Created
March 13, 2018 08:03
-
-
Save ikurni/2af6c390d099ef754fec63e402c868cd to your computer and use it in GitHub Desktop.
ACI containers file for automatic deploy CNI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: aci-containers-config | |
| namespace: kube-system | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| network-plugin: aci-containers | |
| data: | |
| controller-config: |- | |
| { | |
| "log-level": "info", | |
| "apic-hosts": [ | |
| "10.68.125.142" | |
| ], | |
| "apic-username": "openshift", | |
| "apic-private-key-path": "/usr/local/etc/aci-cert/user.key", | |
| "aci-prefix": "openshift", | |
| "aci-vmm-type": "OpenShift", | |
| "aci-vmm-domain": "openshift", | |
| "aci-vmm-controller": "openshift", | |
| "aci-policy-tenant": "openshift", | |
| "require-netpol-annot": true, | |
| "aci-service-phys-dom": "openshift-pdom", | |
| "aci-service-encap": "vlan-3998", | |
| "aci-vrf-tenant": "common", | |
| "aci-l3out": "openshift_l3out", | |
| "aci-ext-networks": [ | |
| "openshift_extepg" | |
| ], | |
| "aci-vrf": "openshift-vrf", | |
| "default-endpoint-group": { | |
| "policy-space": "openshift", | |
| "name": "kubernetes|kube-default" | |
| }, | |
| "namespace-default-endpoint-group": { | |
| "kube-system": { | |
| "policy-space": "openshift", | |
| "name": "kubernetes|kube-system" | |
| } | |
| }, | |
| "service-ip-pool": [ | |
| { | |
| "start": "10.3.0.2", | |
| "end": "10.3.0.254" | |
| } | |
| ], | |
| "static-service-ip-pool": [ | |
| { | |
| "start": "10.4.0.2", | |
| "end": "10.4.0.254" | |
| } | |
| ], | |
| "allocate-service-ips": false, | |
| "pod-ip-pool": [ | |
| { | |
| "start": "10.2.0.2", | |
| "end": "10.2.255.254" | |
| } | |
| ], | |
| "node-service-ip-pool": [ | |
| { | |
| "start": "10.5.0.2", | |
| "end": "10.5.0.254" | |
| } | |
| ], | |
| "node-service-subnets": [ | |
| "10.5.0.1/24" | |
| ] | |
| } | |
| host-agent-config: |- | |
| { | |
| "log-level": "info", | |
| "aci-vmm-type": "OpenShift", | |
| "aci-vmm-domain": "openshift", | |
| "aci-vmm-controller": "openshift", | |
| "aci-vrf": "openshift-vrf", | |
| "aci-vrf-tenant": "common", | |
| "service-vlan": 3998, | |
| "encap-type": "vxlan", | |
| "aci-infra-vlan": 4000, | |
| "cni-netconfig": [ | |
| { | |
| "routes": [ | |
| { | |
| "gw": "10.2.0.1", | |
| "dst": "0.0.0.0/0" | |
| } | |
| ], | |
| "subnet": "10.2.0.0/16", | |
| "gateway": "10.2.0.1" | |
| } | |
| ] | |
| } | |
| opflex-agent-config: |- | |
| { | |
| "log": { | |
| "level": "info" | |
| }, | |
| "opflex": { | |
| } | |
| } | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: aci-user-cert | |
| namespace: kube-system | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| data: | |
| user.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQWw4d2dnSmJBZ0VBQW9HQkFOZytQWThJM2NNWll5TzgKU0FISEFwNm8xbzdLeG1UVTJtNWFnaExuMXZpUWdRZEp3NEZxVmJVRW55K2p0SGRHeGhuQTk0VzZiL29ibDh6bgpqczZYMVlIaWs2NTV3OE5kb2Nja0xGb1ZXV0tTeW5udEZCOTJTN1JZeHNyQmhCSm9qS09HY1hBa2NXQVh3S0V0CkdUR3E2cUF3R0tsYUVERXU5STVWZk5lNno3NnhBZ01CQUFFQ2dZQXQzU1daVEx3Y1FTb3h6aUZIbnpvREJMUmQKSE16dlhlWG1PZlFVcG0rRjBNQk5GMndMNnMyNjB2d2dVb3hZTC82Y1A3MC84OGNFT1EzOU82K2lTYm5TcXFvWQpLZThIQ2NEeElvRjZmNm03VFBIaWFZZFBmTFRvS1BPaUdOWXkyUDBFRWFzdTEySzBwQjRGbWQxY0xqVXNhNG1aCjg5WDN2VDJWcFFESUFBQTNBUUpCQVBPVmJRd0dMRXRYeUI5L21qTEh6ZG5uRzMvYjFXdmZ3S2F3UGdWR1BwaUcKV2Z2MU4vYnVSMUJPTmcrOHdJNVBiVG9VYVRnanpXdXB1eUlUdkw5QVlza0NRUURqUkFxeEthVU4zb2lSamp0bwpNenJlemsrMElhZHo2SldES2luS0F4NTBUeUJpV1hBeFVIeFQ0b0xXbFpKRlVmOU9UdjlHK3Z2bmNIMk11Zm0rClZraXBBa0JLQnJadU9nNEtFN0pwQ0RHSGp6dGJKcVl2MUZKbkIwZ1lJR1dvMnJFNVQxTlhoQzJ1NkxsWmlYdGEKaXdXRitsTjZuQ3RoK1ZkN2ljaXFVWTlDSEVJcEFrQnY0KzRIcjJNdDR1UUdGYXExOEpNSll6WG1qN01yNDlUSQprUmVsOThja3FGaGZVMzFqS2ljci9aZEJJcjZ6RmwzR0ppcVV2YmtNQjF3b3p0OWdrSWFSQWtCVVFoVnJqWGY4CkFqMmp1TGtlV1d0N2xjTitzY09OMlpTYjB4S1FEWEtTTm16ZzQ5MnlwTk1oUUUzbzI1Z3NDNExwRjNTc2FMaFYKUW95anZkczJ2TU9NCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K | |
