adelorenzo/kilo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5a45c1f85b
kilo/manifests/kilo-vpn-only-example.yaml
Sebastian Kurfürst 5a45c1f85b FEATURE: improve documentation for VPN-only use case
2020-02-11 13:12:24 +01:00

101 lines
2.1 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ServiceAccount
metadata:
name: kilo
namespace: kilo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kilo
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- patch
- watch
- apiGroups:
- kilo.squat.ai
resources:
- peers
verbs:
- list
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kilo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kilo
subjects:
- kind: ServiceAccount
name: kilo
namespace: kilo
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kilo
namespace: kilo
labels:
app.kubernetes.io/name: kilo
spec:
selector:
matchLabels:
app.kubernetes.io/name: kilo
template:
metadata:
labels:
app.kubernetes.io/name: kilo
spec:
nodeSelector:
# !!! Decide where you want to run your Kilo ingress.
kubernetes.io/hostname: TODO-ADD-YOUR-HOST-HERE
serviceAccountName: kilo
# we need to be part of the host network; otherwise, we cannot configure wireguard.
hostNetwork: true
containers:
- name: kilo
image: squat/kilo
args:
- --hostname=$(NODE_NAME)
# we only want to use Kilo as VPN; and not as CNI interface.
- --cni=false
- --encapsulate=never
# we want to work together with Flannel.
- --compatibility=flannel
- --local=false
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# we need to be root to configure wireguard
securityContext:
privileged: true
volumeMounts:
- name: kilo-dir
mountPath: /var/lib/kilo
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
volumes:
- name: kilo-dir
hostPath:
path: /var/lib/kilo
Reference in New Issue View Git Blame Copy Permalink