x/stackube
Code Issues Proposed changes
1394c0b10c
stackube/deployment/stackube-proxy.yaml
Pengfei Ni a225041bf4 Mount netns as shared. 
Since mount propagation is not supported in kubernetes API yet, we need
to set it as shared.

Also adds hostIPC for stackube-proxy.

Change-Id: Ie31761a12f169d9afde52e56b7068adaa8f2a127
Closes-Bug: 1710830
Signed-off-by: Pengfei Ni <feiskyer@gmail.com>
2017-08-15 16:56:22 +08:00

168 lines
4.9 KiB
YAML
Raw Blame History

# Copyright (c) 2017 OpenStack Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This manifest deploys stackube-proxy container in hostnetwork
# on each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: stackube-proxy
namespace: kube-system
labels:
component: stackube-proxy
k8s-app: stackube-proxy
kubernetes.io/cluster-service: "true"
name: stackube-proxy
spec:
selector:
matchLabels:
component: stackube-proxy
k8s-app: stackube-proxy
kubernetes.io/cluster-service: "true"
name: stackube-proxy
template:
metadata:
labels:
component: stackube-proxy
k8s-app: stackube-proxy
kubernetes.io/cluster-service: "true"
name: stackube-proxy
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: |
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" },
{"key":"CriticalAddonsOnly", "operator":"Exists"}]
spec:
hostNetwork: true
hostPID: true
hostIPC: true
serviceAccountName: stackube-proxy
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
containers:
- name: stackube-proxy
resources: {}
image: stackube/stackube-proxy:v0.1
securityContext:
privileged: true
command: ["/start.sh"]
env:
# The endpoint of openstack authentication.
- name: AUTH_URL
valueFrom:
configMapKeyRef:
name: stackube-config
key: auth-url
# The username for openstack authentication.
- name: USERNAME
valueFrom:
configMapKeyRef:
name: stackube-config
key: username
# The password for openstack authentication.
- name: PASSWORD
valueFrom:
configMapKeyRef:
name: stackube-config
key: password
# The tenant name for openstack authentication.
- name: TENANT_NAME
valueFrom:
configMapKeyRef:
name: stackube-config
key: tenant-name
# The region for openstack authentication.
- name: REGION
valueFrom:
configMapKeyRef:
name: stackube-config
key: region
# The id of openstack external network.
- name: EXT_NET_ID
valueFrom:
configMapKeyRef:
name: stackube-config
key: ext-net-id
# The kubernetes service host.
- name: KUBERNETES_SERVICE_HOST
valueFrom:
configMapKeyRef:
name: stackube-config
key: kubernetes-host
# The kubernetes service port.
- name: KUBERNETES_SERVICE_PORT
valueFrom:
configMapKeyRef:
name: stackube-config
key: kubernetes-port
volumeMounts:
# mount as shared because mount propagation is not supported
# in kubernetes api yet.
- mountPath: /var/run/netns:shared
name: netns
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /etc/pki
name: pki
volumes:
# Used to operate host netns.
- name: netns
hostPath:
path: /var/run/netns
# Used to verify the keystone server.
- name: certs
hostPath:
path: /etc/ssl/certs
- name: pki
hostPath:
path: /etc/pki
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: stackube-proxy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: stackube-proxy
subjects:
- kind: ServiceAccount
name: stackube-proxy
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: stackube-proxy
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: stackube-proxy
namespace: kube-system
View Git Blame Copy Permalink