| user.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI3RENDQVZVQ0FnUG9NQTBHQ1NxR1NJYjNEUUVCQlFVQU1ENHhDekFKQmdOVkJBWVRBbFZUTVJZd0ZBWUQKVlFRS0RBMURhWE5qYnlCVGVYTjBaVzF6TVJjd0ZRWURWUVFEREE1VmMyVnlJRzl3Wlc1emFHbG1kREFlRncweApPREF6TURVeE9UTTNNelphRncweU9EQXpNRE13TnpNM016WmFNRDR4Q3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEClZRUUtEQTFEYVhOamJ5QlRlWE4wWlcxek1SY3dGUVlEVlFRRERBNVZjMlZ5SUc5d1pXNXphR2xtZERDQm56QU4KQmdrcWhraUc5dzBCQVFFRkFBT0JqUUF3Z1lrQ2dZRUEyRDQ5andqZHd4bGpJN3hJQWNjQ25xaldqc3JHWk5UYQpibHFDRXVmVytKQ0JCMG5EZ1dwVnRRU2ZMNk8wZDBiR0djRDNoYnB2K2h1WHpPZU96cGZWZ2VLVHJubkR3MTJoCnh5UXNXaFZaWXBMS2VlMFVIM1pMdEZqR3lzR0VFbWlNbzRaeGNDUnhZQmZBb1MwWk1hcnFvREFZcVZvUU1TNzAKamxWODE3clB2ckVDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQTdZaGtBSGlXN29rckFmRXk2RGg1bQpLamtGYUZyKzh5OE4yREEzWmJrSGZJL3BOWFlDbVRLM3R4RW1YdjFEeTNLNzNJOW8vMEIwQ0RrUkJHUC9hY3lECmNDZkFzc04yd0ZlY0FWUzZaZmdMbUt2OVJFY0hmOTVqdkJRRjVSREp6djY2OWJNZ1ZxbklKb0xIczd3ODRIdWkKVVoyY0JsaHhqYmo2UXZjUXBvbyt5Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: aci-containers-controller | |
| namespace: kube-system | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: aci-containers-host-agent | |
| namespace: kube-system | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| --- | |
| apiVersion: v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| network-plugin: aci-containers | |
| name: aci-containers:controller | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| - namespaces | |
| - pods | |
| - endpoints | |
| - services | |
| verbs: | |
| - list | |
| - watch | |
| - get | |
| - apiGroups: | |
| - "extensions" | |
| resources: | |
| - deployments | |
| - replicasets | |
| - networkpolicies | |
| verbs: | |
| - list | |
| - watch | |
| - get | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| - nodes | |
| - services/status | |
| verbs: | |
| - update | |
| --- | |
| apiVersion: v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| network-plugin: aci-containers | |
| name: aci-containers:host-agent | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| - pods | |
| - endpoints | |
| - services | |
| verbs: | |
| - list | |
| - watch | |
| - get | |
| --- | |
| apiVersion: v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: aci-containers:controller | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: aci-containers:controller | |
| subjects: | |
| - kind: ServiceAccount | |
| name: aci-containers-controller | |
| namespace: kube-system | |
| --- | |
| apiVersion: v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: aci-containers:host-agent | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: aci-containers:host-agent | |
| subjects: | |
| - kind: ServiceAccount | |
| name: aci-containers-host-agent | |
| namespace: kube-system | |
| --- | |
| kind: SecurityContextConstraints | |
| apiVersion: v1 | |
| metadata: | |
| name: aci-containers-scc | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| users: | |
| - system:serviceaccount:kube-system:aci-containers-controller | |
| - system:serviceaccount:kube-system:aci-containers-host-agent | |
| allowHostDirVolumePlugin: true | |
| allowHostIPC: true | |
| allowHostNetwork: true | |
| allowHostPID: true | |
| allowHostPorts: true | |
| allowPrivilegedContainer: true | |
| allowedCapabilities: | |
| - '*' | |
| defaultAddCapabilities: [] | |
| requiredDropCapabilities: [] | |
| readOnlyRootFilesystem: false | |
| fsGroup: | |
| type: RunAsAny | |
| runAsUser: | |
| type: RunAsAny | |
| seLinuxContext: | |
| type: RunAsAny | |
| supplementalGroups: | |
| type: RunAsAny | |
| seccompProfiles: | |
| - '*' | |
| volumes: | |
| - '*' | |
| priority: 100 | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| name: aci-containers-host | |
| namespace: kube-system | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| network-plugin: aci-containers | |
| spec: | |
| updateStrategy: | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| name: aci-containers-host | |
| network-plugin: aci-containers | |
| annotations: | |
| scheduler.alpha.kubernetes.io/critical-pod: '' | |
| spec: | |
| hostNetwork: true | |
| hostPID: true | |
| hostIPC: true | |
| serviceAccountName: aci-containers-host-agent | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/master | |
| initContainers: | |
| - name: cnideploy | |
| image: noiro/cnideploy:1.6r15 | |
| imagePullPolicy: Always | |
| securityContext: | |
| privileged: true | |
| capabilities: | |
| add: | |
| - SYS_ADMIN | |
| volumeMounts: | |
| - name: cni-bin | |
| mountPath: /mnt/cni-bin | |
| containers: | |
| - name: aci-containers-host | |
| image: noiro/aci-containers-host:1.6r15 | |
| imagePullPolicy: Always | |
| securityContext: | |
| privileged: true | |
| capabilities: | |
| add: | |
| - SYS_ADMIN | |
| - NET_ADMIN | |
| env: | |
| - name: KUBERNETES_NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| volumeMounts: | |
| - name: cni-bin | |
| mountPath: /mnt/cni-bin | |
| - name: cni-conf | |
| mountPath: /mnt/cni-conf | |
| - name: hostvar | |
| mountPath: /usr/local/var | |
| - name: hostrun | |
| mountPath: /run | |
| - name: hostrun | |
| mountPath: /usr/local/run | |
| - name: opflex-hostconfig-volume | |
| mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d | |
| - name: host-config-volume | |
| mountPath: /usr/local/etc/aci-containers/ | |
| livenessProbe: | |
| httpGet: | |
| path: /status | |
| port: 8090 | |
| - name: opflex-agent | |
| image: noiro/opflex:1.6r17 | |
| imagePullPolicy: Always | |
| securityContext: | |
| privileged: true | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| volumeMounts: | |
| - name: hostvar | |
| mountPath: /usr/local/var | |
| - name: hostrun | |
| mountPath: /run | |
| - name: hostrun | |
| mountPath: /usr/local/run | |
| - name: opflex-hostconfig-volume | |
| mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d | |
| - name: opflex-config-volume | |
| mountPath: /usr/local/etc/opflex-agent-ovs/conf.d | |
| - name: mcast-daemon | |
| image: noiro/opflex:1.6r17 | |
| command: ["/bin/sh"] | |
| args: ["/usr/local/bin/launch-mcastdaemon.sh"] | |
| imagePullPolicy: Always | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - name: hostvar | |
| mountPath: /usr/local/var | |
| - name: hostrun | |
| mountPath: /run | |
| - name: hostrun | |
| mountPath: /usr/local/run | |
| restartPolicy: Always | |
| volumes: | |
| - name: cni-bin | |
| hostPath: | |
| path: /opt | |
| - name: cni-conf | |
| hostPath: | |
| path: /etc | |
| - name: hostvar | |
| hostPath: | |
| path: /var | |
| - name: hostrun | |
| hostPath: | |
| path: /run | |
