Created
January 7, 2019 21:57
-
-
Save cjbottaro/5dfaef75a212a798c73b865c168ef19f to your computer and use it in GitHub Desktop.
kube-router.yaml with hostPort and arm support
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: kube-router-cfg | |
| namespace: kube-system | |
| labels: | |
| tier: node | |
| k8s-app: kube-router | |
| data: | |
| cni-conf.json: | | |
| { | |
| "cniVersion":"0.3.0", | |
| "name":"kube-router-net", | |
| "plugins":[ | |
| { | |
| "name":"kubernetes", | |
| "type":"bridge", | |
| "bridge":"kube-bridge", | |
| "isDefaultGateway":true, | |
| "ipam":{ | |
| "type":"host-local" | |
| } | |
| }, | |
| { | |
| "type":"portmap", | |
| "capabilities":{ | |
| "snat":true, | |
| "portMappings":true | |
| } | |
| } | |
| ] | |
| } | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: kube-router | |
| namespace: kube-system | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: kube-router | |
| namespace: kube-system | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - namespaces | |
| - pods | |
| - services | |
| - nodes | |
| - endpoints | |
| verbs: | |
| - list | |
| - get | |
| - watch | |
| - apiGroups: | |
| - "networking.k8s.io" | |
| resources: | |
| - networkpolicies | |
| verbs: | |
| - list | |
| - get | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - networkpolicies | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: kube-router | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: kube-router | |
| subjects: | |
| - kind: ServiceAccount | |
| name: kube-router | |
| namespace: kube-system | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| labels: | |
| k8s-app: kube-router | |
| tier: node | |
| name: kube-router | |
| namespace: kube-system | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| k8s-app: kube-router | |
| tier: node | |
| annotations: | |
| scheduler.alpha.kubernetes.io/critical-pod: '' | |
| spec: | |
| serviceAccountName: kube-router | |
| serviceAccount: kube-router | |
| nodeSelector: | |
| beta.kubernetes.io/arch: amd64 | |
| containers: | |
| - name: kube-router | |
| image: cloudnativelabs/kube-router | |
| imagePullPolicy: Always | |
| args: | |
| - --run-router=true | |
| - --run-firewall=true | |
| - --run-service-proxy=true | |
| - --kubeconfig=/var/lib/kube-router/kubeconfig | |
| env: | |
| - name: KUBE_ROUTER_CNI_CONF_FILE | |
| value: /etc/cni/net.d/10-kuberouter.conflist | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 20244 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 3 | |
| resources: | |
| requests: | |
| cpu: 250m | |
| memory: 250Mi | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - name: lib-modules | |
| mountPath: /lib/modules | |
| readOnly: true | |
| - name: cni-conf-dir | |
| mountPath: /etc/cni/net.d | |
| - name: kubeconfig | |
| mountPath: /var/lib/kube-router | |
| readOnly: true | |
| initContainers: | |
| - name: install-cni | |
| image: busybox | |
| imagePullPolicy: Always | |
| command: | |
| - /bin/sh | |
| - -c | |
| - set -e -x; | |
| if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then | |
| TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; | |
| cp /etc/kube-router/cni-conf.json ${TMP}; | |
| mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; | |
| fi | |
| volumeMounts: | |
| - name: cni-conf-dir | |
| mountPath: /etc/cni/net.d | |
| - name: kube-router-cfg | |
| mountPath: /etc/kube-router | |
| hostNetwork: true | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| operator: Exists | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/master | |
| operator: Exists | |
| - effect: NoSchedule | |
| key: node.kubernetes.io/not-ready | |
| operator: Exists | |
| volumes: | |
| - name: lib-modules | |
| hostPath: | |
| path: /lib/modules | |
| - name: cni-conf-dir | |
| hostPath: | |
| path: /etc/cni/net.d | |
| - name: kube-router-cfg | |
| configMap: | |
| name: kube-router-cfg | |
| - name: kubeconfig | |
| configMap: | |
| name: kube-proxy | |
| items: | |
| - key: kubeconfig.conf | |
| path: kubeconfig | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| labels: | |
| k8s-app: kube-router | |
| tier: node | |
| name: kube-router-arm | |
| namespace: kube-system | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| k8s-app: kube-router | |
| tier: node | |
| annotations: | |
| scheduler.alpha.kubernetes.io/critical-pod: '' | |
| spec: | |
| serviceAccountName: kube-router | |
| serviceAccount: kube-router | |
| nodeSelector: | |
| beta.kubernetes.io/arch: arm | |
| containers: | |
| - name: kube-router | |
| image: xjjo/kube-router:arm-v0.2.3 | |
| imagePullPolicy: Always | |
| args: | |
| - --run-router=true | |
| - --run-firewall=true | |
| - --run-service-proxy=true | |
| - --kubeconfig=/var/lib/kube-router/kubeconfig | |
| env: | |
| - name: KUBE_ROUTER_CNI_CONF_FILE | |
| value: /etc/cni/net.d/10-kuberouter.conflist | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 20244 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 3 | |
| resources: | |
| requests: | |
| cpu: 250m | |
| memory: 250Mi | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - name: lib-modules | |
| mountPath: /lib/modules | |
| readOnly: true | |
| - name: cni-conf-dir | |
| mountPath: /etc/cni/net.d | |
| - name: kubeconfig | |
| mountPath: /var/lib/kube-router | |
| readOnly: true | |
| initContainers: | |
| - name: install-cni | |
| image: busybox | |
| imagePullPolicy: Always | |
| command: | |
| - /bin/sh | |
| - -c | |
| - set -e -x; | |
| if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then | |
| TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; | |
| cp /etc/kube-router/cni-conf.json ${TMP}; | |
| mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; | |
| fi | |
| volumeMounts: | |
| - name: cni-conf-dir | |
| mountPath: /etc/cni/net.d | |
| - name: kube-router-cfg | |
| mountPath: /etc/kube-router | |
| hostNetwork: true | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| operator: Exists | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/master | |
| operator: Exists | |
| - effect: NoSchedule | |
| key: node.kubernetes.io/not-ready | |
| operator: Exists | |
| volumes: | |
| - name: lib-modules | |
| hostPath: | |
| path: /lib/modules | |
| - name: cni-conf-dir | |
| hostPath: | |
| path: /etc/cni/net.d | |
| - name: kube-router-cfg | |
| configMap: | |
| name: kube-router-cfg | |
| - name: kubeconfig | |
| configMap: | |
| name: kube-proxy | |
| items: | |
| - key: kubeconfig.conf | |
| path: kubeconfig |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment