Skip to content

Upstream kube-vip from sdwilsh #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
robarnold merged 3 commits into from
Dec 29, 2023
Merged

Upstream kube-vip from sdwilsh #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fb60eb6
Upstream kube-vip from sdwilsh
robarnold Dec 28, 2023
e067c97
add tests for kube-vip
sdwilsh Dec 29, 2023
9aa2447
add kube-vip README
sdwilsh Dec 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions kustomization/components/kube-vip/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# kube-vip Component

This will deploy [kub-vip](https://kube-vip.io/). This component must run under a `privileged`
[pod security standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/).

# Example Usage

```yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

components:
- https://github.com/marinatedconcrete/config/kustomization/components/kube-vip
```
64 changes: 64 additions & 0 deletions kustomization/components/kube-vip/daemonset.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-vip-ds
spec:
selector:
matchLabels:
app.kubernetes.io/name: kube-vip-ds
template:
metadata:
labels:
app.kubernetes.io/name: kube-vip-ds
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
containers:
- args:
- manager
env:
- name: cp_enable
value: "true"
- name: cp_namespace
value: kube-vip
- name: port
value: "6443"
- name: svc_election
value: "true"
- name: svc_enable
value: "true"
- name: vip_arp
value: "true"
- name: vip_ddns
value: "false"
- name: vip_cidr
value: "32"
- name: vip_leaderelection
value: "true"
- name: vip_leaseduration
value: "5"
- name: vip_renewdeadline
value: "3"
- name: vip_retryperiod
value: "1"
image: ghcr.io/kube-vip/kube-vip
name: kube-vip
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_TIME
hostNetwork: true
serviceAccountName: kube-vip
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
10 changes: 10 additions & 0 deletions kustomization/components/kube-vip/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component

images:
- name: ghcr.io/kube-vip/kube-vip
newTag: v0.6.4
resources:
- rbac.yml
- daemonset.yml
47 changes: 47 additions & 0 deletions kustomization/components/kube-vip/rbac.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-vip
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
name: system:kube-vip-role
rules:
- apiGroups:
- ""
resources:
- endpoints
- nodes
- services
- services/status
verbs:
- list
- get
- watch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- get
- watch
- update
- create
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-vip-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-vip-role
subjects:
- kind: ServiceAccount
name: kube-vip
9 changes: 9 additions & 0 deletions kustomization/tests/kube-vip/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

components:
- ../../components/kube-vip
namespace: kube-vip-test
resources:
- namespace.yml
8 changes: 8 additions & 0 deletions kustomization/tests/kube-vip/namespace.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/enforce-version: latest
name: kube-vip-test