summaryrefslogtreecommitdiff
path: root/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2')
-rw-r--r--roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2235
1 files changed, 0 insertions, 235 deletions
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2 b/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2
deleted file mode 100644
index a2660db2..00000000
--- a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2
+++ /dev/null
@@ -1,235 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: kube-router-kubeconfig
- namespace: kube-system
- labels:
- tier: node
- k8s-app: kube-router
-data:
- kubeconfig.conf: |
- apiVersion: v1
- kind: Config
- clusters:
- - cluster:
- certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- server: https://127.0.0.1:{{ kubernetes_api_lb_port | default('6443') }}
- name: default
- contexts:
- - context:
- cluster: default
- namespace: default
- user: default
- name: default
- current-context: default
- users:
- - name: default
- user:
- tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: kube-router-cfg
- namespace: kube-system
- labels:
- tier: node
- k8s-app: kube-router
-data:
- cni-conf.json: |
- {
- "cniVersion":"0.3.0",
- "name":"mynet",
- "plugins":[
- {
- "name":"kubernetes",
- "type":"bridge",
- "bridge":"kube-bridge",
- "isDefaultGateway":true,
- "hairpinMode": true,
- "ipam":{
- "type":"host-local"
- }
- },
- {
- "type":"portmap",
- "capabilities":{
- "snat":true,
- "portMappings":true
- }
- }
- ]
- }
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- labels:
- k8s-app: kube-router
- tier: node
- name: kube-router
- namespace: kube-system
-spec:
- selector:
- matchLabels:
- k8s-app: kube-router
- tier: node
- template:
- metadata:
- labels:
- k8s-app: kube-router
- tier: node
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: "8080"
- spec:
- priorityClassName: system-node-critical
- serviceAccountName: kube-router
- serviceAccount: kube-router
- containers:
- - name: kube-router
- image: docker.io/cloudnativelabs/kube-router:v{{ kubernetes_network_plugin_version }}
- imagePullPolicy: Always
- args:
- - --run-router=true
- - --run-firewall=true
- - --run-service-proxy={{ kubernetes_network_plugin_replaces_kube_proxy | string | lower }}
- - --kubeconfig=/var/lib/kube-router/kubeconfig
- - --hairpin-mode
- - --iptables-sync-period=10s
- - --ipvs-sync-period=10s
- - --routes-sync-period=10s
- env:
- - name: NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: KUBE_ROUTER_CNI_CONF_FILE
- value: /etc/cni/net.d/10-kuberouter.conflist
- livenessProbe:
- httpGet:
- path: /healthz
- port: 20244
- initialDelaySeconds: 10
- periodSeconds: 3
- resources:
- requests:
- cpu: 250m
- memory: 250Mi
- securityContext:
- privileged: true
- volumeMounts:
- - name: lib-modules
- mountPath: /lib/modules
- readOnly: true
- - name: cni-conf-dir
- mountPath: /etc/cni/net.d
- - name: kubeconfig
- mountPath: /var/lib/kube-router
- readOnly: true
- - name: xtables-lock
- mountPath: /run/xtables.lock
- readOnly: false
- initContainers:
- - name: install-cni
- image: busybox
- imagePullPolicy: Always
- command:
- - /bin/sh
- - -c
- - set -e -x;
- if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then
- if [ -f /etc/cni/net.d/*.conf ]; then
- rm -f /etc/cni/net.d/*.conf;
- fi;
- TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
- cp /etc/kube-router/cni-conf.json ${TMP};
- mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
- fi
- volumeMounts:
- - name: cni-conf-dir
- mountPath: /etc/cni/net.d
- - name: kube-router-cfg
- mountPath: /etc/kube-router
- hostNetwork: true
- tolerations:
- - effect: NoSchedule
- operator: Exists
- - key: CriticalAddonsOnly
- operator: Exists
- - effect: NoExecute
- operator: Exists
- volumes:
- - name: lib-modules
- hostPath:
- path: /lib/modules
- - name: cni-conf-dir
- hostPath:
- path: /etc/cni/net.d
- - name: kube-router-cfg
- configMap:
- name: kube-router-cfg
- - name: kubeconfig
- configMap:
- name: kube-router-kubeconfig
- items:
- - key: kubeconfig.conf
- path: kubeconfig
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: kube-router
- namespace: kube-system
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: kube-router
- namespace: kube-system
-rules:
- - apiGroups:
- - ""
- resources:
- - namespaces
- - pods
- - services
- - nodes
- - endpoints
- verbs:
- - list
- - get
- - watch
- - apiGroups:
- - "networking.k8s.io"
- resources:
- - networkpolicies
- verbs:
- - list
- - get
- - watch
- - apiGroups:
- - extensions
- resources:
- - networkpolicies
- verbs:
- - get
- - list
- - watch
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: kube-router
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kube-router
-subjects:
-- kind: ServiceAccount
- name: kube-router
- namespace: kube-system
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 01:31:23 +0000