✨suppor k8s node etcd

2019-09-02 16:54:34 +08:00
parent f22e8ea90e
commit 82f5309a1c
18 changed files with 232 additions and 14 deletions
--- a/kustomize/network/calico-etcd/kustomization.yaml
+++ b/kustomize/network/calico-etcd/kustomization.yaml
@@ -0,0 +1,23 @@
+bases:
+- ../crds
+
+resources:
+  - network.yaml
+  - rbac/role.yaml
+  - rbac/role_binding.yaml
+
+generatorOptions:
+   disableNameSuffixHash: true
+
+secretGenerator:
+  - name: calico-etcd-secrets
+    files:
+    - etcd-ca=etcd/ca
+    - etcd-key=etcd/key
+    - etcd-cert=etcd/crt
+    type: Opaque
+
+patchesStrategicMerge:
+  - patch_image_name.yaml
+
+namespace: network-test-f22e8ea9
--- a/kustomize/network/calico-etcd/network.yaml
+++ b/kustomize/network/calico-etcd/network.yaml
@@ -0,0 +1,57 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name:  network-system
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: network-manager
+  namespace: network-system
+  labels:
+    control-plane: network-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: network-manager
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        control-plane: network-manager
+    spec:
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      hostNetwork: true
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+        - key: "node-role.kubernetes.io/master"
+          effect: NoSchedule
+      containers:
+      - command:
+        - /ks-network
+        args:
+          - -v=4
+          - np-provider=calico
+        image: network:latest
+        imagePullPolicy: Always
+        name: manager
+        resources:
+          limits:
+            cpu: 100m
+            memory: 30Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+        volumeMounts:
+        - mountPath: /calicocerts
+          name: etcd-certs
+          readOnly: true
+      terminationGracePeriodSeconds: 10
+      volumes:
+      - name: etcd-certs
+        secret:
+          secretName: calico-etcd-secrets
+          defaultMode: 0400
--- a/kustomize/network/calico-etcd/patch_image_name.yaml
+++ b/kustomize/network/calico-etcd/patch_image_name.yaml
@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: network-manager
+  namespace: network-system
+spec:
+  template:
+    spec:
+      containers:
+      # Change the value of image field below to your controller image URL
+      - image: magicsong/ks-network:f22e8ea9
+        name: manager
--- a/kustomize/network/calico-etcd/patch_role_binding.yaml
+++ b/kustomize/network/calico-etcd/patch_role_binding.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: manager-rolebinding
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: network-test-f22e8ea9
--- a/kustomize/network/calico-etcd/role.yaml
+++ b/kustomize/network/calico-etcd/role.yaml
@@ -0,0 +1,33 @@
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: network-manager
+rules:
+- apiGroups:
+  - network.kubesphere.io
+  resources:
+  - namespacenetworkpolicies
+  - workspacenetworkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - tenant.kubesphere.io
+  resources:
+  - workspaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
--- a/kustomize/network/calico-etcd/role_binding.yaml
+++ b/kustomize/network/calico-etcd/role_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: net-manager-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: network-system