🌱 Add daemonset

Signed-off-by: mudler <mudler@c3os.io>
2025-09-06 11:20:23 +00:00 · 2022-12-28 19:02:29 +01:00
parent ca06cf47e4
commit 737bae9d77
17 changed files with 685 additions and 1 deletions
--- a/controllers/daemonset.go
+++ b/controllers/daemonset.go
@@ -0,0 +1,87 @@
+package controllers
+
+import (
+	entanglev1alpha1 "github.com/kairos-io/entangle/api/v1alpha1"
+	appsv1 "k8s.io/api/apps/v1"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+func genDaemonsetOwner(ent entanglev1alpha1.VPN) []metav1.OwnerReference {
+	return []metav1.OwnerReference{
+		*metav1.NewControllerRef(&ent.ObjectMeta, schema.GroupVersionKind{
+			Group:   entanglev1alpha1.GroupVersion.Group,
+			Version: entanglev1alpha1.GroupVersion.Version,
+			Kind:    "VPN",
+		}),
+	}
+}
+
+func (r *VPNReconciler) genDaemonset(ent entanglev1alpha1.VPN) (*appsv1.DaemonSet, error) {
+	objMeta := metav1.ObjectMeta{
+		Name:            ent.Name,
+		Namespace:       ent.Namespace,
+		OwnerReferences: genDaemonsetOwner(ent),
+	}
+
+	privileged := true
+	serviceAccount := false
+
+	v := ent.Spec.Env
+	v = append(v, v1.EnvVar{
+		Name: "EDGEVPNTOKEN",
+		ValueFrom: &v1.EnvVarSource{
+			SecretKeyRef: &v1.SecretKeySelector{
+				Key: "network_token",
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: *ent.Spec.SecretRef,
+				},
+			},
+		},
+	})
+
+	expose := v1.Container{
+		SecurityContext: &v1.SecurityContext{
+			Privileged: &privileged,
+			Capabilities: &v1.Capabilities{
+				Add: []v1.Capability{"NET_ADMIN"},
+			},
+		},
+		ImagePullPolicy: v1.PullAlways,
+		Name:            "vpn",
+		Image:           r.EntangleServiceImage,
+		Env:             v,
+		Command:         []string{"/usr/bin/edgevpn"},
+		VolumeMounts:    []v1.VolumeMount{v1.VolumeMount{Name: "dev-net-tun", MountPath: "/dev/net/tun"}},
+	}
+
+	pod := v1.PodSpec{
+		Containers:                   []v1.Container{expose},
+		AutomountServiceAccountToken: &serviceAccount,
+		HostNetwork:                  true,
+		Volumes:                      []v1.Volume{v1.Volume{Name: "dev-net-tun", VolumeSource: v1.VolumeSource{HostPath: &v1.HostPathVolumeSource{Path: "/dev/net/tun"}}}},
+	}
+
+	deploymentLabels := getnDaemonsetLabel(ent.Name)
+
+	return &appsv1.DaemonSet{
+		ObjectMeta: objMeta,
+
+		Spec: appsv1.DaemonSetSpec{
+			Selector: &metav1.LabelSelector{MatchLabels: deploymentLabels},
+			Template: v1.PodTemplateSpec{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: deploymentLabels,
+				},
+				Spec: pod,
+			},
+		},
+	}, nil
+}
+
+func getnDaemonsetLabel(s string) map[string]string {
+	return map[string]string{
+		"vpn.kairos.io": s,
+	}
+}