porkadot 0.20.0 → 0.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/porkadot/assets/kubernetes.rb +2 -0
- data/lib/porkadot/assets/kubernetes/manifests/000-metallb.yaml.erb +7 -0
- data/lib/porkadot/assets/kubernetes/manifests/metallb.config.yaml.erb +13 -0
- data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb +71 -41
- data/lib/porkadot/default.yaml +1 -1
- data/lib/porkadot/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 839afa115dc53563a391b710c14ab686f6c45a5420a6d1f6c6eee21ebdb1e6cf
|
4
|
+
data.tar.gz: 8f8fbc1099bebe03b5f994050e083c385baad03536d15c14ef6ed1f412ce278c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 20194aa567e21c0e7af5caa6deb7645c617d58240c5685b0a90e477ea9331ea522618c206718b97a4218ab9d939fa6bd7b557df698703fb8c45c240dbb025e95
|
7
|
+
data.tar.gz: 3fdd45b9a6132bf0167c4e30c939aa42db77331a6007a850baa1adb67335731e639ccc9483435aecc7c3411d49094698846592a712205b5377adda17965ea930
|
@@ -27,7 +27,9 @@ module Porkadot; module Assets
|
|
27
27
|
cni = global_config.cni
|
28
28
|
render_erb 'manifests/porkadot.yaml'
|
29
29
|
render_erb 'manifests/kubelet.yaml'
|
30
|
+
render_erb "manifests/000-#{lb.type}.yaml"
|
30
31
|
render_erb "manifests/#{lb.type}.yaml"
|
32
|
+
render_erb "manifests/#{lb.type}.config.yaml"
|
31
33
|
render_secrets_erb "manifests/#{lb.type}.secrets.yaml"
|
32
34
|
render_erb "manifests/#{cni.type}.yaml"
|
33
35
|
render_erb "manifests/coredns.yaml"
|
@@ -1,11 +1,3 @@
|
|
1
|
-
<% k8s = global_config.k8s -%>
|
2
|
-
apiVersion: v1
|
3
|
-
kind: Namespace
|
4
|
-
metadata:
|
5
|
-
labels:
|
6
|
-
app: metallb
|
7
|
-
name: metallb-system
|
8
|
-
---
|
9
1
|
apiVersion: policy/v1beta1
|
10
2
|
kind: PodSecurityPolicy
|
11
3
|
metadata:
|
@@ -58,9 +50,7 @@ metadata:
|
|
58
50
|
spec:
|
59
51
|
allowPrivilegeEscalation: false
|
60
52
|
allowedCapabilities:
|
61
|
-
- NET_ADMIN
|
62
53
|
- NET_RAW
|
63
|
-
- SYS_ADMIN
|
64
54
|
allowedHostPaths: []
|
65
55
|
defaultAddCapabilities: []
|
66
56
|
defaultAllowPrivilegeEscalation: false
|
@@ -72,6 +62,8 @@ spec:
|
|
72
62
|
hostPorts:
|
73
63
|
- max: 7472
|
74
64
|
min: 7472
|
65
|
+
- max: 7946
|
66
|
+
min: 7946
|
75
67
|
privileged: true
|
76
68
|
readOnlyRootFilesystem: true
|
77
69
|
requiredDropCapabilities:
|
@@ -118,7 +110,6 @@ rules:
|
|
118
110
|
- get
|
119
111
|
- list
|
120
112
|
- watch
|
121
|
-
- update
|
122
113
|
- apiGroups:
|
123
114
|
- ''
|
124
115
|
resources:
|
@@ -158,6 +149,13 @@ rules:
|
|
158
149
|
- get
|
159
150
|
- list
|
160
151
|
- watch
|
152
|
+
- apiGroups: ["discovery.k8s.io"]
|
153
|
+
resources:
|
154
|
+
- endpointslices
|
155
|
+
verbs:
|
156
|
+
- get
|
157
|
+
- list
|
158
|
+
- watch
|
161
159
|
- apiGroups:
|
162
160
|
- ''
|
163
161
|
resources:
|
@@ -207,6 +205,37 @@ rules:
|
|
207
205
|
- list
|
208
206
|
---
|
209
207
|
apiVersion: rbac.authorization.k8s.io/v1
|
208
|
+
kind: Role
|
209
|
+
metadata:
|
210
|
+
labels:
|
211
|
+
app: metallb
|
212
|
+
name: controller
|
213
|
+
namespace: metallb-system
|
214
|
+
rules:
|
215
|
+
- apiGroups:
|
216
|
+
- ''
|
217
|
+
resources:
|
218
|
+
- secrets
|
219
|
+
verbs:
|
220
|
+
- create
|
221
|
+
- apiGroups:
|
222
|
+
- ''
|
223
|
+
resources:
|
224
|
+
- secrets
|
225
|
+
resourceNames:
|
226
|
+
- memberlist
|
227
|
+
verbs:
|
228
|
+
- list
|
229
|
+
- apiGroups:
|
230
|
+
- apps
|
231
|
+
resources:
|
232
|
+
- deployments
|
233
|
+
resourceNames:
|
234
|
+
- controller
|
235
|
+
verbs:
|
236
|
+
- get
|
237
|
+
---
|
238
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
210
239
|
kind: ClusterRoleBinding
|
211
240
|
metadata:
|
212
241
|
labels:
|
@@ -268,6 +297,21 @@ subjects:
|
|
268
297
|
- kind: ServiceAccount
|
269
298
|
name: speaker
|
270
299
|
---
|
300
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
301
|
+
kind: RoleBinding
|
302
|
+
metadata:
|
303
|
+
labels:
|
304
|
+
app: metallb
|
305
|
+
name: controller
|
306
|
+
namespace: metallb-system
|
307
|
+
roleRef:
|
308
|
+
apiGroup: rbac.authorization.k8s.io
|
309
|
+
kind: Role
|
310
|
+
name: controller
|
311
|
+
subjects:
|
312
|
+
- kind: ServiceAccount
|
313
|
+
name: controller
|
314
|
+
---
|
271
315
|
apiVersion: apps/v1
|
272
316
|
kind: DaemonSet
|
273
317
|
metadata:
|
@@ -308,47 +352,44 @@ spec:
|
|
308
352
|
fieldRef:
|
309
353
|
fieldPath: status.podIP
|
310
354
|
# needed when another software is also using memberlist / port 7946
|
355
|
+
# when changing this default you also need to update the container ports definition
|
356
|
+
# and the PodSecurityPolicy hostPorts definition
|
311
357
|
#- name: METALLB_ML_BIND_PORT
|
312
358
|
# value: "7946"
|
313
359
|
- name: METALLB_ML_LABELS
|
314
360
|
value: "app=metallb,component=speaker"
|
315
|
-
- name: METALLB_ML_NAMESPACE
|
316
|
-
valueFrom:
|
317
|
-
fieldRef:
|
318
|
-
fieldPath: metadata.namespace
|
319
361
|
- name: METALLB_ML_SECRET_KEY
|
320
362
|
valueFrom:
|
321
363
|
secretKeyRef:
|
322
364
|
name: memberlist
|
323
365
|
key: secretkey
|
324
|
-
image: metallb/speaker:v0.
|
325
|
-
imagePullPolicy: Always
|
366
|
+
image: quay.io/metallb/speaker:v0.10.2
|
326
367
|
name: speaker
|
327
368
|
ports:
|
328
369
|
- containerPort: 7472
|
329
370
|
name: monitoring
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
|
371
|
+
- containerPort: 7946
|
372
|
+
name: memberlist-tcp
|
373
|
+
- containerPort: 7946
|
374
|
+
name: memberlist-udp
|
375
|
+
protocol: UDP
|
334
376
|
securityContext:
|
335
377
|
allowPrivilegeEscalation: false
|
336
378
|
capabilities:
|
337
379
|
add:
|
338
|
-
- NET_ADMIN
|
339
380
|
- NET_RAW
|
340
|
-
- SYS_ADMIN
|
341
381
|
drop:
|
342
382
|
- ALL
|
343
383
|
readOnlyRootFilesystem: true
|
344
384
|
hostNetwork: true
|
345
385
|
nodeSelector:
|
346
|
-
|
386
|
+
kubernetes.io/os: linux
|
347
387
|
serviceAccountName: speaker
|
348
388
|
terminationGracePeriodSeconds: 2
|
349
389
|
tolerations:
|
350
390
|
- effect: NoSchedule
|
351
391
|
key: node-role.kubernetes.io/master
|
392
|
+
operator: Exists
|
352
393
|
---
|
353
394
|
apiVersion: apps/v1
|
354
395
|
kind: Deployment
|
@@ -377,16 +418,16 @@ spec:
|
|
377
418
|
- args:
|
378
419
|
- --port=7472
|
379
420
|
- --config=config
|
380
|
-
|
381
|
-
|
421
|
+
env:
|
422
|
+
- name: METALLB_ML_SECRET_NAME
|
423
|
+
value: memberlist
|
424
|
+
- name: METALLB_DEPLOYMENT
|
425
|
+
value: controller
|
426
|
+
image: quay.io/metallb/controller:v0.10.2
|
382
427
|
name: controller
|
383
428
|
ports:
|
384
429
|
- containerPort: 7472
|
385
430
|
name: monitoring
|
386
|
-
resources:
|
387
|
-
limits:
|
388
|
-
cpu: 100m
|
389
|
-
memory: 100Mi
|
390
431
|
securityContext:
|
391
432
|
allowPrivilegeEscalation: false
|
392
433
|
capabilities:
|
@@ -400,14 +441,3 @@ spec:
|
|
400
441
|
runAsUser: 65534
|
401
442
|
serviceAccountName: controller
|
402
443
|
terminationGracePeriodSeconds: 0
|
403
|
-
---
|
404
|
-
apiVersion: v1
|
405
|
-
kind: ConfigMap
|
406
|
-
metadata:
|
407
|
-
labels:
|
408
|
-
app: metallb
|
409
|
-
name: config
|
410
|
-
namespace: metallb-system
|
411
|
-
data:
|
412
|
-
config: |
|
413
|
-
<%= u.indent(global_config.lb.lb_config, 4) %>
|
data/lib/porkadot/default.yaml
CHANGED
data/lib/porkadot/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: porkadot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.21.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OTSUKA, Yuanying
|
@@ -144,6 +144,7 @@ files:
|
|
144
144
|
- lib/porkadot/assets/kubernetes.rb
|
145
145
|
- lib/porkadot/assets/kubernetes/install.sh.erb
|
146
146
|
- lib/porkadot/assets/kubernetes/kubeconfig.yaml.erb
|
147
|
+
- lib/porkadot/assets/kubernetes/manifests/000-metallb.yaml.erb
|
147
148
|
- lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb
|
148
149
|
- lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb
|
149
150
|
- lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb
|
@@ -155,6 +156,7 @@ files:
|
|
155
156
|
- lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb
|
156
157
|
- lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb
|
157
158
|
- lib/porkadot/assets/kubernetes/manifests/kubelet.yaml.erb
|
159
|
+
- lib/porkadot/assets/kubernetes/manifests/metallb.config.yaml.erb
|
158
160
|
- lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb
|
159
161
|
- lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb
|
160
162
|
- lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb
|