From 484d5d6467cd556bf8982e129f4dbce79c23cbd2 Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Sun, 22 Sep 2024 23:36:15 +0200 Subject: [PATCH] Added kube-vip --- .../kube-system/kube-vip.configmap.yaml | 7 ++ .../kube-system/kube-vip.rbac.yaml | 41 +++++++++ .../kube-system/kube-vip.yaml | 88 +++++++++++++++++++ .../kube-system/kustomization.yaml | 7 ++ 4 files changed, 143 insertions(+) create mode 100644 clusters/titan.lan.huizinga.dev/kube-system/kube-vip.configmap.yaml create mode 100644 clusters/titan.lan.huizinga.dev/kube-system/kube-vip.rbac.yaml create mode 100644 clusters/titan.lan.huizinga.dev/kube-system/kube-vip.yaml create mode 100644 clusters/titan.lan.huizinga.dev/kube-system/kustomization.yaml diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.configmap.yaml b/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.configmap.yaml new file mode 100644 index 0000000..0e82de8 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubevip + namespace: kube-system +data: + range-global: 10.0.0.210-10.0.0.220 diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.rbac.yaml b/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.rbac.yaml new file mode 100644 index 0000000..d6ecc93 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.rbac.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-vip + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:kube-vip-role +rules: + - apiGroups: [""] + resources: ["services/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["list","get","watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list","get","watch", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["list", "get", "watch", "update", "create"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["list","get","watch", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:kube-vip-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:kube-vip-role +subjects: +- kind: ServiceAccount + name: kube-vip + namespace: kube-system diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.yaml b/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.yaml new file mode 100644 index 0000000..ca30647 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: kube-vip-ds + app.kubernetes.io/version: v0.8.3 + name: kube-vip-ds + namespace: kube-system +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-vip-ds + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: kube-vip-ds + app.kubernetes.io/version: v0.8.3 + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + containers: + - args: + - manager + env: + - name: vip_arp + value: "true" + - name: port + value: "6443" + - name: vip_nodename + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: vip_interface + value: enp3s0 + - name: vip_cidr + value: "32" + - name: dns_mode + value: first + - name: cp_enable + value: "true" + - name: cp_namespace + value: kube-system + - name: svc_enable + value: "true" + - name: svc_leasename + value: plndr-svcs-lock + - name: vip_leaderelection + value: "true" + - name: vip_leasename + value: plndr-cp-lock + - name: vip_leaseduration + value: "5" + - name: vip_renewdeadline + value: "3" + - name: vip_retryperiod + value: "1" + - name: address + value: 10.0.0.200 + - name: prometheus_server + value: :2112 + image: ghcr.io/kube-vip/kube-vip:v0.8.3 + imagePullPolicy: IfNotPresent + name: kube-vip + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - NET_RAW + hostNetwork: true + serviceAccountName: kube-vip + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + updateStrategy: {} + diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kustomization.yaml b/clusters/titan.lan.huizinga.dev/kube-system/kustomization.yaml new file mode 100644 index 0000000..a29a81f --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/kube-system/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - kube-vip.rbac.yaml + - kube-vip.yaml + - https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/main/manifest/kube-vip-cloud-controller.yaml + - kube-vip.configmap.yaml