Skip to content

Instantly share code, notes, and snippets.

@rmb938
Created June 25, 2017 00:48
Show Gist options
  • Save rmb938/d2f8a0d6c3bb9bccd30bd11e9c3fb867 to your computer and use it in GitHub Desktop.
Save rmb938/d2f8a0d6c3bb9bccd30bd11e9c3fb867 to your computer and use it in GitHub Desktop.
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kube-router
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-router
subjects:
- kind: ServiceAccount
name: kube-router
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kube-router
namespace: kube-system
rules:
- apiGroups: [""]
resources:
- pods
- nodes
- networkpolicies
- namespaces
- endpoints
- services
verbs:
- get
- list
- watch
- apiGroups: ["extensions"]
resources:
- networkpolicies
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-router
namespace: kube-system
---
apiVersion: v1
data:
kubeconfig.conf: |
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: https://192.168.23.100:6443
name: default
contexts:
- context:
cluster: default
namespace: default
user: default
name: default
current-context: default
users:
- name: default
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
kind: ConfigMap
metadata:
creationTimestamp: 2017-06-24T14:54:25Z
labels:
app: kube-router
name: kube-router
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-router
namespace: kube-system
labels:
app: kube-router
spec:
template:
metadata:
labels:
name: kube-router
spec:
hostNetwork: true
serviceAccountName: kube-router
containers:
- name: kube-router
image: cloudnativelabs/kube-router
args:
- "--run-router=true"
- "--run-firewall=false"
- "--run-service-proxy=true"
- "--advertise-cluster-ip=true"
- "--cluster-asn=64512"
- "--cluster-cidr=10.20.0.0/16"
- "--peer-router=192.168.23.254"
- "--peer-asn=65534"
- "--kubeconfig=/var/lib/kube-router/kubeconfig.conf"
securityContext:
privileged: true
imagePullPolicy: Always
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /etc/cni/net.d/10-kuberouter.conf
name: cni-conf-dir
- mountPath: /var/lib/kube-router
name: kubeconfig
volumes:
- name: lib-modules
hostPath:
path: /lib/modules
- name: cni-conf-dir
hostPath:
path: /etc/cni/net.d/10-kuberouter.conf
- name: kubeconfig
configMap:
name: kube-router
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment