-
Notifications
You must be signed in to change notification settings - Fork 5
/
kube-cni.yaml
155 lines (154 loc) · 3.74 KB
/
kube-cni.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cni-terway
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cni-terway
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cni-terway
subjects:
- kind: ServiceAccount
name: cni-terway
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cni-terway
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-cni-terway-cfg
namespace: kube-system
labels:
tier: node
app: cni-terway
data:
cni-conf.json: |
{
"name": "mycninet",
"cniVersion": "0.3.1",
"type": "cni-terway",
"server_socket": "/var/run/cniserver.sock",
"delegate": {
"cniVersion": "0.3.1",
"name": "mycninet",
"type": "bridge",
"bridge": "mybr0",
"isGateway": false,
"ipam": {
"type": "dhcp"
}
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-cni-terway-ds
namespace: kube-system
labels:
tier: node
app: cni-terway
spec:
selector:
matchLabels:
app: cni-terway
template:
metadata:
labels:
tier: node
app: cni-terway
spec:
serviceAccountName: cni-terway
hostNetwork: true
hostPID: true
tolerations:
- operator: Exists
effect: NoSchedule
initContainers:
- name: cp-cni-config
image: registry.cn-hangzhou.aliyuncs.com/generals-kuber/cni-terway:0.0.23
command:
- cp
args:
- -f
- /etc/kube-cni-terway/cni-conf.json
- /etc/cni/net.d/10-cni-terway.conf
## 挂载源目录和目标目录, 拷贝配置文件.
volumeMounts:
- name: cni-terway-cfg
mountPath: /etc/kube-cni-terway/
- name: cni-config-dir
mountPath: /etc/cni/net.d
- name: cp-cni-bin
image: registry.cn-hangzhou.aliyuncs.com/generals-kuber/cni-terway:0.0.23
command:
- cp
args:
- -f
- /cni-terway
- /opt/cni/bin/cni-terway
## 挂载源目录和目标目录, 拷贝cni-terway可执行文件.
volumeMounts:
- name: cni-bin
mountPath: /opt/cni/bin
containers:
- name: kube-cni-terway
image: registry.cn-hangzhou.aliyuncs.com/generals-kuber/cni-terway:0.0.23
command:
- /terway
## args:
## - --bridge
## - mybr0
## - --iface
## - ens33
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "SYS_PTRACE", "SYS_ADMIN"]
volumeMounts:
- name: dhcp-sock
mountPath: /run/cni/
- name: cni-bin
mountPath: /opt/cni/bin
- name: cni-config-dir
mountPath: /etc/cni/net.d
volumes:
- name: dhcp-sock
## 挂载dhcp目录, 存放dhcp.sock文件
hostPath:
path: /run/cni/
- name: cni-config-dir
hostPath:
path: /etc/cni/net.d
- name: cni-bin
hostPath:
path: /opt/cni/bin
- name: cni-terway-cfg
## 这个volume由init container挂载, 用于拷贝其中的配置文件
configMap:
name: kube-cni-terway-cfg