|
|
@@ -0,0 +1,176 @@
|
|
|
+apiVersion: v1
|
|
|
+kind: ServiceAccount
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+ namespace: kube-system
|
|
|
+---
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+kind: ClusterRole
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+rules:
|
|
|
+- apiGroups:
|
|
|
+ - ""
|
|
|
+ resources:
|
|
|
+ - nodes
|
|
|
+ verbs:
|
|
|
+ - list
|
|
|
+ - patch
|
|
|
+ - watch
|
|
|
+- apiGroups:
|
|
|
+ - kilo.squat.ai
|
|
|
+ resources:
|
|
|
+ - peers
|
|
|
+ verbs:
|
|
|
+ - list
|
|
|
+ - watch
|
|
|
+- apiGroups:
|
|
|
+ - apiextensions.k8s.io
|
|
|
+ resources:
|
|
|
+ - customresourcedefinitions
|
|
|
+ verbs:
|
|
|
+ - get
|
|
|
+---
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+kind: ClusterRoleBinding
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+roleRef:
|
|
|
+ apiGroup: rbac.authorization.k8s.io
|
|
|
+ kind: ClusterRole
|
|
|
+ name: kilo
|
|
|
+subjects:
|
|
|
+ - kind: ServiceAccount
|
|
|
+ name: kilo
|
|
|
+ namespace: kube-system
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: ConfigMap
|
|
|
+metadata:
|
|
|
+ name: kilo-scripts
|
|
|
+ namespace: kube-system
|
|
|
+data:
|
|
|
+ init.sh: |
|
|
|
+ #!/bin/sh
|
|
|
+ cat > /etc/kubernetes/kubeconfig <<EOF
|
|
|
+ apiVersion: v1
|
|
|
+ kind: Config
|
|
|
+ name: kilo
|
|
|
+ clusters:
|
|
|
+ - cluster:
|
|
|
+ server: $(sed -n 's/.*server: \(.*\)/\1/p' /var/lib/rancher/k3s/agent/kubelet.kubeconfig)
|
|
|
+ certificate-authority: /var/lib/rancher/k3s/agent/server-ca.crt
|
|
|
+ users:
|
|
|
+ - name: kilo
|
|
|
+ user:
|
|
|
+ token: $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
|
|
+ contexts:
|
|
|
+ - name: kilo
|
|
|
+ context:
|
|
|
+ cluster: kilo
|
|
|
+ namespace: ${NAMESPACE}
|
|
|
+ user: kilo
|
|
|
+ current-context: kilo
|
|
|
+ EOF
|
|
|
+---
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: DaemonSet
|
|
|
+metadata:
|
|
|
+ name: kilo
|
|
|
+ namespace: kube-system
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: kilo
|
|
|
+ app.kubernetes.io/part-of: kilo
|
|
|
+spec:
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ app.kubernetes.io/name: kilo
|
|
|
+ app.kubernetes.io/part-of: kilo
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: kilo
|
|
|
+ app.kubernetes.io/part-of: kilo
|
|
|
+ spec:
|
|
|
+ serviceAccountName: kilo
|
|
|
+ hostNetwork: true
|
|
|
+ containers:
|
|
|
+ - name: kilo
|
|
|
+ image: squat/kilo:0.5.0
|
|
|
+ args:
|
|
|
+ - --kubeconfig=/etc/kubernetes/kubeconfig
|
|
|
+ - --hostname=$(NODE_NAME)
|
|
|
+ - --cni=false
|
|
|
+ - --compatibility=cilium
|
|
|
+ - --local=false
|
|
|
+ - --encapsulate=crosssubnet
|
|
|
+ - --clean-up-interface=true
|
|
|
+ - --log-level=all
|
|
|
+ env:
|
|
|
+ - name: NODE_NAME
|
|
|
+ valueFrom:
|
|
|
+ fieldRef:
|
|
|
+ fieldPath: spec.nodeName
|
|
|
+ ports:
|
|
|
+ - containerPort: 1107
|
|
|
+ name: metrics
|
|
|
+ securityContext:
|
|
|
+ privileged: true
|
|
|
+ volumeMounts:
|
|
|
+ - name: kilo-dir
|
|
|
+ mountPath: /var/lib/kilo
|
|
|
+ - name: kubeconfig
|
|
|
+ mountPath: /etc/kubernetes
|
|
|
+ readOnly: true
|
|
|
+ - name: lib-modules
|
|
|
+ mountPath: /lib/modules
|
|
|
+ readOnly: true
|
|
|
+ - name: xtables-lock
|
|
|
+ mountPath: /run/xtables.lock
|
|
|
+ readOnly: false
|
|
|
+ initContainers:
|
|
|
+ - name: generate-kubeconfig
|
|
|
+ image: squat/kilo:0.5.0
|
|
|
+ command:
|
|
|
+ - /bin/sh
|
|
|
+ args:
|
|
|
+ - /scripts/init.sh
|
|
|
+ imagePullPolicy: Always
|
|
|
+ volumeMounts:
|
|
|
+ - name: kubeconfig
|
|
|
+ mountPath: /etc/kubernetes
|
|
|
+ - name: scripts
|
|
|
+ mountPath: /scripts/
|
|
|
+ readOnly: true
|
|
|
+ - name: k3s-agent
|
|
|
+ mountPath: /var/lib/rancher/k3s/agent/
|
|
|
+ readOnly: true
|
|
|
+ env:
|
|
|
+ - name: NAMESPACE
|
|
|
+ valueFrom:
|
|
|
+ fieldRef:
|
|
|
+ fieldPath: metadata.namespace
|
|
|
+ tolerations:
|
|
|
+ - effect: NoSchedule
|
|
|
+ operator: Exists
|
|
|
+ - effect: NoExecute
|
|
|
+ operator: Exists
|
|
|
+ volumes:
|
|
|
+ - name: kilo-dir
|
|
|
+ hostPath:
|
|
|
+ path: /var/lib/kilo
|
|
|
+ - name: kubeconfig
|
|
|
+ emptyDir: {}
|
|
|
+ - name: scripts
|
|
|
+ configMap:
|
|
|
+ name: kilo-scripts
|
|
|
+ - name: k3s-agent
|
|
|
+ hostPath:
|
|
|
+ path: /var/lib/rancher/k3s/agent
|
|
|
+ - name: lib-modules
|
|
|
+ hostPath:
|
|
|
+ path: /lib/modules
|
|
|
+ - name: xtables-lock
|
|
|
+ hostPath:
|
|
|
+ path: /run/xtables.lock
|
|
|
+ type: FileOrCreate
|
Sebastian Rojo