apiVersion: v1 kind: ConfigMap metadata: name: kilo namespace: kube-system labels: app.kubernetes.io/name: kilo data: cni-conf.json: | { "cniVersion":"1.0.1", "name":"kilo", "plugins":[ { "name":"kubernetes", "type":"bridge", "bridge":"kube-bridge", "isDefaultGateway":true, "forceAddress":true, "mtu": 1420, "ipam":{ "type":"host-local" } }, { "type":"portmap", "snat":true, "capabilities":{ "portMappings":true } } ] } --- apiVersion: v1 kind: ServiceAccount metadata: name: kilo namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kilo rules: - apiGroups: - "" resources: - nodes verbs: - list - patch - watch - apiGroups: - kilo.squat.ai resources: - peers verbs: - list - watch - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kilo roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kilo subjects: - kind: ServiceAccount name: kilo namespace: kube-system --- --- apiVersion: v1 kind: ConfigMap metadata: name: kilo-scripts namespace: kube-system data: init.sh: | #!/bin/sh cat > /etc/kubernetes/kubeconfig < $TMP_CONF; rm -f /host/etc/cni/net.d/*; mv $TMP_CONF /host/etc/cni/net.d/$CNI_CONF_NAME env: - name: CNI_CONF_NAME value: 10-kilo.conflist - name: CNI_NETWORK_CONFIG valueFrom: configMapKeyRef: name: kilo key: cni-conf.json volumeMounts: - name: cni-bin-dir mountPath: /host/opt/cni/bin - name: cni-conf-dir mountPath: /host/etc/cni/net.d tolerations: - effect: NoSchedule operator: Exists - effect: NoExecute operator: Exists volumes: - name: cni-bin-dir hostPath: path: /opt/cni/bin - name: cni-conf-dir hostPath: path: /etc/cni/net.d - name: kilo-dir hostPath: path: /var/lib/kilo - name: kubeconfig emptyDir: {} - name: scripts configMap: name: kilo-scripts - name: k3s-agent hostPath: path: /var/lib/rancher/k3s/agent - name: lib-modules hostPath: path: /lib/modules - name: xtables-lock hostPath: path: /run/xtables.lock type: FileOrCreate - name: wireguard hostPath: path: /var/run/wireguard