| - name: host-config-volume | |
| configMap: | |
| name: aci-containers-config | |
| items: | |
| - key: host-agent-config | |
| path: host-agent.conf | |
| - name: opflex-hostconfig-volume | |
| emptyDir: | |
| medium: Memory | |
| - name: opflex-config-volume | |
| configMap: | |
| name: aci-containers-config | |
| items: | |
| - key: opflex-agent-config | |
| path: local.conf | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| name: aci-containers-openvswitch | |
| namespace: kube-system | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| network-plugin: aci-containers | |
| spec: | |
| updateStrategy: | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| name: aci-containers-openvswitch | |
| network-plugin: aci-containers | |
| annotations: | |
| scheduler.alpha.kubernetes.io/critical-pod: '' | |
| spec: | |
| hostNetwork: true | |
| hostPID: true | |
| hostIPC: true | |
| serviceAccountName: aci-containers-host-agent | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/master | |
| containers: | |
| - name: aci-containers-openvswitch | |
| image: noiro/openvswitch:1.6r12 | |
| imagePullPolicy: Always | |
| securityContext: | |
| privileged: true | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| - SYS_MODULE | |
| - SYS_NICE | |
| - IPC_LOCK | |
| env: | |
| - name: OVS_RUNDIR | |
| value: /usr/local/var/run/openvswitch | |
| volumeMounts: | |
| - name: hostvar | |
| mountPath: /usr/local/var | |
| - name: hostrun | |
| mountPath: /run | |
| - name: hostrun | |
| mountPath: /usr/local/run | |
| - name: hostetc | |
| mountPath: /usr/local/etc | |
| - name: hostmodules | |
| mountPath: /lib/modules | |
| livenessProbe: | |
| exec: | |
| command: | |
| - /usr/local/bin/liveness-ovs.sh | |
| restartPolicy: Always | |
| volumes: | |
| - name: hostetc | |
| hostPath: | |
| path: /etc | |
| - name: hostvar | |
| hostPath: | |
| path: /var | |
| - name: hostrun | |
| hostPath: | |
| path: /run | |
| - name: hostmodules | |
| hostPath: | |
| path: /lib/modules | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: aci-containers-controller | |
| namespace: kube-system | |
| labels: | |
| aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
| network-plugin: aci-containers | |
| k8s-app: aci-containers-controller | |
| name: aci-containers-controller | |
| spec: | |
| replicas: 1 | |
| strategy: | |
| type: Recreate | |
| template: | |
| metadata: | |
| name: aci-containers-controller | |
| namespace: kube-system | |
| labels: | |
| network-plugin: aci-containers | |
| k8s-app: aci-containers-controller | |
| name: aci-containers-controller | |
| annotations: | |
| scheduler.alpha.kubernetes.io/critical-pod: '' | |
| spec: | |
| hostNetwork: true | |
| serviceAccountName: aci-containers-controller | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| containers: | |
| - name: aci-containers-controller | |
| image: noiro/aci-containers-controller:1.6r15 | |
| imagePullPolicy: Always | |
| volumeMounts: | |
| - name: controller-config-volume | |
| mountPath: /usr/local/etc/aci-containers/ | |
| - name: aci-user-cert-volume | |
| mountPath: /usr/local/etc/aci-cert/ | |
| livenessProbe: | |
| httpGet: | |
| path: /status | |
| port: 8091 | |
| volumes: | |
| - name: aci-user-cert-volume | |
| secret: | |
| secretName: aci-user-cert | |
| - name: controller-config-volume | |
| configMap: | |
| name: aci-containers-config | |
| items: | |
| - key: controller-config | |
| path: controller.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment