diff --git a/deploy/cluster/.helmignore b/deploy/cluster/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/deploy/cluster/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deploy/cluster/Chart.yaml b/deploy/cluster/Chart.yaml deleted file mode 100644 index 78bdf2ce..00000000 --- a/deploy/cluster/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: fleetboard-agent -description: A Helm chart for Tunnel across clusters. - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.0.0" diff --git a/deploy/cluster/crds/multicluster.x-k8s.io_serviceexports.yaml b/deploy/cluster/crds/multicluster.x-k8s.io_serviceexports.yaml deleted file mode 100644 index 8dda38c2..00000000 --- a/deploy/cluster/crds/multicluster.x-k8s.io_serviceexports.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serviceexports.multicluster.x-k8s.io -spec: - group: multicluster.x-k8s.io - scope: Namespaced - names: - plural: serviceexports - singular: serviceexport - kind: ServiceExport - shortNames: - - svcex - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - "schema": - "openAPIV3Schema": - description: ServiceExport declares that the Service with the same name and - namespace as this export should be consumable from other clusters. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: status describes the current state of an exported service. - Service configuration comes from the Service that had the same name - and namespace as this ServiceExport. Populated by the multi-cluster - service implementation's controller. - type: object - properties: - conditions: - type: array - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map diff --git a/deploy/cluster/crds/multicluster.x-k8s.io_serviceimports.yaml b/deploy/cluster/crds/multicluster.x-k8s.io_serviceimports.yaml deleted file mode 100644 index d0e26e9e..00000000 --- a/deploy/cluster/crds/multicluster.x-k8s.io_serviceimports.yaml +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serviceimports.multicluster.x-k8s.io -spec: - group: multicluster.x-k8s.io - scope: Namespaced - names: - plural: serviceimports - singular: serviceimport - kind: ServiceImport - shortNames: - - svcim - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Type - type: string - description: The type of this ServiceImport - jsonPath: .spec.type - - name: IP - type: string - description: The VIP for this ServiceImport - jsonPath: .spec.ips - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - "schema": - "openAPIV3Schema": - description: ServiceImport describes a service imported from clusters in a - ClusterSet. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec defines the behavior of a ServiceImport. - type: object - required: - - ports - - type - properties: - ips: - description: ip will be used as the VIP for this service when type - is ClusterSetIP. - type: array - maxItems: 1 - items: - type: string - ports: - type: array - items: - description: ServicePort represents the port on which the service - is exposed - type: object - required: - - port - properties: - appProtocol: - description: The application protocol for this port. This field - follows standard Kubernetes label syntax. Un-prefixed names - are reserved for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). Non-standard - protocols should use prefixed names such as mycompany.com/my-custom-protocol. - Field can be enabled with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. This - must be a DNS_LABEL. All ports within a ServiceSpec must have - unique names. When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. Optional - if only one ServicePort is defined on this service. - type: string - port: - description: The port that will be exposed by this service. - type: integer - format: int32 - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - x-kubernetes-list-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain session - affinity. Enable client IP based session affinity. Must be ClientIP - or None. Defaults to None. Ignored when type is Headless More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains session affinity configuration. - type: object - properties: - clientIP: - description: clientIP contains the configurations of Client IP - based session affinity. - type: object - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds of ClientIP - type session sticky time. The value must be >0 && <=86400(for - 1 day) if ServiceAffinity == "ClientIP". Default value is - 10800(for 3 hours). - type: integer - format: int32 - type: - description: type defines the type of this service. Must be ClusterSetIP - or Headless. - type: string - enum: - - ClusterSetIP - - Headless - status: - description: status contains information about the exported services that - form the multi-cluster service referenced by this ServiceImport. - type: object - properties: - clusters: - description: clusters is the list of exporting clusters from which - this service was derived. - type: array - items: - description: ClusterStatus contains service configuration mapped - to a specific source cluster - type: object - required: - - cluster - properties: - cluster: - description: cluster is the name of the exporting cluster. Must - be a valid RFC-1123 DNS label. - type: string - x-kubernetes-list-map-keys: - - cluster - x-kubernetes-list-type: map diff --git a/deploy/cluster/templates/cnf-cluster.yaml b/deploy/cluster/templates/cnf-cluster.yaml deleted file mode 100644 index e6138e2d..00000000 --- a/deploy/cluster/templates/cnf-cluster.yaml +++ /dev/null @@ -1,112 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.cluster.localnamespace }} ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: cnf-fleetboard - namespace: fleetboard-system -spec: - selector: - matchLabels: - app: cnf-fleetboard - template: - metadata: - labels: - app: cnf-fleetboard - router.fleetboard.io/cnf: "true" - spec: - serviceAccountName: {{ .Values.serviceAccount.name }} - hostNetwork: false - containers: - - name: controller - command: - - "/ep-controller" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PARALLEL_IP_ANNOTATION - value: "router.fleetboard.io/dedicated_ip" - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}/controller:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: - requests: - cpu: 500m - memory: 512Mi - - name: cnf - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}/cnf:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 0 - privileged: true - command: - - /cnf/cnf - args: - - --shared-namespace=syncer-operator - - --local-namespace=syncer-operator - - --as-hub={{ .Values.cluster.hub }} - - --as-cluster=true - - --hub-secret-namespace=fleetboard-system - - --hub-secret-name={{ .Values.hub.secretName }} - - --hub-url={{ .Values.hub.hubURL }} - env: - - name: FLEETBOARD_CLUSTERID - value: {{ .Values.cluster.clusterID }} - - name: FLEETBOARD_BOOTSTRAPTOKEN - value: re51os.131tn13kek2iaqoz - - name: FLEETBOARD_PODNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: FLEETBOARD_PODNAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: FLEETBOARD_NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - resources: - limits: - cpu: "1" - memory: 1Gi - requests: - cpu: 100m - memory: 100Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/run/netns - mountPropagation: Bidirectional - name: host-ns - - mountPath: /var/run/nri - mountPropagation: HostToContainer - name: host-nri - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - securityContext: { } - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: /var/run/netns - type: "" - name: host-ns - - hostPath: - path: /var/run/nri - type: DirectoryOrCreate - name: host-nri \ No newline at end of file diff --git a/deploy/cluster/templates/crossdns-deploy.yaml b/deploy/cluster/templates/crossdns-deploy.yaml deleted file mode 100644 index 18e1b265..00000000 --- a/deploy/cluster/templates/crossdns-deploy.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: crossdns - component: crossdns - name: crossdns - namespace: fleetboard-system -data: - Corefile: | - {{ .Values.cluster.zone }}:53 { - crossdns - errors - health - ready - } ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: crossdns - component: crossdns - name: crossdns - namespace: fleetboard-system -spec: - clusterIP: - {{- range (lookup "v1" "Service" "kube-system" "").items }} - {{- if eq (dig "k8s-app" "no-kube-dns" .metadata.labels) "kube-dns" }} - {{- $last_part := splitList "." (.spec.clusterIP | trimAll "\n") | last | add 1 }} - {{ concat (slice (splitList "." .spec.clusterIP) 0 3 ) (list $last_part) | join "."}} - {{- end }} - {{- end }} - ports: - - name: udp - port: 53 - protocol: UDP - targetPort: 53 - selector: - app: crossdns - sessionAffinity: None - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: crossdns - namespace: fleetboard-system - labels: - app: crossdns -spec: - selector: - matchLabels: - app: crossdns - template: - metadata: - labels: - app: crossdns - spec: - containers: - - args: - - -conf - - /etc/coredns/Corefile - name: crossdns - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}/crossdns:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - serviceAccountName: {{ .Values.serviceAccount.name }} - volumes: - - configMap: - defaultMode: 420 - items: - - key: Corefile - path: Corefile - name: crossdns - name: config-volume diff --git a/deploy/cluster/templates/rbac.yaml b/deploy/cluster/templates/rbac.yaml deleted file mode 100644 index 6222f6ba..00000000 --- a/deploy/cluster/templates/rbac.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name }} - namespace: fleetboard-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: fleetboard:controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} - namespace: fleetboard-system \ No newline at end of file diff --git a/deploy/cluster/templates/service.yaml b/deploy/cluster/templates/service.yaml deleted file mode 100644 index ab7f3054..00000000 --- a/deploy/cluster/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.cluster.ispublic -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }} - namespace: fleetboard-system - labels: - app: {{ .Chart.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: {{ .Values.service.protocol }} - name: udp - nodePort: {{ .Values.service.nodePort }} - selector: - app: {{ .Chart.Name }} -{{- end }} \ No newline at end of file diff --git a/deploy/cluster/values.yaml b/deploy/cluster/values.yaml deleted file mode 100644 index 6005afc4..00000000 --- a/deploy/cluster/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Default values for fleetboard. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -image: - registry: ghcr.io - repository: fleetboard-io - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "latest" - -cluster: - # Specifies whether this is a hub - hub: false - clusterID: cluster1 - sharenamespace: syncer-operator - localnamespace: syncer-operator - zone: hyperos.local - ispublic: false - -hub: - hubURL: https://121.41.31.123:6443 - bootstraptoken: re51os.131tn13kek2iaqoz - secretName: fleetboard - -serviceAccount: - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: fleetboard - -service: - type: NodePort - port: 31820 - nodePort: 31820 - protocol: UDP - targetPort: 31820 \ No newline at end of file diff --git a/deploy/hub/.helmignore b/deploy/hub/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/deploy/hub/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deploy/hub/Chart.yaml b/deploy/hub/Chart.yaml deleted file mode 100644 index 70dee42c..00000000 --- a/deploy/hub/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: fleetboard -description: A Helm chart for Tunnel across clusters. - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/deploy/hub/crds/fleetboard.io_peers.yaml b/deploy/hub/crds/fleetboard.io_peers.yaml deleted file mode 100644 index 6ddd5542..00000000 --- a/deploy/hub/crds/fleetboard.io_peers.yaml +++ /dev/null @@ -1,81 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - name: peers.fleetboard.io -spec: - group: fleetboard.io - names: - categories: - - fleetboard - kind: Peer - listKind: PeerList - plural: peers - shortNames: - - peer - - peers - singular: peer - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - cluster_cidr: - items: - type: string - type: array - cluster_id: - maxLength: 63 - minLength: 1 - type: string - endpoint: - type: string - isPublic: - description: the peer will be public and will be connected directly - by other cluster. isPublic is true only works when `endpoint` is - not empty. - type: boolean - ishub: - type: boolean - port: - type: integer - public_key: - type: string - required: - - cluster_cidr - - cluster_id - - endpoint - - ishub - - port - - public_key - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deploy/hub/templates/NOTES.txt b/deploy/hub/templates/NOTES.txt deleted file mode 100644 index f1f52650..00000000 --- a/deploy/hub/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - -Continue to install fleetboard-agent on clusters, and install fleetboard-agent in cluster by: - - helm install fleetboard-agent fleetboard/fleetboard-agent --namespace fleetboard-system --create-namespace \ - --set hub.hubURL=https://{{ .Values.tunnel.endpoint }}:6443 --set cluster.clusterID=cluster1 \ No newline at end of file diff --git a/deploy/hub/templates/cnf-hub.yaml b/deploy/hub/templates/cnf-hub.yaml deleted file mode 100644 index 866e8cf3..00000000 --- a/deploy/hub/templates/cnf-hub.yaml +++ /dev/null @@ -1,92 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.cluster.sharenamespace }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cnf-fleetboard - namespace: fleetboard-system - labels: - app: cnf-fleetboard -spec: - replicas: 2 - selector: - matchLabels: - app: cnf-fleetboard - template: - metadata: - labels: - app: cnf-fleetboard - router.fleetboard.io/cnf: "true" - spec: - serviceAccountName: {{ .Values.serviceAccount.name }} - hostNetwork: false - containers: - - name: cnf - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}/cnf:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 0 - privileged: true - command: - - /cnf/cnf - args: - - --as-hub={{ .Values.cluster.hub }} - - --cidr={{ .Values.tunnel.cidr }} - - --as-cluster=false - - --shared-namespace=syncer-operator - env: - - name: FLEETBOARD_CLUSTERID - value: {{ .Values.cluster.clusterID }} - - name: FLEETBOARD_ENDPOINT - value: {{ .Values.tunnel.endpoint }} - - name: FLEETBOARD_PODNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: FLEETBOARD_PODNAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - limits: - cpu: "1" - memory: 1Gi - requests: - cpu: 100m - memory: 100Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/run/netns - mountPropagation: Bidirectional - name: host-ns - - mountPath: /var/run/nri - mountPropagation: HostToContainer - name: host-nri - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - securityContext: { } - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: /var/run/netns - type: "" - name: host-ns - - hostPath: - path: /var/run/nri - type: DirectoryOrCreate - name: host-nri \ No newline at end of file diff --git a/deploy/hub/templates/rbac.yaml b/deploy/hub/templates/rbac.yaml deleted file mode 100644 index 27ddb308..00000000 --- a/deploy/hub/templates/rbac.yaml +++ /dev/null @@ -1,187 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name }} - namespace: fleetboard-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: fleetboard-local-rolebinding - namespace: {{ .Values.cluster.sharenamespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: mcs-syncer -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} - namespace: fleetboard-system - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Values.cluster.sharenamespace }} - name: mcs-syncer -rules: - - apiGroups: ["fleetboard.io"] - resources: ["peers"] - verbs: ["*"] - - apiGroups: [ "discovery.k8s.io" ] - resources: [ "endpointslices" ] - verbs: [ "*" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: fleetboard-manager-rolebinding - namespace: fleetboard-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: hub-manager -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} - namespace: fleetboard-system - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: default - name: hub-manager -rules: - - apiGroups: [ "" ] - resources: [ "pods" ] - verbs: [ "get", "watch", "list", "update", "patch", "delete"] - - apiGroups: [ "coordination.k8s.io" ] - resources: [ "leases" ] - verbs: [ "create", "get", "watch", "list", "update", "patch", "delete"] - -{{- if ge (.Capabilities.KubeVersion.Minor|int) 24 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.serviceAccount.name }} - namespace: fleetboard-system - annotations: - kubernetes.io/service-account.name: {{ .Values.serviceAccount.name | quote }} -type: kubernetes.io/service-account-token -{{- end }} - ---- -apiVersion: v1 -kind: Secret -metadata: - # Name MUST be of form "bootstrap-token-" - name: bootstrap-token-re51os - namespace: kube-system -# Type MUST be 'bootstrap.kubernetes.io/token' -type: bootstrap.kubernetes.io/token -stringData: - description: "The bootstrap token used by fleetboard network first connection." - # Token ID and secret. Required. - token-id: re51os - token-secret: 131tn13kek2iaqoz - # Expiration. Optional. - expiration: 2035-05-10T03:22:11Z - # Allowed usages. - usage-bootstrap-authentication: "true" - usage-bootstrap-signing: "true" - # Extra groups to authenticate the token as. Must start with "system:bootstrappers:" - auth-extra-groups: system:bootstrappers:fleetboard:register-token ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: fleetboard:system:bootstrapping - namespace: fleetboard-system -rules: - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "list" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: fleetboard:system:bootstrapping - namespace: fleetboard-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: fleetboard:system:bootstrapping -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:bootstrappers:fleetboard:register-token - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: fleetboard:dedinic-cni -rules: - - apiGroups: - - "" - resources: - - pods - - nodes - - configmaps - - "nodes/proxy" - - "pods/status" - - "endpoints" - - "services" - verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ] - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ] - - apiGroups: - - '' - - events.k8s.io - resources: - - events - verbs: - - '*' - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dedinic-cni -roleRef: - name: fleetboard:dedinic-cni - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} - namespace: fleetboard-system diff --git a/deploy/hub/templates/service.yaml b/deploy/hub/templates/service.yaml deleted file mode 100644 index 07dba0dd..00000000 --- a/deploy/hub/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }} - namespace: fleetboard-system - labels: - app: {{ .Chart.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: {{ .Values.service.protocol }} - name: udp - nodePort: {{ .Values.service.nodePort }} - selector: - app: cnf-fleetboard - router.fleetboard.io/leader: "true" \ No newline at end of file diff --git a/deploy/hub/values.yaml b/deploy/hub/values.yaml deleted file mode 100644 index 6df02f39..00000000 --- a/deploy/hub/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Default values for fleetboard. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -image: - registry: ghcr.io - repository: fleetboard-io - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "latest" - -cluster: - # Specifies whether this is a hub - hub: true - clusterID: hub - sharenamespace: syncer-operator - -hub: - hubURL: https://121.41.31.123:6443 - -tunnel: - endpoint: 121.41.31.123 - cidr: 10.112.0.0/12 - -serviceAccount: - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: fleetboard - -service: - type: NodePort - port: 31820 - nodePort: 31820 - protocol: UDP - targetPort: 31820 \ No newline at end of file