208 строки
5.8 KiB
YAML
208 строки
5.8 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: azure-cns
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
namespace: kube-system
|
|
name: nodeNetConfigEditor
|
|
rules:
|
|
- apiGroups: ["acn.azure.com"]
|
|
resources: ["nodenetworkconfigs"]
|
|
verbs: ["get", "list", "watch", "patch", "update"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: pod-reader-all-namespaces
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: [""]
|
|
resources: ["nodes"]
|
|
verbs: ["get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: nodeNetConfigEditorRoleBinding
|
|
namespace: kube-system
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: azure-cns
|
|
namespace: kube-system
|
|
roleRef:
|
|
kind: Role
|
|
name: nodeNetConfigEditor
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: pod-reader-all-namespaces-binding
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: azure-cns
|
|
namespace: kube-system
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: pod-reader-all-namespaces
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: azure-cns
|
|
namespace: kube-system
|
|
labels:
|
|
app: azure-cns
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: azure-cns
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: azure-cns
|
|
annotations:
|
|
cluster-autoscaler.kubernetes.io/daemonset-pod: "true"
|
|
spec:
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.azure.com/cluster
|
|
operator: Exists
|
|
- key: type
|
|
operator: NotIn
|
|
values:
|
|
- virtual-kubelet
|
|
- key: beta.kubernetes.io/os
|
|
operator: In
|
|
values:
|
|
- linux
|
|
priorityClassName: system-node-critical
|
|
tolerations:
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
- operator: "Exists"
|
|
effect: NoExecute
|
|
- operator: "Exists"
|
|
effect: NoSchedule
|
|
initContainers:
|
|
- name: init-cni-dropgz
|
|
image: mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4.1 # CNI 1.4.39.1
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/dropgz"]
|
|
args: ["deploy" , "azure-vnet", "-o", "/opt/cni/bin/azure-vnet", "azure-vnet-telemetry", "-o", "/opt/cni/bin/azure-vnet-telemetry", "azure-swift.conflist", "-o", "/etc/cni/net.d/10-azure.conflist"]
|
|
volumeMounts:
|
|
- name: cni-bin
|
|
mountPath: /opt/cni/bin
|
|
- name: cni-conflist
|
|
mountPath: /etc/cni/net.d
|
|
containers:
|
|
- name: cns-container
|
|
image: mcr.microsoft.com/containernetworking/azure-cns:v1.4.32
|
|
imagePullPolicy: IfNotPresent
|
|
args: [ "-c", "tcp://$(CNSIpAddress):$(CNSPort)", "-t", "$(CNSLogTarget)"]
|
|
volumeMounts:
|
|
- name: log
|
|
mountPath: /var/log
|
|
- name: cns-state
|
|
mountPath: /var/lib/azure-network
|
|
- name: azure-endpoints
|
|
mountPath: /var/run/azure-cns/
|
|
- name: cns-config
|
|
mountPath: /etc/azure-cns
|
|
- name: cni-bin
|
|
mountPath: /opt/cni/bin
|
|
- name: azure-vnet
|
|
mountPath: /var/run/azure-vnet
|
|
- name: legacy-cni-state
|
|
mountPath: /var/run/azure-vnet.json
|
|
ports:
|
|
- containerPort: 10090
|
|
env:
|
|
- name: CNSIpAddress
|
|
value: "127.0.0.1"
|
|
- name: CNSPort
|
|
value: "10090"
|
|
- name: CNSLogTarget
|
|
value: "stdoutfile"
|
|
- name: CNS_CONFIGURATION_PATH
|
|
value: /etc/azure-cns/cns_config.json
|
|
- name: NODENAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: spec.nodeName
|
|
hostNetwork: true
|
|
volumes:
|
|
- name: azure-endpoints
|
|
hostPath:
|
|
path: /var/run/azure-cns/
|
|
type: DirectoryOrCreate
|
|
- name: log
|
|
hostPath:
|
|
path: /var/log
|
|
type: Directory
|
|
- name: cns-state
|
|
hostPath:
|
|
path: /var/lib/azure-network
|
|
type: DirectoryOrCreate
|
|
- name: cni-bin
|
|
hostPath:
|
|
path: /opt/cni/bin
|
|
type: Directory
|
|
- name: azure-vnet
|
|
hostPath:
|
|
path: /var/run/azure-vnet
|
|
type: DirectoryOrCreate
|
|
- name: legacy-cni-state
|
|
hostPath:
|
|
path: /var/run/azure-vnet.json
|
|
type: FileOrCreate
|
|
- name: cni-conflist
|
|
hostPath:
|
|
path: /etc/cni/net.d
|
|
type: Directory
|
|
- name: cns-config
|
|
configMap:
|
|
name: cns-config
|
|
serviceAccountName: azure-cns
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: cns-config
|
|
namespace: kube-system
|
|
data:
|
|
cns_config.json: |
|
|
{
|
|
"TelemetrySettings": {
|
|
"TelemetryBatchSizeBytes": 16384,
|
|
"TelemetryBatchIntervalInSecs": 15,
|
|
"RefreshIntervalInSecs": 15,
|
|
"DisableAll": false,
|
|
"HeartBeatIntervalInMins": 30,
|
|
"DebugMode": false,
|
|
"SnapshotIntervalInMins": 60
|
|
},
|
|
"ManagedSettings": {
|
|
"PrivateEndpoint": "",
|
|
"InfrastructureNetworkID": "",
|
|
"NodeID": "",
|
|
"NodeSyncIntervalInSeconds": 30
|
|
},
|
|
"ChannelMode": "CRD",
|
|
"InitializeFromCNI": true,
|
|
"ManageEndpointState": false,
|
|
"ProgramSNATIPTables" : false
|
|
}
|
|
# Toggle ManageEndpointState and ProgramSNATIPTables to true for delegated IPAM use case.
|