operator: Exists
|
|
|
+ - effect: NoExecute
|
|
|
+ operator: Exists
|
|
|
+ volumes:
|
|
|
+ - name: cni-bin-dir
|
|
|
+ hostPath:
|
|
|
+ path: /opt/cni/bin
|
|
|
+ - name: cni-conf-dir
|
|
|
+ hostPath:
|
|
|
+ path: /etc/cni/net.d
|
|
|
+ - name: kilo-dir
|
|
|
+ hostPath:
|
|
|
+ path: /var/lib/kilo
|
|
|
+ - name: kubeconfig
|
|
|
+ hostPath:
|
|
|
+ path: /etc/rancher/k3s/k3s.yaml
|
K. S. Ernest (iFIre) Lee