Appendix A - CNI Operator Manifests
cluster-network-03-mysdn-namespace.yml
1
apiVersion: v1
2
kind: Namespace
3
metadata:
4
name: mysdn-operator
5
annotations:
6
openshift.io/node-selector: ""
7
labels:
8
name: mysdn-operator
9
openshift.io/run-level: "0"
Copied!
cluster-network-04-mysdn-CRD.yml
1
apiVersion: apiextensions.k8s.io/v1beta1
2
kind: CustomResourceDefinition
3
metadata:
4
name: installations.operator.mysdn.io
5
spec:
6
group: operator.mysdn.io
7
names:
8
kind: Installation
9
listKind: InstallationList
10
plural: installations
11
singular: installation
12
scope: Cluster
13
subresources:
14
status: {}
15
validation:
16
openAPIV3Schema:
17
properties:
18
apiVersion:
19
description: 'APIVersion defines the versioned schema of this representation
20
of an object. Servers should convert recognized schemas to the latest
21
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
22
type: string
23
kind:
24
description: 'Kind is a string value representing the REST resource this
25
object represents. Servers may infer this from the endpoint the client
26
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
27
type: string
28
metadata:
29
type: object
30
spec:
31
type: object
32
status:
33
type: object
34
version: v1
35
versions:
36
- name: v1
37
served: true
38
storage: true
Copied!
Cluster-network-05-mysdn-deployment.yml
1
apiVersion: apps/v1
2
kind: Deployment
3
metadata:
4
name: mysdn-operator
5
namespace: mysdn-operator
6
spec:
7
replicas: 1
8
selector:
9
matchLabels:
10
name: mysdn-operator
11
template:
12
metadata:
13
labels:
14
name: mysdn-operator
15
spec:
16
tolerations:
17
- effect: NoExecute
18
operator: Exists
19
- effect: NoSchedule
20
operator: Exists
21
serviceAccountName: mysdn-operator
22
hostNetwork: true
23
initContainers:
24
- name: configure-security-groups
25
image: quay.io/mysdn/operator-init:master
26
env:
27
- name: KUBELET_KUBECONFIG
28
value: /etc/kubernetes/kubeconfig
29
volumeMounts:
30
- mountPath: /etc/kubernetes/kubeconfig
31
name: host-kubeconfig
32
readOnly: true
33
containers:
34
- name: mysdn-operator
35
image: quay.io/mysdn/operator:de99f8f
36
command:
37
- operator
38
- --url-only-kubeconfig=/etc/kubernetes/kubeconfig
39
imagePullPolicy: Always
40
volumeMounts:
41
- mountPath: /etc/kubernetes/kubeconfig
42
name: host-kubeconfig
43
readOnly: true
44
env:
45
- name: WATCH_NAMESPACE
46
valueFrom:
47
fieldRef:
48
fieldPath: metadata.namespace
49
- name: OPENSHIFT
50
value: "true"
51
- name: POD_NAME
52
valueFrom:
53
fieldRef:
54
fieldPath: metadata.name
55
- name: OPERATOR_NAME
56
value: "mysdn-operator"
57
volumes:
58
- hostPath:
59
path: /etc/kubernetes/kubeconfig
60
name: host-kubeconfig
Copied!
cluster-network-06-mysdn-clusterrolebinding.yml
1
kind: ClusterRoleBinding
2
apiVersion: rbac.authorization.k8s.io/v1
3
metadata:
4
name: mysdn-operator
5
subjects:
6
- kind: ServiceAccount
7
name: mysdn-operator
8
namespace: mysdn-operator
9
roleRef:
10
kind: ClusterRole
11
name: mysdn-operator
12
apiGroup: rbac.authorization.k8s.io
Copied!
cluster-network-07-mysdn-clusterrole.yml
1
apiVersion: rbac.authorization.k8s.io/v1
2
kind: ClusterRole
3
metadata:
4
name: mysdn-operator
5
rules:
6
- apiGroups:
7
- ""
8
resources:
9
- namespaces
10
- pods
11
- services
12
- endpoints
13
- events
14
- configmaps
15
- secrets
16
- serviceaccounts
17
verbs:
18
- '*'
19
- apiGroups:
20
- rbac.authorization.k8s.io
21
resources:
22
- clusterroles
23
- clusterrolebindings
24
- rolebindings
25
verbs:
26
- '*'
27
- apiGroups:
28
- apps
29
resources:
30
- deployments
31
- daemonsets
32
verbs:
33
- '*'
34
- apiGroups:
35
- apiextensions.k8s.io
36
resources:
37
- customresourcedefinitions
38
verbs:
39
- '*'
40
- apiGroups:
41
- monitoring.coreos.com
42
resources:
43
- servicemonitors
44
verbs:
45
- get
46
- create
47
- apiGroups:
48
- apps
49
resourceNames:
50
- mysdn-operator
51
resources:
52
- deployments/finalizers
53
verbs:
54
- update
55
- apiGroups:
56
- operator.mysdn.io
57
resources:
58
- '*'
59
verbs:
60
- '*'
61
# When running mysdnSecureEnterprise, we need to manage APIServices.
62
- apiGroups:
63
- apiregistration.k8s.io
64
resources:
65
- apiservices
66
verbs:
67
- '*'
68
# When running in openshift, we need to update networking config.
69
- apiGroups:
70
- config.openshift.io
71
resources:
72
- networks/status
73
verbs:
74
- 'update'
75
- '*'
76
- apiGroups:
77
- config.openshift.io
78
resources:
79
- networks
80
verbs:
81
- 'get'
82
- '*'
83
- apiGroups:
84
- scheduling.k8s.io
85
resources:
86
- priorityclasses
87
verbs:
88
- '*'
Copied!
cluster-network-08-mysdn-serviceaccount.yml
1
apiVersion: v1
2
kind: ServiceAccount
3
metadata:
4
name: mysdn-operator
5
namespace: mysdn-operator
Copied!
cluster-network-09-mysdn-installation.yml
1
apiVersion: operator.mysdn.io/v1
2
kind: Installation
3
metadata:
4
name: default
5
spec:
6
cniBinDir: "/var/lib/cni/bin"
7
cniNetDir: "/etc/kubernetes/cni/net.d"
8
components:
9
kubeProxy:
10
required: true
11
image: quay.io/mysdn/kube-proxy:v1.13.6-nft-b9dfbb
12
node:
13
image: tmjd/node:erik-nft
Copied!
Copy link