Created
March 13, 2018 08:03
-
-
Save ikurni/2af6c390d099ef754fec63e402c868cd to your computer and use it in GitHub Desktop.
ACI containers file for automatic deploy CNI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: aci-containers-config | |
namespace: kube-system | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
network-plugin: aci-containers | |
data: | |
controller-config: |- | |
{ | |
"log-level": "info", | |
"apic-hosts": [ | |
"10.68.125.142" | |
], | |
"apic-username": "openshift", | |
"apic-private-key-path": "/usr/local/etc/aci-cert/user.key", | |
"aci-prefix": "openshift", | |
"aci-vmm-type": "OpenShift", | |
"aci-vmm-domain": "openshift", | |
"aci-vmm-controller": "openshift", | |
"aci-policy-tenant": "openshift", | |
"require-netpol-annot": true, | |
"aci-service-phys-dom": "openshift-pdom", | |
"aci-service-encap": "vlan-3998", | |
"aci-vrf-tenant": "common", | |
"aci-l3out": "openshift_l3out", | |
"aci-ext-networks": [ | |
"openshift_extepg" | |
], | |
"aci-vrf": "openshift-vrf", | |
"default-endpoint-group": { | |
"policy-space": "openshift", | |
"name": "kubernetes|kube-default" | |
}, | |
"namespace-default-endpoint-group": { | |
"kube-system": { | |
"policy-space": "openshift", | |
"name": "kubernetes|kube-system" | |
} | |
}, | |
"service-ip-pool": [ | |
{ | |
"start": "10.3.0.2", | |
"end": "10.3.0.254" | |
} | |
], | |
"static-service-ip-pool": [ | |
{ | |
"start": "10.4.0.2", | |
"end": "10.4.0.254" | |
} | |
], | |
"allocate-service-ips": false, | |
"pod-ip-pool": [ | |
{ | |
"start": "10.2.0.2", | |
"end": "10.2.255.254" | |
} | |
], | |
"node-service-ip-pool": [ | |
{ | |
"start": "10.5.0.2", | |
"end": "10.5.0.254" | |
} | |
], | |
"node-service-subnets": [ | |
"10.5.0.1/24" | |
] | |
} | |
host-agent-config: |- | |
{ | |
"log-level": "info", | |
"aci-vmm-type": "OpenShift", | |
"aci-vmm-domain": "openshift", | |
"aci-vmm-controller": "openshift", | |
"aci-vrf": "openshift-vrf", | |
"aci-vrf-tenant": "common", | |
"service-vlan": 3998, | |
"encap-type": "vxlan", | |
"aci-infra-vlan": 4000, | |
"cni-netconfig": [ | |
{ | |
"routes": [ | |
{ | |
"gw": "10.2.0.1", | |
"dst": "0.0.0.0/0" | |
} | |
], | |
"subnet": "10.2.0.0/16", | |
"gateway": "10.2.0.1" | |
} | |
] | |
} | |
opflex-agent-config: |- | |
{ | |
"log": { | |
"level": "info" | |
}, | |
"opflex": { | |
} | |
} | |
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: aci-user-cert | |
namespace: kube-system | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
data: | |
user.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQWw4d2dnSmJBZ0VBQW9HQkFOZytQWThJM2NNWll5TzgKU0FISEFwNm8xbzdLeG1UVTJtNWFnaExuMXZpUWdRZEp3NEZxVmJVRW55K2p0SGRHeGhuQTk0VzZiL29ibDh6bgpqczZYMVlIaWs2NTV3OE5kb2Nja0xGb1ZXV0tTeW5udEZCOTJTN1JZeHNyQmhCSm9qS09HY1hBa2NXQVh3S0V0CkdUR3E2cUF3R0tsYUVERXU5STVWZk5lNno3NnhBZ01CQUFFQ2dZQXQzU1daVEx3Y1FTb3h6aUZIbnpvREJMUmQKSE16dlhlWG1PZlFVcG0rRjBNQk5GMndMNnMyNjB2d2dVb3hZTC82Y1A3MC84OGNFT1EzOU82K2lTYm5TcXFvWQpLZThIQ2NEeElvRjZmNm03VFBIaWFZZFBmTFRvS1BPaUdOWXkyUDBFRWFzdTEySzBwQjRGbWQxY0xqVXNhNG1aCjg5WDN2VDJWcFFESUFBQTNBUUpCQVBPVmJRd0dMRXRYeUI5L21qTEh6ZG5uRzMvYjFXdmZ3S2F3UGdWR1BwaUcKV2Z2MU4vYnVSMUJPTmcrOHdJNVBiVG9VYVRnanpXdXB1eUlUdkw5QVlza0NRUURqUkFxeEthVU4zb2lSamp0bwpNenJlemsrMElhZHo2SldES2luS0F4NTBUeUJpV1hBeFVIeFQ0b0xXbFpKRlVmOU9UdjlHK3Z2bmNIMk11Zm0rClZraXBBa0JLQnJadU9nNEtFN0pwQ0RHSGp6dGJKcVl2MUZKbkIwZ1lJR1dvMnJFNVQxTlhoQzJ1NkxsWmlYdGEKaXdXRitsTjZuQ3RoK1ZkN2ljaXFVWTlDSEVJcEFrQnY0KzRIcjJNdDR1UUdGYXExOEpNSll6WG1qN01yNDlUSQprUmVsOThja3FGaGZVMzFqS2ljci9aZEJJcjZ6RmwzR0ppcVV2YmtNQjF3b3p0OWdrSWFSQWtCVVFoVnJqWGY4CkFqMmp1TGtlV1d0N2xjTitzY09OMlpTYjB4S1FEWEtTTm16ZzQ5MnlwTk1oUUUzbzI1Z3NDNExwRjNTc2FMaFYKUW95anZkczJ2TU9NCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K | |
user.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI3RENDQVZVQ0FnUG9NQTBHQ1NxR1NJYjNEUUVCQlFVQU1ENHhDekFKQmdOVkJBWVRBbFZUTVJZd0ZBWUQKVlFRS0RBMURhWE5qYnlCVGVYTjBaVzF6TVJjd0ZRWURWUVFEREE1VmMyVnlJRzl3Wlc1emFHbG1kREFlRncweApPREF6TURVeE9UTTNNelphRncweU9EQXpNRE13TnpNM016WmFNRDR4Q3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEClZRUUtEQTFEYVhOamJ5QlRlWE4wWlcxek1SY3dGUVlEVlFRRERBNVZjMlZ5SUc5d1pXNXphR2xtZERDQm56QU4KQmdrcWhraUc5dzBCQVFFRkFBT0JqUUF3Z1lrQ2dZRUEyRDQ5andqZHd4bGpJN3hJQWNjQ25xaldqc3JHWk5UYQpibHFDRXVmVytKQ0JCMG5EZ1dwVnRRU2ZMNk8wZDBiR0djRDNoYnB2K2h1WHpPZU96cGZWZ2VLVHJubkR3MTJoCnh5UXNXaFZaWXBMS2VlMFVIM1pMdEZqR3lzR0VFbWlNbzRaeGNDUnhZQmZBb1MwWk1hcnFvREFZcVZvUU1TNzAKamxWODE3clB2ckVDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQTdZaGtBSGlXN29rckFmRXk2RGg1bQpLamtGYUZyKzh5OE4yREEzWmJrSGZJL3BOWFlDbVRLM3R4RW1YdjFEeTNLNzNJOW8vMEIwQ0RrUkJHUC9hY3lECmNDZkFzc04yd0ZlY0FWUzZaZmdMbUt2OVJFY0hmOTVqdkJRRjVSREp6djY2OWJNZ1ZxbklKb0xIczd3ODRIdWkKVVoyY0JsaHhqYmo2UXZjUXBvbyt5Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: aci-containers-controller | |
namespace: kube-system | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: aci-containers-host-agent | |
namespace: kube-system | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
--- | |
apiVersion: v1 | |
kind: ClusterRole | |
metadata: | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
network-plugin: aci-containers | |
name: aci-containers:controller | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
- namespaces | |
- pods | |
- endpoints | |
- services | |
verbs: | |
- list | |
- watch | |
- get | |
- apiGroups: | |
- "extensions" | |
resources: | |
- deployments | |
- replicasets | |
- networkpolicies | |
verbs: | |
- list | |
- watch | |
- get | |
- apiGroups: | |
- "" | |
resources: | |
- pods | |
- nodes | |
- services/status | |
verbs: | |
- update | |
--- | |
apiVersion: v1 | |
kind: ClusterRole | |
metadata: | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
network-plugin: aci-containers | |
name: aci-containers:host-agent | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
- pods | |
- endpoints | |
- services | |
verbs: | |
- list | |
- watch | |
- get | |
--- | |
apiVersion: v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: aci-containers:controller | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: aci-containers:controller | |
subjects: | |
- kind: ServiceAccount | |
name: aci-containers-controller | |
namespace: kube-system | |
--- | |
apiVersion: v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: aci-containers:host-agent | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: aci-containers:host-agent | |
subjects: | |
- kind: ServiceAccount | |
name: aci-containers-host-agent | |
namespace: kube-system | |
--- | |
kind: SecurityContextConstraints | |
apiVersion: v1 | |
metadata: | |
name: aci-containers-scc | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
users: | |
- system:serviceaccount:kube-system:aci-containers-controller | |
