Created
May 23, 2023 10:17
-
-
Save farcaller/4ddbc7b8c1cd2db3122842f7ac9cf1e6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // v1.5.4 via https://github.com/cloudnativelabs/kube-router/blob/v1.5.4/daemonset/generic-kuberouter-only-advertise-routes.yaml | |
| [ | |
| { | |
| apiVersion: 'apps/v1', | |
| kind: 'DaemonSet', | |
| metadata: { | |
| labels: { | |
| 'k8s-app': 'kube-router', | |
| tier: 'node', | |
| }, | |
| name: 'kube-router', | |
| namespace: 'kube-system', | |
| }, | |
| spec: { | |
| selector: { | |
| matchLabels: { | |
| 'k8s-app': 'kube-router', | |
| tier: 'node', | |
| }, | |
| }, | |
| template: { | |
| metadata: { | |
| labels: { | |
| 'k8s-app': 'kube-router', | |
| tier: 'node', | |
| }, | |
| }, | |
| spec: { | |
| priorityClassName: 'system-node-critical', | |
| serviceAccountName: 'kube-router', | |
| containers: [ | |
| { | |
| name: 'kube-router', | |
| image: 'docker.io/cloudnativelabs/kube-router', | |
| imagePullPolicy: 'Always', | |
| args: [ | |
| '--run-router=true', | |
| '--run-firewall=false', | |
| '--run-service-proxy=false', | |
| '--bgp-graceful-restart=true', | |
| '--enable-cni=false', | |
| '--enable-pod-egress=false', | |
| '--enable-ibgp=true', | |
| '--enable-overlay=true', | |
| '--peer-router-ips=' + std.extVar('peer_router_ips'), | |
| '--peer-router-asns=' + std.extVar('peer_router_asns'), | |
| '--cluster-asn=' + std.extVar('cluster_asn'), | |
| '--advertise-cluster-ip=true', | |
| '--advertise-external-ip=true', | |
| '--advertise-loadbalancer-ip=true', | |
| '--metrics-port=8080', | |
| ], | |
| env: [ | |
| { | |
| name: 'NODE_NAME', | |
| valueFrom: { | |
| fieldRef: { | |
| fieldPath: 'spec.nodeName', | |
| }, | |
| }, | |
| }, | |
| ], | |
| livenessProbe: { | |
| httpGet: { | |
| path: '/healthz', | |
| port: 20244, | |
| }, | |
| initialDelaySeconds: 10, | |
| periodSeconds: 3, | |
| }, | |
| resources: { | |
| requests: { | |
| cpu: '250m', | |
| memory: '250Mi', | |
| }, | |
| }, | |
| securityContext: { | |
| privileged: true, | |
| }, | |
| volumeMounts: [ | |
| { | |
| name: 'xtables-lock', | |
| mountPath: '/run/xtables.lock', | |
| readOnly: false, | |
| }, | |
| ], | |
| }, | |
| ], | |
| hostNetwork: true, | |
| tolerations: [ | |
| { | |
| effect: 'NoSchedule', | |
| operator: 'Exists', | |
| }, | |
| { | |
| key: 'CriticalAddonsOnly', | |
| operator: 'Exists', | |
| }, | |
| { | |
| effect: 'NoExecute', | |
| operator: 'Exists', | |
| }, | |
| ], | |
| volumes: [ | |
| { | |
| name: 'xtables-lock', | |
| hostPath: { | |
| path: '/run/xtables.lock', | |
| type: 'FileOrCreate', | |
| }, | |
| }, | |
| ], | |
| }, | |
| }, | |
| }, | |
| }, | |
| { | |
| apiVersion: 'v1', | |
| kind: 'ServiceAccount', | |
| metadata: { | |
| name: 'kube-router', | |
| namespace: 'kube-system', | |
| }, | |
| }, | |
| { | |
| kind: 'ClusterRole', | |
| apiVersion: 'rbac.authorization.k8s.io/v1', | |
| metadata: { | |
| name: 'kube-router', | |
| namespace: 'kube-system', | |
| }, | |
| rules: [ | |
| { | |
| apiGroups: [ | |
| '', | |
| ], | |
| resources: [ | |
| 'namespaces', | |
| 'pods', | |
| 'services', | |
| 'nodes', | |
| 'endpoints', | |
| ], | |
| verbs: [ | |
| 'list', | |
| 'get', | |
| 'watch', | |
| ], | |
| }, | |
| { | |
| apiGroups: [ | |
| 'networking.k8s.io', | |
| ], | |
| resources: [ | |
| 'networkpolicies', | |
| ], | |
| verbs: [ | |
| 'list', | |
| 'get', | |
| 'watch', | |
| ], | |
| }, | |
| { | |
| apiGroups: [ | |
| 'extensions', | |
| ], | |
| resources: [ | |
| 'networkpolicies', | |
| ], | |
| verbs: [ | |
| 'get', | |
| 'list', | |
| 'watch', | |
| ], | |
| }, | |
| ], | |
| }, | |
| { | |
| kind: 'ClusterRoleBinding', | |
| apiVersion: 'rbac.authorization.k8s.io/v1', | |
| metadata: { | |
| name: 'kube-router', | |
| }, | |
| roleRef: { | |
| apiGroup: 'rbac.authorization.k8s.io', | |
| kind: 'ClusterRole', | |
| name: 'kube-router', | |
| }, | |
| subjects: [ | |
| { | |
| kind: 'ServiceAccount', | |
| name: 'kube-router', | |
| namespace: 'kube-system', | |
| }, | |
| ], | |
| }, | |
| { | |
| apiVersion: 'v1', | |
| kind: 'Service', | |
| metadata: { | |
| labels: { | |
| 'k8s-app': 'kube-router', | |
| }, | |
| name: 'kube-router-metrics', | |
| }, | |
| spec: { | |
| ports: [ | |
| { | |
| name: 'http-metrics', | |
| port: 8080, | |
| protocol: 'TCP', | |
| targetPort: 8080, | |
| }, | |
| ], | |
| selector: { | |
| 'k8s-app': 'kube-router', | |
| }, | |
| }, | |
| }, | |
| { | |
| apiVersion: 'monitoring.coreos.com/v1', | |
| kind: 'ServiceMonitor', | |
| metadata: { | |
| name: 'kube-router', | |
| }, | |
| spec: { | |
| endpoints: [ | |
| { | |
| honorLabels: true, | |
| interval: '30s', | |
| path: '/metrics', | |
| port: 'http-metrics', | |
| }, | |
| ], | |
| namespaceSelector: { | |
| matchNames: [ | |
| 'kube-system', | |
| ], | |
| }, | |
| selector: { | |
| matchLabels: { | |
| 'k8s-app': 'kube-router', | |
| }, | |
| }, | |
| targetLabels: [ | |
| 'k8s-app', | |
| ], | |
| }, | |
| }, | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment