| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 |
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: kilo
- namespace: kube-system
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: kilo
- rules:
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - list
- - patch
- - watch
- - apiGroups:
- - kilo.squat.ai
- resources:
- - peers
- verbs:
- - list
- - watch
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - get
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kilo
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kilo
- subjects:
- - kind: ServiceAccount
- name: kilo
- namespace: kube-system
- ---
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: kilo-scripts
- namespace: kube-system
- data:
- init.sh: |
- #!/bin/sh
- cat > /etc/kubernetes/kubeconfig <<EOF
- apiVersion: v1
- kind: Config
- name: kilo
- clusters:
- - cluster:
- server: $(sed -n 's/.*server: \(.*\)/\1/p' /var/lib/rancher/k3s/agent/kubelet.kubeconfig)
- certificate-authority: /var/lib/rancher/k3s/agent/server-ca.crt
- users:
- - name: kilo
- user:
- token: $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
- contexts:
- - name: kilo
- context:
- cluster: kilo
- namespace: ${NAMESPACE}
- user: kilo
- current-context: kilo
- EOF
- ---
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: kilo
- namespace: kube-system
- labels:
- app.kubernetes.io/name: kilo
- app.kubernetes.io/part-of: kilo
- spec:
- selector:
- matchLabels:
- app.kubernetes.io/name: kilo
- app.kubernetes.io/part-of: kilo
- template:
- metadata:
- labels:
- app.kubernetes.io/name: kilo
- app.kubernetes.io/part-of: kilo
- spec:
- serviceAccountName: kilo
- hostNetwork: true
- containers:
- - name: kilo
- image: squat/kilo:0.7.0
- args:
- - --kubeconfig=/etc/kubernetes/kubeconfig
- - --hostname=$(NODE_NAME)
- - --cni=false
- - --compatibility=flannel
- - --local=false
- - --internal-cidr=$(NODE_IP)/32
- env:
- - name: NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: NODE_IP
- valueFrom:
- fieldRef:
- fieldPath: status.hostIP
- ports:
- - containerPort: 1107
- name: metrics
- securityContext:
- privileged: true
- volumeMounts:
- - name: kilo-dir
- mountPath: /var/lib/kilo
- - name: kubeconfig
- mountPath: /etc/kubernetes
- readOnly: true
- - name: lib-modules
- mountPath: /lib/modules
- readOnly: true
- - name: xtables-lock
- mountPath: /run/xtables.lock
- readOnly: false
- initContainers:
- - name: generate-kubeconfig
- image: squat/kilo:0.7.0
- command:
- - /bin/sh
- args:
- - /scripts/init.sh
- imagePullPolicy: Always
- volumeMounts:
- - name: kubeconfig
- mountPath: /etc/kubernetes
- - name: scripts
- mountPath: /scripts/
- readOnly: true
- - name: k3s-agent
- mountPath: /var/lib/rancher/k3s/agent/
- readOnly: true
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- tolerations:
- - effect: NoSchedule
- operator: Exists
- - effect: NoExecute
- operator: Exists
- volumes:
- - name: kilo-dir
- hostPath:
- path: /var/lib/kilo
- - name: kubeconfig
- emptyDir: {}
- - name: scripts
- configMap:
- name: kilo-scripts
- - name: k3s-agent
- hostPath:
- path: /var/lib/rancher/k3s/agent
- - name: lib-modules
- hostPath:
- path: /lib/modules
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
|
