github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-07 20:21:20 +00:00
Code Issues Projects Releases Wiki Activity

Add RBAC, healthchecks, autoscaler and update Calico to v2.5.0, Typha to 0.4.0

Browse Source
This commit is contained in:
Gunjan Patel
2017-08-23 18:15:18 -07:00
committed by gunjan5
parent 0d17e9deb7
commit 05661b68eb
21 changed files with 402 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/addons/calico-policy-controller/README.md
View File

@@ -9,6 +9,6 @@ Calico is an implementation of the Kubernetes network policy API. The provided
### Learn More
Learn more about Calico at http://docs.projectcalico.org
Learn more about Calico at https://docs.projectcalico.org
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/calico-policy-controller/README.md?pixel)]()

67
cluster/addons/calico-policy-controller/calico-clusterrole.yaml Normal file
View File

@@ -0,0 +1,67 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups: [""]
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- endpoints
verbs:
- get
- apiGroups: [""]
resources:
- services
verbs:
- get
- apiGroups: [""]
resources:
- pods/status
verbs:
- update
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- nodes
verbs:
- get
- list
- update
- watch
- apiGroups: ["extensions"]
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups: ["crd.projectcalico.org"]
resources:
- globalfelixconfigs
- globalbgpconfigs
- ippools
- globalnetworkpolicies
verbs:
- create
- get
- list
- update
- patch
- delete
- watch

15
cluster/addons/calico-policy-controller/calico-clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: calico
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico
subjects:
- kind: ServiceAccount
name: calico
namespace: kube-system

14
cluster/addons/calico-policy-controller/calico-cpva-clusterrole.yaml Normal file
View File

@@ -0,0 +1,14 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-cpva
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
- apiGroups: ["apps", "extensions"]
resources: ["deployments", "daemonsets"]
verbs: ["patch"]

15
cluster/addons/calico-policy-controller/calico-cpva-clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,15 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-cpva
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
subjects:
- kind: ServiceAccount
name: calico-cpva
namespace: kube-system
roleRef:
kind: ClusterRole
name: calico-cpva
apiGroup: rbac.authorization.k8s.io

8
cluster/addons/calico-policy-controller/calico-cpva-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,8 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: calico-cpva
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile

24
cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
View File

@@ -23,12 +23,13 @@ spec:
nodeSelector:
projectcalico.org/ds-ready: "true"
hostNetwork: true
serviceAccountName: calico
containers:
# Runs calico/node container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: calico-node
image: calico/node:v1.3.0
image: calico/node:v2.5.1
env:
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
@@ -46,6 +47,8 @@ spec:
value: "none"
- name: FELIX_PROMETHEUSMETRICSENABLED
value: "true"
- name: FELIX_HEALTHENABLED
value: "true"
- name: IP
value: ""
- name: NO_DEFAULT_POOLS
@@ -58,9 +61,18 @@ spec:
value: "true"
securityContext:
privileged: true
resources:
requests:
cpu: __CALICO_NODE_CPU__
livenessProbe:
httpGet:
path: /liveness
port: 9099
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /readiness
port: 9099
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
@@ -71,7 +83,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: calico/cni:v1.9.1
image: calico/cni:v1.10.0
command: ["/install-cni.sh"]
env:
- name: CNI_CONF_NAME
@@ -103,7 +115,7 @@ spec:
{
"type": "portmap",
"capabilities": {"portMappings": true},
"snat": false
"snat": true
}
]
}

22
cluster/addons/calico-policy-controller/calico-node-vertical-autoscaler-configmap.yaml Normal file
View File

@@ -0,0 +1,22 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: calico-node-vertical-autoscaler
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
data:
node-autoscaler: |-
{
"calico-node": {
"requests": {
"cpu": {
"base": "80m",
"step": "20m",
"nodesPerStep": 10,
"max": "500m"
}
}
}
}

37
cluster/addons/calico-policy-controller/calico-node-vertical-autoscaler-deployment.yaml Normal file
View File

@@ -0,0 +1,37 @@
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: calico-node-vertical-autoscaler
namespace: kube-system
labels:
k8s-app: calico-node-autoscaler
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: calico-node-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
containers:
- image: gcr.io/google_containers/cpvpa-amd64:v0.6.0
name: autoscaler
command:
- /cpvpa
- --target=daemonset/calico-node
- --namespace=kube-system
- --logtostderr=true
- --poll-period-seconds=30
- --v=2
- --config-file=/etc/config/node-autoscaler
volumeMounts:
- name: config
mountPath: /etc/config
volumes:
- name: config
configMap:
name: calico-node-vertical-autoscaler
serviceAccountName: calico-cpva

8
cluster/addons/calico-policy-controller/calico-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile

16
cluster/addons/calico-policy-controller/globalbgpconfig-crd.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: apiextensions.k8s.io/v1beta1
description: Calico Global BGP Configuration
kind: CustomResourceDefinition
metadata:
name: globalbgpconfigs.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalBGPConfig
plural: globalbgpconfigs
singular: globalbgpconfig

16
cluster/addons/calico-policy-controller/globalfelixconfig-crd.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: apiextensions.k8s.io/v1beta1
description: Calico Global Felix Configuration
kind: CustomResourceDefinition
metadata:
name: globalfelixconfigs.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalFelixConfig
plural: globalfelixconfigs
singular: globalfelixconfig

16
cluster/addons/calico-policy-controller/globalnetworkpolicy-crd.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: apiextensions.k8s.io/v1beta1
description: Calico Global Network Policies
kind: CustomResourceDefinition
metadata:
name: globalnetworkpolicies.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkPolicy
plural: globalnetworkpolicies
singular: globalnetworkpolicy

16
cluster/addons/calico-policy-controller/ippool-crd.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: apiextensions.k8s.io/v1beta1
description: Calico IP Pools
kind: CustomResourceDefinition
metadata:
name: ippools.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPPool
plural: ippools
singular: ippool

20
cluster/addons/calico-policy-controller/typha-deployment.yaml
View File

@@ -8,7 +8,6 @@ metadata:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: calico-typha
spec:
replicas: __CALICO_TYPHA_REPLICAS__
revisionHistoryLimit: 2
template:
metadata:
@@ -21,8 +20,9 @@ spec:
- key: CriticalAddonsOnly
operator: Exists
hostNetwork: true
serviceAccountName: calico
containers:
- image: calico/typha:v0.2.3
- image: calico/typha:v0.4.1
name: calico-typha
ports:
- containerPort: 5473
@@ -45,13 +45,23 @@ spec:
value: "kubernetes"
- name: TYPHA_MAXCONNECTIONSLOWERLIMIT
value: "1"
- name: TYPHA_HEALTHENABLED
value: "true"
volumeMounts:
- mountPath: /etc/calico
name: etc-calico
readOnly: true
resources:
requests:
cpu: __CALICO_TYPHA_CPU__
livenessProbe:
httpGet:
path: /liveness
port: 9098
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
periodSeconds: 10
volumes:
- name: etc-calico
hostPath:

24
cluster/addons/calico-policy-controller/typha-horizontal-autoscaler-configmap.yaml Normal file
View File

@@ -0,0 +1,24 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: calico-typha-horizontal-autoscaler
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
data:
ladder: |-
{
"coresToReplicas": [],
"nodesToReplicas":
[
[1, 1],
[10, 2],
[100, 3],
[250, 4],
[500, 5],
[1000, 6],
[1500, 7],
[2000, 8]
]
}

33
cluster/addons/calico-policy-controller/typha-horizontal-autoscaler-deployment.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: calico-typha-horizontal-autoscaler
namespace: kube-system
labels:
k8s-app: calico-typha-autoscaler
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: calico-typha-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
containers:
- image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.2
name: autoscaler
command:
- /cluster-proportional-autoscaler
- --namespace=kube-system
- --configmap=calico-typha-horizontal-autoscaler
- --target=deployment/calico-typha
- --logtostderr=true
- --v=2
resources:
requests:
cpu: 10m
limits:
cpu: 10m

22
cluster/addons/calico-policy-controller/typha-vertical-autoscaler-configmap.yaml Normal file
View File

@@ -0,0 +1,22 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: calico-typha-vertical-autoscaler
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
data:
typha-autoscaler: |-
{
"calico-typha": {
"requests": {
"cpu": {
"base": "120m",
"step": "80m",
"nodesPerStep": 10,
"max": "1000m"
}
}
}
}

37
cluster/addons/calico-policy-controller/typha-vertical-autoscaler-deployment.yaml Normal file
View File

@@ -0,0 +1,37 @@
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: calico-typha-vertical-autoscaler
namespace: kube-system
labels:
k8s-app: calico-typha-autoscaler
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: calico-typha-autoscaler
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
containers:
- image: gcr.io/google_containers/cpvpa-amd64:v0.6.0
name: autoscaler
command:
- /cpvpa
- --target=deployment/calico-typha
- --namespace=kube-system
- --logtostderr=true
- --poll-period-seconds=30
- --v=2
- --config-file=/etc/config/typha-autoscaler
volumeMounts:
- name: config
mountPath: /etc/config
volumes:
- name: config
configMap:
name: calico-typha-vertical-autoscaler
serviceAccountName: calico-cpva