Skip to content

Instantly share code, notes, and snippets.

@farcaller

farcaller/kube-router.jsonnet

Created May 23, 2023 10:17
Show Gist options
  • Save farcaller/4ddbc7b8c1cd2db3122842f7ac9cf1e6 to your computer and use it in GitHub Desktop.
Save farcaller/4ddbc7b8c1cd2db3122842f7ac9cf1e6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kube-router.jsonnet
// v1.5.4 via https://github.com/cloudnativelabs/kube-router/blob/v1.5.4/daemonset/generic-kuberouter-only-advertise-routes.yaml
[
{
apiVersion: 'apps/v1',
kind: 'DaemonSet',
metadata: {
labels: {
'k8s-app': 'kube-router',
tier: 'node',
},
name: 'kube-router',
namespace: 'kube-system',
},
spec: {
selector: {
matchLabels: {
'k8s-app': 'kube-router',
tier: 'node',
},
},
template: {
metadata: {
labels: {
'k8s-app': 'kube-router',
tier: 'node',
},
},
spec: {
priorityClassName: 'system-node-critical',
serviceAccountName: 'kube-router',
containers: [
{
name: 'kube-router',
image: 'docker.io/cloudnativelabs/kube-router',
imagePullPolicy: 'Always',
args: [
'--run-router=true',
'--run-firewall=false',
'--run-service-proxy=false',
'--bgp-graceful-restart=true',
'--enable-cni=false',
'--enable-pod-egress=false',
'--enable-ibgp=true',
'--enable-overlay=true',
'--peer-router-ips=' + std.extVar('peer_router_ips'),
'--peer-router-asns=' + std.extVar('peer_router_asns'),
'--cluster-asn=' + std.extVar('cluster_asn'),
'--advertise-cluster-ip=true',
'--advertise-external-ip=true',
'--advertise-loadbalancer-ip=true',
'--metrics-port=8080',
],
env: [
{
name: 'NODE_NAME',
valueFrom: {
fieldRef: {
fieldPath: 'spec.nodeName',
},
},
},
],
livenessProbe: {
httpGet: {
path: '/healthz',
port: 20244,
},
initialDelaySeconds: 10,
periodSeconds: 3,
},
resources: {
requests: {
cpu: '250m',
memory: '250Mi',
},
},
securityContext: {
privileged: true,
},
volumeMounts: [
{
name: 'xtables-lock',
mountPath: '/run/xtables.lock',
readOnly: false,
},
],
},
],
hostNetwork: true,
tolerations: [
{
effect: 'NoSchedule',
operator: 'Exists',
},
{
key: 'CriticalAddonsOnly',
operator: 'Exists',
},
{
effect: 'NoExecute',
operator: 'Exists',
},
],
volumes: [
{
name: 'xtables-lock',
hostPath: {
path: '/run/xtables.lock',
type: 'FileOrCreate',
},
},
],
},
},
},
},
{
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
name: 'kube-router',
namespace: 'kube-system',
},
},
{
kind: 'ClusterRole',
apiVersion: 'rbac.authorization.k8s.io/v1',
metadata: {
name: 'kube-router',
namespace: 'kube-system',
},
rules: [
{
apiGroups: [
'',
],
resources: [
'namespaces',
'pods',
'services',
'nodes',
'endpoints',
],
verbs: [
'list',
'get',
'watch',
],
},
{
apiGroups: [
'networking.k8s.io',
],
resources: [
'networkpolicies',
],
verbs: [
'list',
'get',
'watch',
],
},
{
apiGroups: [
'extensions',
],
resources: [
'networkpolicies',
],
verbs: [
'get',
'list',
'watch',
],
},
],
},
{
kind: 'ClusterRoleBinding',
apiVersion: 'rbac.authorization.k8s.io/v1',
metadata: {
name: 'kube-router',
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'kube-router',
},
subjects: [
{
kind: 'ServiceAccount',
name: 'kube-router',
namespace: 'kube-system',
},
],
},
{
apiVersion: 'v1',
kind: 'Service',
metadata: {
labels: {
'k8s-app': 'kube-router',
},
name: 'kube-router-metrics',
},
spec: {
ports: [
{
name: 'http-metrics',
port: 8080,
protocol: 'TCP',
targetPort: 8080,
},
],
selector: {
'k8s-app': 'kube-router',
},
},
},
{
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kube-router',
},
spec: {
endpoints: [
{
honorLabels: true,
interval: '30s',
path: '/metrics',
port: 'http-metrics',
},
],
namespaceSelector: {
matchNames: [
'kube-system',
],
},
selector: {
matchLabels: {
'k8s-app': 'kube-router',
},
},
targetLabels: [
'k8s-app',
],
},
},
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment