// v1.5.4 via https://github.com/cloudnativelabs/kube-router/blob/v1.5.4/daemonset/generic-kuberouter-only-advertise-routes.yaml [ { apiVersion: 'apps/v1', kind: 'DaemonSet', metadata: { labels: { 'k8s-app': 'kube-router', tier: 'node', }, name: 'kube-router', namespace: 'kube-system', }, spec: { selector: { matchLabels: { 'k8s-app': 'kube-router', tier: 'node', }, }, template: { metadata: { labels: { 'k8s-app': 'kube-router', tier: 'node', }, }, spec: { priorityClassName: 'system-node-critical', serviceAccountName: 'kube-router', containers: [ { name: 'kube-router', image: 'docker.io/cloudnativelabs/kube-router', imagePullPolicy: 'Always', args: [ '--run-router=true', '--run-firewall=false', '--run-service-proxy=false', '--bgp-graceful-restart=true', '--enable-cni=false', '--enable-pod-egress=false', '--enable-ibgp=true', '--enable-overlay=true', '--peer-router-ips=' + std.extVar('peer_router_ips'), '--peer-router-asns=' + std.extVar('peer_router_asns'), '--cluster-asn=' + std.extVar('cluster_asn'), '--advertise-cluster-ip=true', '--advertise-external-ip=true', '--advertise-loadbalancer-ip=true', '--metrics-port=8080', ], env: [ { name: 'NODE_NAME', valueFrom: { fieldRef: { fieldPath: 'spec.nodeName', }, }, }, ], livenessProbe: { httpGet: { path: '/healthz', port: 20244, }, initialDelaySeconds: 10, periodSeconds: 3, }, resources: { requests: { cpu: '250m', memory: '250Mi', }, }, securityContext: { privileged: true, }, volumeMounts: [ { name: 'xtables-lock', mountPath: '/run/xtables.lock', readOnly: false, }, ], }, ], hostNetwork: true, tolerations: [ { effect: 'NoSchedule', operator: 'Exists', }, { key: 'CriticalAddonsOnly', operator: 'Exists', }, { effect: 'NoExecute', operator: 'Exists', }, ], volumes: [ { name: 'xtables-lock', hostPath: { path: '/run/xtables.lock', type: 'FileOrCreate', }, }, ], }, }, }, }, { apiVersion: 'v1', kind: 'ServiceAccount', metadata: { name: 'kube-router', namespace: 'kube-system', }, }, { kind: 'ClusterRole', apiVersion: 'rbac.authorization.k8s.io/v1', metadata: { name: 'kube-router', namespace: 'kube-system', }, rules: [ { apiGroups: [ '', ], resources: [ 'namespaces', 'pods', 'services', 'nodes', 'endpoints', ], verbs: [ 'list', 'get', 'watch', ], }, { apiGroups: [ 'networking.k8s.io', ], resources: [ 'networkpolicies', ], verbs: [ 'list', 'get', 'watch', ], }, { apiGroups: [ 'extensions', ], resources: [ 'networkpolicies', ], verbs: [ 'get', 'list', 'watch', ], }, ], }, { kind: 'ClusterRoleBinding', apiVersion: 'rbac.authorization.k8s.io/v1', metadata: { name: 'kube-router', }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', name: 'kube-router', }, subjects: [ { kind: 'ServiceAccount', name: 'kube-router', namespace: 'kube-system', }, ], }, { apiVersion: 'v1', kind: 'Service', metadata: { labels: { 'k8s-app': 'kube-router', }, name: 'kube-router-metrics', }, spec: { ports: [ { name: 'http-metrics', port: 8080, protocol: 'TCP', targetPort: 8080, }, ], selector: { 'k8s-app': 'kube-router', }, }, }, { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata: { name: 'kube-router', }, spec: { endpoints: [ { honorLabels: true, interval: '30s', path: '/metrics', port: 'http-metrics', }, ], namespaceSelector: { matchNames: [ 'kube-system', ], }, selector: { matchLabels: { 'k8s-app': 'kube-router', }, }, targetLabels: [ 'k8s-app', ], }, }, ]