- system:serviceaccount:kube-system:aci-containers-host-agent | |
allowHostDirVolumePlugin: true | |
allowHostIPC: true | |
allowHostNetwork: true | |
allowHostPID: true | |
allowHostPorts: true | |
allowPrivilegedContainer: true | |
allowedCapabilities: | |
- '*' | |
defaultAddCapabilities: [] | |
requiredDropCapabilities: [] | |
readOnlyRootFilesystem: false | |
fsGroup: | |
type: RunAsAny | |
runAsUser: | |
type: RunAsAny | |
seLinuxContext: | |
type: RunAsAny | |
supplementalGroups: | |
type: RunAsAny | |
seccompProfiles: | |
- '*' | |
volumes: | |
- '*' | |
priority: 100 | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
name: aci-containers-host | |
namespace: kube-system | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
network-plugin: aci-containers | |
spec: | |
updateStrategy: | |
type: RollingUpdate | |
template: | |
metadata: | |
labels: | |
name: aci-containers-host | |
network-plugin: aci-containers | |
annotations: | |
scheduler.alpha.kubernetes.io/critical-pod: '' | |
spec: | |
hostNetwork: true | |
hostPID: true | |
hostIPC: true | |
serviceAccountName: aci-containers-host-agent | |
tolerations: | |
- key: CriticalAddonsOnly | |
- effect: NoSchedule | |
key: node-role.kubernetes.io/master | |
initContainers: | |
- name: cnideploy | |
image: noiro/cnideploy:1.6r15 | |
imagePullPolicy: Always | |
securityContext: | |
privileged: true | |
capabilities: | |
add: | |
- SYS_ADMIN | |
volumeMounts: | |
- name: cni-bin | |
mountPath: /mnt/cni-bin | |
containers: | |
- name: aci-containers-host | |
image: noiro/aci-containers-host:1.6r15 | |
imagePullPolicy: Always | |
securityContext: | |
privileged: true | |
capabilities: | |
add: | |
- SYS_ADMIN | |
- NET_ADMIN | |
env: | |
- name: KUBERNETES_NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
volumeMounts: | |
- name: cni-bin | |
mountPath: /mnt/cni-bin | |
- name: cni-conf | |
mountPath: /mnt/cni-conf | |
- name: hostvar | |
mountPath: /usr/local/var | |
- name: hostrun | |
mountPath: /run | |
- name: hostrun | |
mountPath: /usr/local/run | |
- name: opflex-hostconfig-volume | |
mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d | |
- name: host-config-volume | |
mountPath: /usr/local/etc/aci-containers/ | |
livenessProbe: | |
httpGet: | |
path: /status | |
port: 8090 | |
- name: opflex-agent | |
image: noiro/opflex:1.6r17 | |
imagePullPolicy: Always | |
securityContext: | |
privileged: true | |
capabilities: | |
add: | |
- NET_ADMIN | |
volumeMounts: | |
- name: hostvar | |
mountPath: /usr/local/var | |
- name: hostrun | |
mountPath: /run | |
- name: hostrun | |
mountPath: /usr/local/run | |
- name: opflex-hostconfig-volume | |
mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d | |
- name: opflex-config-volume | |
mountPath: /usr/local/etc/opflex-agent-ovs/conf.d | |
- name: mcast-daemon | |
image: noiro/opflex:1.6r17 | |
command: ["/bin/sh"] | |
args: ["/usr/local/bin/launch-mcastdaemon.sh"] | |
imagePullPolicy: Always | |
securityContext: | |
privileged: true | |
volumeMounts: | |
- name: hostvar | |
mountPath: /usr/local/var | |
- name: hostrun | |
mountPath: /run | |
- name: hostrun | |
mountPath: /usr/local/run | |
restartPolicy: Always | |
volumes: | |
- name: cni-bin | |
hostPath: | |
path: /opt | |
- name: cni-conf | |
hostPath: | |
path: /etc | |
- name: hostvar | |
hostPath: | |
path: /var | |
- name: hostrun | |
hostPath: | |
path: /run | |
- name: host-config-volume | |
configMap: | |
name: aci-containers-config | |
items: | |
- key: host-agent-config | |
path: host-agent.conf | |
- name: opflex-hostconfig-volume | |
emptyDir: | |
medium: Memory | |
- name: opflex-config-volume | |
configMap: | |
name: aci-containers-config | |
items: | |
- key: opflex-agent-config | |
path: local.conf | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
name: aci-containers-openvswitch | |
namespace: kube-system | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
network-plugin: aci-containers | |
spec: | |
updateStrategy: | |
type: RollingUpdate | |
template: | |
metadata: | |
labels: | |
name: aci-containers-openvswitch | |
network-plugin: aci-containers | |
annotations: | |
scheduler.alpha.kubernetes.io/critical-pod: '' | |
spec: | |
hostNetwork: true | |
hostPID: true | |
hostIPC: true | |
serviceAccountName: aci-containers-host-agent | |
tolerations: | |
- key: CriticalAddonsOnly | |
- effect: NoSchedule | |
key: node-role.kubernetes.io/master | |
containers: | |
- name: aci-containers-openvswitch | |
image: noiro/openvswitch:1.6r12 | |
imagePullPolicy: Always | |
securityContext: | |
privileged: true | |
capabilities: | |
add: | |
- NET_ADMIN | |
- SYS_MODULE | |
- SYS_NICE | |
- IPC_LOCK | |
env: | |
- name: OVS_RUNDIR | |
value: /usr/local/var/run/openvswitch | |
volumeMounts: | |
- name: hostvar | |
mountPath: /usr/local/var | |
- name: hostrun | |
mountPath: /run | |
- name: hostrun | |
mountPath: /usr/local/run | |
- name: hostetc | |
mountPath: /usr/local/etc | |
- name: hostmodules | |
mountPath: /lib/modules | |
livenessProbe: | |
exec: | |
command: | |
- /usr/local/bin/liveness-ovs.sh | |
restartPolicy: Always | |
volumes: | |
- name: hostetc | |
hostPath: | |
path: /etc | |
- name: hostvar | |
hostPath: | |
path: /var | |
- name: hostrun | |
hostPath: | |
path: /run | |
- name: hostmodules | |
hostPath: | |
path: /lib/modules | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: aci-containers-controller | |
namespace: kube-system | |
labels: | |
aci-containers-config-version: "ac19175f-667f-4bf7-8b2c-4e6ed07802cd" | |
network-plugin: aci-containers | |
k8s-app: aci-containers-controller | |
name: aci-containers-controller | |
spec: | |
replicas: 1 | |
strategy: | |
type: Recreate | |
template: | |
metadata: | |
name: aci-containers-controller | |
namespace: kube-system | |
labels: | |
network-plugin: aci-containers | |
k8s-app: aci-containers-controller | |
name: aci-containers-controller | |
annotations: | |
scheduler.alpha.kubernetes.io/critical-pod: '' | |
spec: | |
hostNetwork: true | |
serviceAccountName: aci-containers-controller | |
tolerations: | |
- key: CriticalAddonsOnly | |
containers: | |
- name: aci-containers-controller | |
image: noiro/aci-containers-controller:1.6r15 | |
imagePullPolicy: Always | |
volumeMounts: | |
- name: controller-config-volume | |
mountPath: /usr/local/etc/aci-containers/ | |
- name: aci-user-cert-volume | |
mountPath: /usr/local/etc/aci-cert/ | |
livenessProbe: | |
httpGet: | |
path: /status | |
port: 8091 | |
volumes: | |
- name: aci-user-cert-volume | |
secret: | |
secretName: aci-user-cert | |
- name: controller-config-volume | |
configMap: | |
name: aci-containers-config | |
items: | |
- key: controller-config | |
path: controller.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment