From 08a35cf5f98309e3db66a58c0816a2f24da6fe2d Mon Sep 17 00:00:00 2001 From: Hao Zhou Date: Thu, 3 Sep 2020 16:25:37 -0700 Subject: [PATCH] Add 1.7.2-rc1 into release folder --- .../release-candidate/aws-k8s-cni-cn.yaml | 240 ++++++ .../aws-k8s-cni-us-gov-east-1.yaml | 240 ++++++ .../aws-k8s-cni-us-gov-west-1.yaml | 240 ++++++ .../v1.7/release-candidate/aws-k8s-cni.yaml | 240 ++++++ config/v1.7/release-candidate/calico.yaml | 760 ++++++++++++++++++ .../cni-metrics-helper-cn.yaml | 100 +++ .../cni-metrics-helper-us-gov-east-1.yaml | 100 +++ .../cni-metrics-helper-us-gov-west-1.yaml | 100 +++ .../release-candidate/cni-metrics-helper.yaml | 100 +++ 9 files changed, 2120 insertions(+) create mode 100644 config/v1.7/release-candidate/aws-k8s-cni-cn.yaml create mode 100644 config/v1.7/release-candidate/aws-k8s-cni-us-gov-east-1.yaml create mode 100644 config/v1.7/release-candidate/aws-k8s-cni-us-gov-west-1.yaml create mode 100644 config/v1.7/release-candidate/aws-k8s-cni.yaml create mode 100644 config/v1.7/release-candidate/calico.yaml create mode 100644 config/v1.7/release-candidate/cni-metrics-helper-cn.yaml create mode 100644 config/v1.7/release-candidate/cni-metrics-helper-us-gov-east-1.yaml create mode 100644 config/v1.7/release-candidate/cni-metrics-helper-us-gov-west-1.yaml create mode 100644 config/v1.7/release-candidate/cni-metrics-helper.yaml diff --git a/config/v1.7/release-candidate/aws-k8s-cni-cn.yaml b/config/v1.7/release-candidate/aws-k8s-cni-cn.yaml new file mode 100644 index 0000000000..3c4f88a0f7 --- /dev/null +++ b/config/v1.7/release-candidate/aws-k8s-cni-cn.yaml @@ -0,0 +1,240 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "eniconfigs" + "verbs": + - "get" + - "list" + - "watch" +- "apiGroups": + - "" + "resources": + - "pods" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "" + "resources": + - "nodes" + "verbs": + - "list" + - "watch" + - "get" + - "update" +- "apiGroups": + - "extensions" + "resources": + - "*" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "ADDITIONAL_ENI_TAGS" + "value": "{}" + - "name": "AWS_VPC_CNI_NODE_PORT_SUPPORT" + "value": "true" + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_EXTERNALSNAT" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_LOG_FILE" + "value": "/host/var/log/aws-routed-eni/ipamd.log" + - "name": "AWS_VPC_K8S_CNI_RANDOMIZESNAT" + "value": "prng" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_FILE" + "value": "/var/log/aws-routed-eni/plugin.log" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_LEVEL" + "value": "DEBUG" + - "name": "DISABLE_INTROSPECTION" + "value": "false" + - "name": "DISABLE_METRICS" + "value": "false" + - "name": "ENABLE_POD_ENI" + "value": "false" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + - "name": "WARM_ENI_TARGET" + "value": "1" + "image": "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.7.2-rc1" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 60 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 1 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "capabilities": + "add": + - "NET_ADMIN" + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log/aws-routed-eni" + "name": "log-dir" + - "mountPath": "/var/run/aws-node" + "name": "run-dir" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + - "mountPath": "/run/xtables.lock" + "name": "xtables-lock" + "hostNetwork": true + "initContainers": + - "image": "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "aws-vpc-cni-init" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "terminationGracePeriodSeconds": 10 + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + - "hostPath": + "path": "/run/xtables.lock" + "name": "xtables-lock" + - "hostPath": + "path": "/var/log/aws-routed-eni" + "type": "DirectoryOrCreate" + "name": "log-dir" + - "hostPath": + "path": "/var/run/aws-node" + "type": "DirectoryOrCreate" + "name": "run-dir" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/v1.7/release-candidate/aws-k8s-cni-us-gov-east-1.yaml b/config/v1.7/release-candidate/aws-k8s-cni-us-gov-east-1.yaml new file mode 100644 index 0000000000..8eca564db6 --- /dev/null +++ b/config/v1.7/release-candidate/aws-k8s-cni-us-gov-east-1.yaml @@ -0,0 +1,240 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "eniconfigs" + "verbs": + - "get" + - "list" + - "watch" +- "apiGroups": + - "" + "resources": + - "pods" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "" + "resources": + - "nodes" + "verbs": + - "list" + - "watch" + - "get" + - "update" +- "apiGroups": + - "extensions" + "resources": + - "*" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "ADDITIONAL_ENI_TAGS" + "value": "{}" + - "name": "AWS_VPC_CNI_NODE_PORT_SUPPORT" + "value": "true" + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_EXTERNALSNAT" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_LOG_FILE" + "value": "/host/var/log/aws-routed-eni/ipamd.log" + - "name": "AWS_VPC_K8S_CNI_RANDOMIZESNAT" + "value": "prng" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_FILE" + "value": "/var/log/aws-routed-eni/plugin.log" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_LEVEL" + "value": "DEBUG" + - "name": "DISABLE_INTROSPECTION" + "value": "false" + - "name": "DISABLE_METRICS" + "value": "false" + - "name": "ENABLE_POD_ENI" + "value": "false" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + - "name": "WARM_ENI_TARGET" + "value": "1" + "image": "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.7.2-rc1" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 60 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 1 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "capabilities": + "add": + - "NET_ADMIN" + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log/aws-routed-eni" + "name": "log-dir" + - "mountPath": "/var/run/aws-node" + "name": "run-dir" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + - "mountPath": "/run/xtables.lock" + "name": "xtables-lock" + "hostNetwork": true + "initContainers": + - "image": "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "aws-vpc-cni-init" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "terminationGracePeriodSeconds": 10 + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + - "hostPath": + "path": "/run/xtables.lock" + "name": "xtables-lock" + - "hostPath": + "path": "/var/log/aws-routed-eni" + "type": "DirectoryOrCreate" + "name": "log-dir" + - "hostPath": + "path": "/var/run/aws-node" + "type": "DirectoryOrCreate" + "name": "run-dir" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/v1.7/release-candidate/aws-k8s-cni-us-gov-west-1.yaml b/config/v1.7/release-candidate/aws-k8s-cni-us-gov-west-1.yaml new file mode 100644 index 0000000000..9da25af08f --- /dev/null +++ b/config/v1.7/release-candidate/aws-k8s-cni-us-gov-west-1.yaml @@ -0,0 +1,240 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "eniconfigs" + "verbs": + - "get" + - "list" + - "watch" +- "apiGroups": + - "" + "resources": + - "pods" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "" + "resources": + - "nodes" + "verbs": + - "list" + - "watch" + - "get" + - "update" +- "apiGroups": + - "extensions" + "resources": + - "*" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "ADDITIONAL_ENI_TAGS" + "value": "{}" + - "name": "AWS_VPC_CNI_NODE_PORT_SUPPORT" + "value": "true" + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_EXTERNALSNAT" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_LOG_FILE" + "value": "/host/var/log/aws-routed-eni/ipamd.log" + - "name": "AWS_VPC_K8S_CNI_RANDOMIZESNAT" + "value": "prng" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_FILE" + "value": "/var/log/aws-routed-eni/plugin.log" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_LEVEL" + "value": "DEBUG" + - "name": "DISABLE_INTROSPECTION" + "value": "false" + - "name": "DISABLE_METRICS" + "value": "false" + - "name": "ENABLE_POD_ENI" + "value": "false" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + - "name": "WARM_ENI_TARGET" + "value": "1" + "image": "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.7.2-rc1" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 60 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 1 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "capabilities": + "add": + - "NET_ADMIN" + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log/aws-routed-eni" + "name": "log-dir" + - "mountPath": "/var/run/aws-node" + "name": "run-dir" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + - "mountPath": "/run/xtables.lock" + "name": "xtables-lock" + "hostNetwork": true + "initContainers": + - "image": "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "aws-vpc-cni-init" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "terminationGracePeriodSeconds": 10 + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + - "hostPath": + "path": "/run/xtables.lock" + "name": "xtables-lock" + - "hostPath": + "path": "/var/log/aws-routed-eni" + "type": "DirectoryOrCreate" + "name": "log-dir" + - "hostPath": + "path": "/var/run/aws-node" + "type": "DirectoryOrCreate" + "name": "run-dir" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/v1.7/release-candidate/aws-k8s-cni.yaml b/config/v1.7/release-candidate/aws-k8s-cni.yaml new file mode 100644 index 0000000000..69ecefdb35 --- /dev/null +++ b/config/v1.7/release-candidate/aws-k8s-cni.yaml @@ -0,0 +1,240 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "eniconfigs" + "verbs": + - "get" + - "list" + - "watch" +- "apiGroups": + - "" + "resources": + - "pods" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "" + "resources": + - "nodes" + "verbs": + - "list" + - "watch" + - "get" + - "update" +- "apiGroups": + - "extensions" + "resources": + - "*" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "arm64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "ADDITIONAL_ENI_TAGS" + "value": "{}" + - "name": "AWS_VPC_CNI_NODE_PORT_SUPPORT" + "value": "true" + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_EXTERNALSNAT" + "value": "false" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_LOG_FILE" + "value": "/host/var/log/aws-routed-eni/ipamd.log" + - "name": "AWS_VPC_K8S_CNI_RANDOMIZESNAT" + "value": "prng" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_FILE" + "value": "/var/log/aws-routed-eni/plugin.log" + - "name": "AWS_VPC_K8S_PLUGIN_LOG_LEVEL" + "value": "DEBUG" + - "name": "DISABLE_INTROSPECTION" + "value": "false" + - "name": "DISABLE_METRICS" + "value": "false" + - "name": "ENABLE_POD_ENI" + "value": "false" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + - "name": "WARM_ENI_TARGET" + "value": "1" + "image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.2-rc1" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 60 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 1 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "capabilities": + "add": + - "NET_ADMIN" + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log/aws-routed-eni" + "name": "log-dir" + - "mountPath": "/var/run/aws-node" + "name": "run-dir" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + - "mountPath": "/run/xtables.lock" + "name": "xtables-lock" + "hostNetwork": true + "initContainers": + - "image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "aws-vpc-cni-init" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "terminationGracePeriodSeconds": 10 + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + - "hostPath": + "path": "/run/xtables.lock" + "name": "xtables-lock" + - "hostPath": + "path": "/var/log/aws-routed-eni" + "type": "DirectoryOrCreate" + "name": "log-dir" + - "hostPath": + "path": "/var/run/aws-node" + "type": "DirectoryOrCreate" + "name": "run-dir" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/v1.7/release-candidate/calico.yaml b/config/v1.7/release-candidate/calico.yaml new file mode 100644 index 0000000000..d17194c13c --- /dev/null +++ b/config/v1.7/release-candidate/calico.yaml @@ -0,0 +1,760 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: calico-node + namespace: kube-system + labels: + k8s-app: calico-node +spec: + selector: + matchLabels: + k8s-app: calico-node + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: calico-node + spec: + priorityClassName: system-node-critical + nodeSelector: + beta.kubernetes.io/os: linux + hostNetwork: true + serviceAccountName: calico-node + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 0 + containers: + # Runs calico/node container on each Kubernetes node. This + # container programs network policy and routes on each + # host. + - name: calico-node + image: quay.io/calico/node:v3.15.1 + env: + # Use Kubernetes API as the backing datastore. + - name: DATASTORE_TYPE + value: "kubernetes" + # Use eni not cali for interface prefix + - name: FELIX_INTERFACEPREFIX + value: "eni" + # Enable felix info logging. + - name: FELIX_LOGSEVERITYSCREEN + value: "info" + # Don't enable BGP. + - name: CALICO_NETWORKING_BACKEND + value: "none" + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: "k8s,ecs" + # Disable file logging so `kubectl logs` works. + - name: CALICO_DISABLE_FILE_LOGGING + value: "true" + - name: FELIX_TYPHAK8SSERVICENAME + value: "calico-typha" + # Set Felix endpoint to host default action to ACCEPT. + - name: FELIX_DEFAULTENDPOINTTOHOSTACTION + value: "ACCEPT" + # This will make Felix honor AWS VPC CNI's mangle table + # rules. + - name: FELIX_IPTABLESMANGLEALLOWACTION + value: Return + # Disable IPV6 on Kubernetes. + - name: FELIX_IPV6SUPPORT + value: "false" + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: "true" + - name: FELIX_LOGSEVERITYSYS + value: "none" + - name: FELIX_PROMETHEUSMETRICSENABLED + value: "true" + - name: FELIX_ROUTESOURCE + value: "WorkloadIPs" + - name: NO_DEFAULT_POOLS + value: "true" + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # No IP address needed. + - name: IP + value: "" + - name: FELIX_HEALTHENABLED + value: "true" + securityContext: + privileged: true + livenessProbe: + exec: + command: + - /bin/calico-node + - -felix-live + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/calico-node + - -felix-ready + periodSeconds: 10 + volumeMounts: + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico + name: var-lib-calico + readOnly: false + volumes: + # Used to ensure proper kmods are installed. + - name: lib-modules + hostPath: + path: /lib/modules + - name: var-run-calico + hostPath: + path: /var/run/calico + - name: var-lib-calico + hostPath: + path: /var/lib/calico + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + tolerations: + # Make sure calico/node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + +--- + +# Create all the CustomResourceDefinitions needed for +# Calico policy-only mode. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: felixconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: FelixConfiguration + plural: felixconfigurations + singular: felixconfiguration + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipamblocks.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: IPAMBlock + plural: ipamblocks + singular: ipamblock + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockaffinities.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BlockAffinity + plural: blockaffinities + singular: blockaffinity + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgpconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BGPConfiguration + plural: bgpconfigurations + singular: bgpconfiguration + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgppeers.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BGPPeer + plural: bgppeers + singular: bgppeer +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: IPPool + plural: ippools + singular: ippool + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: hostendpoints.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: HostEndpoint + plural: hostendpoints + singular: hostendpoint + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterinformations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: ClusterInformation + plural: clusterinformations + singular: clusterinformation + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworkpolicies.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: GlobalNetworkPolicy + plural: globalnetworkpolicies + singular: globalnetworkpolicy + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworksets.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: GlobalNetworkSet + plural: globalnetworksets + singular: globalnetworkset + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: NetworkPolicy + plural: networkpolicies + singular: networkpolicy + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networksets.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: NetworkSet + plural: networksets + singular: networkset + +--- + +# Create the ServiceAccount and roles necessary for Calico. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-node + namespace: kube-system + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-node +rules: + # The CNI plugin needs to get pods, nodes, configmaps and namespaces. + - apiGroups: [""] + resources: + - pods + - nodes + - configmaps + - namespaces + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + - services + verbs: + # Used to discover service IPs for advertisement. + - watch + - list + # Used to discover Typhas. + - get + - apiGroups: [""] + resources: + - nodes/status + verbs: + # Needed for clearing NodeNetworkUnavailable flag. + - patch + # Calico stores some configuration information in node annotations. + - update + # Watch for changes to Kubernetes NetworkPolicies. + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + # Used by Calico for policy information. + - apiGroups: [""] + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch + # The CNI plugin patches pods/status. + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + # Calico monitors various CRDs for config. + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch + # Calico must create and update some CRDs on startup. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + - felixconfigurations + - clusterinformations + verbs: + - create + - update + # Calico stores some configuration information on the node. + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch + # These permissions are only requried for upgrade from v2.6, and can + # be removed after upgrade or on fresh installations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - bgpconfigurations + - bgppeers + verbs: + - create + - update + # These permissions are required for Calico CNI to perform IPAM allocations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - ipamconfigs + verbs: + - get + # Block affinities must also be watchable by confd for route aggregation. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + verbs: + - watch + # The Calico IPAM migration needs to get daemonsets. These permissions can be + # removed if not upgrading from an installation using host-local IPAM. + - apiGroups: ["apps"] + resources: + - daemonsets + verbs: + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: + - kind: ServiceAccount + name: calico-node + namespace: kube-system + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calico-typha + namespace: kube-system + labels: + k8s-app: calico-typha +spec: + revisionHistoryLimit: 2 + selector: + matchLabels: + k8s-app: calico-typha + template: + metadata: + labels: + k8s-app: calico-typha + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' + spec: + priorityClassName: system-cluster-critical + nodeSelector: + beta.kubernetes.io/os: linux + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + hostNetwork: true + serviceAccountName: calico-node + # fsGroup allows using projected serviceaccount tokens as described here kubernetes/kubernetes#82573 + securityContext: + fsGroup: 65534 + containers: + - image: quay.io/calico/typha:v3.15.1 + name: calico-typha + ports: + - containerPort: 5473 + name: calico-typha + protocol: TCP + env: + # Use eni not cali for interface prefix + - name: FELIX_INTERFACEPREFIX + value: "eni" + - name: TYPHA_LOGFILEPATH + value: "none" + - name: TYPHA_LOGSEVERITYSYS + value: "none" + - name: TYPHA_LOGSEVERITYSCREEN + value: "info" + - name: TYPHA_PROMETHEUSMETRICSENABLED + value: "true" + - name: TYPHA_CONNECTIONREBALANCINGMODE + value: "kubernetes" + - name: TYPHA_PROMETHEUSMETRICSPORT + value: "9093" + - name: TYPHA_DATASTORETYPE + value: "kubernetes" + - name: TYPHA_MAXCONNECTIONSLOWERLIMIT + value: "1" + - name: TYPHA_HEALTHENABLED + value: "true" + # This will make Felix honor AWS VPC CNI's mangle table + # rules. + - name: FELIX_IPTABLESMANGLEALLOWACTION + value: Return + livenessProbe: + httpGet: + path: /liveness + port: 9098 + host: localhost + periodSeconds: 30 + initialDelaySeconds: 30 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + readinessProbe: + httpGet: + path: /readiness + port: 9098 + host: localhost + periodSeconds: 10 + +--- + +# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: calico-typha + namespace: kube-system + labels: + k8s-app: calico-typha +spec: + maxUnavailable: 1 + selector: + matchLabels: + k8s-app: calico-typha + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: typha-cpha +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: typha-cpha +subjects: + - kind: ServiceAccount + name: typha-cpha + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: typha-cpha +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list"] + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: calico-typha-horizontal-autoscaler + namespace: kube-system +data: + ladder: |- + { + "coresToReplicas": [], + "nodesToReplicas": + [ + [1, 1], + [10, 2], + [100, 3], + [250, 4], + [500, 5], + [1000, 6], + [1500, 7], + [2000, 8] + ] + } + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calico-typha-horizontal-autoscaler + namespace: kube-system + labels: + k8s-app: calico-typha-autoscaler +spec: + selector: + matchLabels: + k8s-app: calico-typha-autoscaler + replicas: 1 + template: + metadata: + labels: + k8s-app: calico-typha-autoscaler + spec: + priorityClassName: system-cluster-critical + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.7.1 + name: autoscaler + command: + - /cluster-proportional-autoscaler + - --namespace=kube-system + - --configmap=calico-typha-horizontal-autoscaler + - --target=deployment/calico-typha + - --logtostderr=true + - --v=2 + resources: + requests: + cpu: 10m + limits: + cpu: 10m + serviceAccountName: typha-cpha + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: typha-cpha + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + - apiGroups: ["extensions", "apps"] + resources: ["deployments/scale"] + verbs: ["get", "update"] + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: typha-cpha + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: typha-cpha + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: typha-cpha +subjects: + - kind: ServiceAccount + name: typha-cpha + namespace: kube-system + +--- + +apiVersion: v1 +kind: Service +metadata: + name: calico-typha + namespace: kube-system + labels: + k8s-app: calico-typha +spec: + ports: + - port: 5473 + protocol: TCP + targetPort: calico-typha + name: calico-typha + selector: + k8s-app: calico-typha diff --git a/config/v1.7/release-candidate/cni-metrics-helper-cn.yaml b/config/v1.7/release-candidate/cni-metrics-helper-cn.yaml new file mode 100644 index 0000000000..f0d6a44ce1 --- /dev/null +++ b/config/v1.7/release-candidate/cni-metrics-helper-cn.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +... diff --git a/config/v1.7/release-candidate/cni-metrics-helper-us-gov-east-1.yaml b/config/v1.7/release-candidate/cni-metrics-helper-us-gov-east-1.yaml new file mode 100644 index 0000000000..45361ab8d5 --- /dev/null +++ b/config/v1.7/release-candidate/cni-metrics-helper-us-gov-east-1.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +... diff --git a/config/v1.7/release-candidate/cni-metrics-helper-us-gov-west-1.yaml b/config/v1.7/release-candidate/cni-metrics-helper-us-gov-west-1.yaml new file mode 100644 index 0000000000..2194e376c1 --- /dev/null +++ b/config/v1.7/release-candidate/cni-metrics-helper-us-gov-west-1.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +... diff --git a/config/v1.7/release-candidate/cni-metrics-helper.yaml b/config/v1.7/release-candidate/cni-metrics-helper.yaml new file mode 100644 index 0000000000..d1ea342457 --- /dev/null +++ b/config/v1.7/release-candidate/cni-metrics-helper.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.7.2-rc1" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +...