From 8e14ae553b97405544882ec6b0c111b1d4d2ad20 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Thu, 5 May 2022 10:10:55 +0200 Subject: [PATCH] feat: manifest example for cilium addon mode --- manifests/kilo-kubeadm-cilium.yaml | 142 +++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 manifests/kilo-kubeadm-cilium.yaml diff --git a/manifests/kilo-kubeadm-cilium.yaml b/manifests/kilo-kubeadm-cilium.yaml new file mode 100644 index 0000000..56cf4f5 --- /dev/null +++ b/manifests/kilo-kubeadm-cilium.yaml @@ -0,0 +1,142 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kilo + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kilo +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - patch + - watch +- apiGroups: + - kilo.squat.ai + resources: + - peers + verbs: + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kilo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kilo +subjects: + - kind: ServiceAccount + name: kilo + namespace: kube-system +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kilo + namespace: kube-system + labels: + app.kubernetes.io/name: kilo + app.kubernetes.io/part-of: kilo +spec: + selector: + matchLabels: + app.kubernetes.io/name: kilo + app.kubernetes.io/part-of: kilo + template: + metadata: + labels: + app.kubernetes.io/name: kilo + app.kubernetes.io/part-of: kilo + spec: + serviceAccountName: kilo + hostNetwork: true + containers: + - name: kilo + image: squat/kilo:0.5.0 + args: + - --kubeconfig=/etc/kubernetes/kubeconfig + - --hostname=$(NODE_NAME) + - --cni=false + - --compatibility=cilium + - --local=false + # additional and also optional flag + - --encapsulate=crosssubnet + - --clean-up-interface=true + - --subnet=172.31.254.0/24 + - --log-level=all + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - containerPort: 1107 + name: metrics + securityContext: + privileged: true + volumeMounts: + - name: kilo-dir + mountPath: /var/lib/kilo + + # with kube-proxy configmap + # - name: kubeconfig + # mountPath: /etc/kubernetes + # readOnly: true + + # without kube-proxy host kubeconfig binding + - name: kubeconfig + mount_path: /etc/kubernetes/kubeconfig + sub_path: admin.conf + read_only: true + + - name: lib-modules + mountPath: /lib/modules + readOnly: true + - name: xtables-lock + mountPath: /run/xtables.lock + readOnly: false + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: kilo-dir + hostPath: + path: /var/lib/kilo + + # with kube-proxy configmap + # - name: kubeconfig + # configMap: + # name: kube-proxy + # items: + # - key: kubeconfig.conf + # path: kubeconfig + + # without kube-proxy host kubeconfig binding + - name: kubeconfig + host_path: + path: /etc/kubernetes + + - name: lib-modules + hostPath: + path: /lib/modules + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate