diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml new file mode 100644 index 0000000000..8ff28d2903 --- /dev/null +++ b/config/master/aws-k8s-cni-cn.yaml @@ -0,0 +1,183 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "*" + "verbs": + - "*" +- "apiGroups": + - "" + "resources": + - "pods" + - "nodes" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + "image": "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:latest" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log" + "name": "log-dir" + - "mountPath": "/var/run/docker.sock" + "name": "dockersock" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + "hostNetwork": true + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/log" + "name": "log-dir" + - "hostPath": + "path": "/var/run/docker.sock" + "name": "dockersock" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml new file mode 100644 index 0000000000..4282092fdc --- /dev/null +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -0,0 +1,183 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "*" + "verbs": + - "*" +- "apiGroups": + - "" + "resources": + - "pods" + - "nodes" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + "image": "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:latest" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log" + "name": "log-dir" + - "mountPath": "/var/run/docker.sock" + "name": "dockersock" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + "hostNetwork": true + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/log" + "name": "log-dir" + - "hostPath": + "path": "/var/run/docker.sock" + "name": "dockersock" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml new file mode 100644 index 0000000000..94f9dfe472 --- /dev/null +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -0,0 +1,183 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "*" + "verbs": + - "*" +- "apiGroups": + - "" + "resources": + - "pods" + - "nodes" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + "image": "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:latest" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log" + "name": "log-dir" + - "mountPath": "/var/run/docker.sock" + "name": "dockersock" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + "hostNetwork": true + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/log" + "name": "log-dir" + - "hostPath": + "path": "/var/run/docker.sock" + "name": "dockersock" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml new file mode 100644 index 0000000000..26b1ed3add --- /dev/null +++ b/config/master/aws-k8s-cni.yaml @@ -0,0 +1,183 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "aws-node" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "aws-node" +"subjects": +- "kind": "ServiceAccount" + "name": "aws-node" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "aws-node" +"rules": +- "apiGroups": + - "crd.k8s.amazonaws.com" + "resources": + - "*" + "verbs": + - "*" +- "apiGroups": + - "" + "resources": + - "pods" + - "nodes" + - "namespaces" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apiextensions.k8s.io/v1beta1" +"kind": "CustomResourceDefinition" +"metadata": + "name": "eniconfigs.crd.k8s.amazonaws.com" +"spec": + "group": "crd.k8s.amazonaws.com" + "names": + "kind": "ENIConfig" + "plural": "eniconfigs" + "singular": "eniconfig" + "scope": "Cluster" + "versions": + - "name": "v1alpha1" + "served": true + "storage": true +--- +"apiVersion": "apps/v1" +"kind": "DaemonSet" +"metadata": + "labels": + "k8s-app": "aws-node" + "name": "aws-node" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "aws-node" + "template": + "metadata": + "labels": + "k8s-app": "aws-node" + "spec": + "affinity": + "nodeAffinity": + "requiredDuringSchedulingIgnoredDuringExecution": + "nodeSelectorTerms": + - "matchExpressions": + - "key": "beta.kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "beta.kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + - "matchExpressions": + - "key": "kubernetes.io/os" + "operator": "In" + "values": + - "linux" + - "key": "kubernetes.io/arch" + "operator": "In" + "values": + - "amd64" + - "key": "eks.amazonaws.com/compute-type" + "operator": "NotIn" + "values": + - "fargate" + "containers": + - "env": + - "name": "AWS_VPC_ENI_MTU" + "value": "9001" + - "name": "AWS_VPC_K8S_CNI_LOGLEVEL" + "value": "DEBUG" + - "name": "AWS_VPC_K8S_CNI_VETHPREFIX" + "value": "eni" + - "name": "MY_NODE_NAME" + "valueFrom": + "fieldRef": + "fieldPath": "spec.nodeName" + "image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:latest" + "imagePullPolicy": "Always" + "livenessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "name": "aws-node" + "ports": + - "containerPort": 61678 + "name": "metrics" + "readinessProbe": + "exec": + "command": + - "/app/grpc-health-probe" + - "-addr=:50051" + "initialDelaySeconds": 35 + "resources": + "requests": + "cpu": "10m" + "securityContext": + "privileged": true + "volumeMounts": + - "mountPath": "/host/opt/cni/bin" + "name": "cni-bin-dir" + - "mountPath": "/host/etc/cni/net.d" + "name": "cni-net-dir" + - "mountPath": "/host/var/log" + "name": "log-dir" + - "mountPath": "/var/run/docker.sock" + "name": "dockersock" + - "mountPath": "/var/run/dockershim.sock" + "name": "dockershim" + "hostNetwork": true + "priorityClassName": "system-node-critical" + "serviceAccountName": "aws-node" + "tolerations": + - "operator": "Exists" + "volumes": + - "hostPath": + "path": "/opt/cni/bin" + "name": "cni-bin-dir" + - "hostPath": + "path": "/etc/cni/net.d" + "name": "cni-net-dir" + - "hostPath": + "path": "/var/log" + "name": "log-dir" + - "hostPath": + "path": "/var/run/docker.sock" + "name": "dockersock" + - "hostPath": + "path": "/var/run/dockershim.sock" + "name": "dockershim" + "updateStrategy": + "rollingUpdate": + "maxUnavailable": "10%" + "type": "RollingUpdate" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "aws-node" + "namespace": "kube-system" +... diff --git a/config/master/calico.yaml b/config/master/calico.yaml new file mode 100644 index 0000000000..89b591de26 --- /dev/null +++ b/config/master/calico.yaml @@ -0,0 +1,757 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: calico-node + namespace: kube-system + labels: + k8s-app: calico-node +spec: + selector: + matchLabels: + k8s-app: calico-node + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: calico-node + spec: + priorityClassName: system-node-critical + nodeSelector: + beta.kubernetes.io/os: linux + hostNetwork: true + serviceAccountName: calico-node + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 0 + containers: + # Runs calico/node container on each Kubernetes node. This + # container programs network policy and routes on each + # host. + - name: calico-node + image: quay.io/calico/node:v3.13.0 + env: + # Use Kubernetes API as the backing datastore. + - name: DATASTORE_TYPE + value: "kubernetes" + # Use eni not cali for interface prefix + - name: FELIX_INTERFACEPREFIX + value: "eni" + # Enable felix info logging. + - name: FELIX_LOGSEVERITYSCREEN + value: "info" + # Don't enable BGP. + - name: CALICO_NETWORKING_BACKEND + value: "none" + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: "k8s,ecs" + # Disable file logging so `kubectl logs` works. + - name: CALICO_DISABLE_FILE_LOGGING + value: "true" + - name: FELIX_TYPHAK8SSERVICENAME + value: "calico-typha" + # Set Felix endpoint to host default action to ACCEPT. + - name: FELIX_DEFAULTENDPOINTTOHOSTACTION + value: "ACCEPT" + # This will make Felix honor AWS VPC CNI's mangle table + # rules. + - name: FELIX_IPTABLESMANGLEALLOWACTION + value: Return + # Disable IPV6 on Kubernetes. + - name: FELIX_IPV6SUPPORT + value: "false" + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: "true" + - name: FELIX_LOGSEVERITYSYS + value: "none" + - name: FELIX_PROMETHEUSMETRICSENABLED + value: "true" + - name: NO_DEFAULT_POOLS + value: "true" + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # No IP address needed. + - name: IP + value: "" + - name: FELIX_HEALTHENABLED + value: "true" + securityContext: + privileged: true + livenessProbe: + exec: + command: + - /bin/calico-node + - -felix-live + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/calico-node + - -felix-ready + periodSeconds: 10 + volumeMounts: + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico + name: var-lib-calico + readOnly: false + volumes: + # Used to ensure proper kmods are installed. + - name: lib-modules + hostPath: + path: /lib/modules + - name: var-run-calico + hostPath: + path: /var/run/calico + - name: var-lib-calico + hostPath: + path: /var/lib/calico + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + tolerations: + # Make sure calico/node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + +--- + +# Create all the CustomResourceDefinitions needed for +# Calico policy-only mode. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: felixconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: FelixConfiguration + plural: felixconfigurations + singular: felixconfiguration + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipamblocks.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: IPAMBlock + plural: ipamblocks + singular: ipamblock + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockaffinities.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BlockAffinity + plural: blockaffinities + singular: blockaffinity + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgpconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BGPConfiguration + plural: bgpconfigurations + singular: bgpconfiguration + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgppeers.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BGPPeer + plural: bgppeers + singular: bgppeer +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: IPPool + plural: ippools + singular: ippool + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: hostendpoints.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: HostEndpoint + plural: hostendpoints + singular: hostendpoint + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterinformations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: ClusterInformation + plural: clusterinformations + singular: clusterinformation + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworkpolicies.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: GlobalNetworkPolicy + plural: globalnetworkpolicies + singular: globalnetworkpolicy + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworksets.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: GlobalNetworkSet + plural: globalnetworksets + singular: globalnetworkset + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: NetworkPolicy + plural: networkpolicies + singular: networkpolicy + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networksets.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: NetworkSet + plural: networksets + singular: networkset + +--- + +# Create the ServiceAccount and roles necessary for Calico. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-node + namespace: kube-system + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-node +rules: + # The CNI plugin needs to get pods, nodes, and namespaces. + - apiGroups: [""] + resources: + - pods + - nodes + - namespaces + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + - services + verbs: + # Used to discover service IPs for advertisement. + - watch + - list + # Used to discover Typhas. + - get + - apiGroups: [""] + resources: + - nodes/status + verbs: + # Needed for clearing NodeNetworkUnavailable flag. + - patch + # Calico stores some configuration information in node annotations. + - update + # Watch for changes to Kubernetes NetworkPolicies. + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + # Used by Calico for policy information. + - apiGroups: [""] + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch + # The CNI plugin patches pods/status. + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + # Calico monitors various CRDs for config. + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch + # Calico must create and update some CRDs on startup. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + - felixconfigurations + - clusterinformations + verbs: + - create + - update + # Calico stores some configuration information on the node. + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch + # These permissions are only requried for upgrade from v2.6, and can + # be removed after upgrade or on fresh installations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - bgpconfigurations + - bgppeers + verbs: + - create + - update + # These permissions are required for Calico CNI to perform IPAM allocations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - ipamconfigs + verbs: + - get + # Block affinities must also be watchable by confd for route aggregation. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + verbs: + - watch + # The Calico IPAM migration needs to get daemonsets. These permissions can be + # removed if not upgrading from an installation using host-local IPAM. + - apiGroups: ["apps"] + resources: + - daemonsets + verbs: + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: + - kind: ServiceAccount + name: calico-node + namespace: kube-system + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calico-typha + namespace: kube-system + labels: + k8s-app: calico-typha +spec: + revisionHistoryLimit: 2 + selector: + matchLabels: + k8s-app: calico-typha + template: + metadata: + labels: + k8s-app: calico-typha + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' + spec: + priorityClassName: system-cluster-critical + nodeSelector: + beta.kubernetes.io/os: linux + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + hostNetwork: true + serviceAccountName: calico-node + # fsGroup allows using projected serviceaccount tokens as described here kubernetes/kubernetes#82573 + securityContext: + fsGroup: 65534 + containers: + - image: quay.io/calico/typha:v3.13.0 + name: calico-typha + ports: + - containerPort: 5473 + name: calico-typha + protocol: TCP + env: + # Use eni not cali for interface prefix + - name: FELIX_INTERFACEPREFIX + value: "eni" + - name: TYPHA_LOGFILEPATH + value: "none" + - name: TYPHA_LOGSEVERITYSYS + value: "none" + - name: TYPHA_LOGSEVERITYSCREEN + value: "info" + - name: TYPHA_PROMETHEUSMETRICSENABLED + value: "true" + - name: TYPHA_CONNECTIONREBALANCINGMODE + value: "kubernetes" + - name: TYPHA_PROMETHEUSMETRICSPORT + value: "9093" + - name: TYPHA_DATASTORETYPE + value: "kubernetes" + - name: TYPHA_MAXCONNECTIONSLOWERLIMIT + value: "1" + - name: TYPHA_HEALTHENABLED + value: "true" + # This will make Felix honor AWS VPC CNI's mangle table + # rules. + - name: FELIX_IPTABLESMANGLEALLOWACTION + value: Return + livenessProbe: + httpGet: + path: /liveness + port: 9098 + host: localhost + periodSeconds: 30 + initialDelaySeconds: 30 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + readinessProbe: + httpGet: + path: /readiness + port: 9098 + host: localhost + periodSeconds: 10 + +--- + +# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: calico-typha + namespace: kube-system + labels: + k8s-app: calico-typha +spec: + maxUnavailable: 1 + selector: + matchLabels: + k8s-app: calico-typha + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: typha-cpha +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: typha-cpha +subjects: + - kind: ServiceAccount + name: typha-cpha + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: typha-cpha +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["watch", "list"] + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: calico-typha-horizontal-autoscaler + namespace: kube-system +data: + ladder: |- + { + "coresToReplicas": [], + "nodesToReplicas": + [ + [1, 1], + [10, 2], + [100, 3], + [250, 4], + [500, 5], + [1000, 6], + [1500, 7], + [2000, 8] + ] + } + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calico-typha-horizontal-autoscaler + namespace: kube-system + labels: + k8s-app: calico-typha-autoscaler +spec: + selector: + matchLabels: + k8s-app: calico-typha-autoscaler + replicas: 1 + template: + metadata: + labels: + k8s-app: calico-typha-autoscaler + spec: + priorityClassName: system-cluster-critical + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.7.1 + name: autoscaler + command: + - /cluster-proportional-autoscaler + - --namespace=kube-system + - --configmap=calico-typha-horizontal-autoscaler + - --target=deployment/calico-typha + - --logtostderr=true + - --v=2 + resources: + requests: + cpu: 10m + limits: + cpu: 10m + serviceAccountName: typha-cpha + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: typha-cpha + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + - apiGroups: ["extensions", "apps"] + resources: ["deployments/scale"] + verbs: ["get", "update"] + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: typha-cpha + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: typha-cpha + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: typha-cpha +subjects: + - kind: ServiceAccount + name: typha-cpha + namespace: kube-system + +--- + +apiVersion: v1 +kind: Service +metadata: + name: calico-typha + namespace: kube-system + labels: + k8s-app: calico-typha +spec: + ports: + - port: 5473 + protocol: TCP + targetPort: calico-typha + name: calico-typha + selector: + k8s-app: calico-typha diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml new file mode 100644 index 0000000000..34daa6ddd4 --- /dev/null +++ b/config/master/cni-metrics-helper-cn.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:latest" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +... diff --git a/config/master/cni-metrics-helper-us-east-1.yaml b/config/master/cni-metrics-helper-us-east-1.yaml new file mode 100644 index 0000000000..3640d402a1 --- /dev/null +++ b/config/master/cni-metrics-helper-us-east-1.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cni-metrics-helper +rules: + - apiGroups: [""] + resources: + - nodes + - pods + - pods/proxy + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: ["list", "watch", "get"] + - apiGroups: ["extensions"] + resources: + - daemonsets + - deployments + - replicasets + verbs: ["list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + - apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: ["list", "watch"] + - apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cni-metrics-helper + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cni-metrics-helper +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cni-metrics-helper +subjects: + - kind: ServiceAccount + name: cni-metrics-helper + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cni-metrics-helper + namespace: kube-system + labels: + k8s-app: cni-metrics-helper +spec: + selector: + matchLabels: + k8s-app: cni-metrics-helper + template: + metadata: + labels: + k8s-app: cni-metrics-helper + spec: + serviceAccountName: cni-metrics-helper + containers: + - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.6.1 + imagePullPolicy: Always + name: cni-metrics-helper + env: + - name: USE_CLOUDWATCH + value: "true" diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml new file mode 100644 index 0000000000..f85b892397 --- /dev/null +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:latest" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +... diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml new file mode 100644 index 0000000000..4cc3465eeb --- /dev/null +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:latest" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +... diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml new file mode 100644 index 0000000000..38896b7e98 --- /dev/null +++ b/config/master/cni-metrics-helper.yaml @@ -0,0 +1,100 @@ +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRoleBinding" +"metadata": + "name": "cni-metrics-helper" +"roleRef": + "apiGroup": "rbac.authorization.k8s.io" + "kind": "ClusterRole" + "name": "cni-metrics-helper" +"subjects": +- "kind": "ServiceAccount" + "name": "cni-metrics-helper" + "namespace": "kube-system" +--- +"apiVersion": "rbac.authorization.k8s.io/v1" +"kind": "ClusterRole" +"metadata": + "name": "cni-metrics-helper" +"rules": +- "apiGroups": + - "" + "resources": + - "nodes" + - "pods" + - "pods/proxy" + - "services" + - "resourcequotas" + - "replicationcontrollers" + - "limitranges" + - "persistentvolumeclaims" + - "persistentvolumes" + - "namespaces" + - "endpoints" + "verbs": + - "list" + - "watch" + - "get" +- "apiGroups": + - "extensions" + "resources": + - "daemonsets" + - "deployments" + - "replicasets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "apps" + "resources": + - "statefulsets" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "batch" + "resources": + - "cronjobs" + - "jobs" + "verbs": + - "list" + - "watch" +- "apiGroups": + - "autoscaling" + "resources": + - "horizontalpodautoscalers" + "verbs": + - "list" + - "watch" +--- +"apiVersion": "apps/v1" +"kind": "Deployment" +"metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "name": "cni-metrics-helper" + "namespace": "kube-system" +"spec": + "selector": + "matchLabels": + "k8s-app": "cni-metrics-helper" + "template": + "metadata": + "labels": + "k8s-app": "cni-metrics-helper" + "spec": + "containers": + - "env": + - "name": "USE_CLOUDWATCH" + "value": "true" + "image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:latest" + "imagePullPolicy": "Always" + "name": "cni-metrics-helper" + "serviceAccountName": "cni-metrics-helper" +--- +"apiVersion": "v1" +"kind": "ServiceAccount" +"metadata": + "name": "cni-metrics-helper" + "namespace": "kube-system" +... diff --git a/config/master/doc.go b/config/master/doc.go new file mode 100644 index 0000000000..bbfc285487 --- /dev/null +++ b/config/master/doc.go @@ -0,0 +1,6 @@ +// There is no golang code here. This file exists only to hook the +// following command into "go generate ./..." + +package manifests + +//go:generate go run github.com/google/go-jsonnet/cmd/jsonnet -S -m . manifests.jsonnet diff --git a/config/master/manifests.jsonnet b/config/master/manifests.jsonnet new file mode 100644 index 0000000000..eafa761a1f --- /dev/null +++ b/config/master/manifests.jsonnet @@ -0,0 +1,352 @@ +local objectValues(obj) = [obj[k] for k in std.objectFields(obj)]; +local objectItems(obj) = [[k, obj[k]] for k in std.objectFields(obj)]; + +local regions = { + default: { + version:: "latest", // or eg "v1.6.1" + ecrRegion:: "us-west-2", + ecrAccount:: "602401143452", + ecrDomain:: "amazonaws.com", + ecrRepo:: "%s.dkr.ecr.%s.%s" % [self.ecrAccount, self.ecrRegion, self.ecrDomain], + }, + + "us-gov-east-1": self.default { + ecrRegion: "us-gov-east-1", + ecrAccount: "151742754352", + }, + + "us-gov-west-1": self.default { + ecrRegion: "us-gov-west-1", + ecrAccount: "013241004608", + }, + + "cn": self.default { + ecrRegion: "cn-northwest-1", + ecrAccount: "961992271922", + ecrDomain: "amazonaws.com.cn", + }, +}; + +local awsnode = { + clusterRole: { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRole", + metadata: {name: "aws-node"}, + rules: [ + { + apiGroups: ["crd.k8s.amazonaws.com"], + resources: ["*"], + verbs: ["*"], + }, + { + apiGroups: [""], + resources: ["pods", "nodes", "namespaces"], + verbs: ["list", "watch", "get"], + }, + { + apiGroups: ["extensions"], + resources: ["daemonsets"], + verbs: ["list", "watch"], + }, + ], + }, + + serviceAccount: { + apiVersion: "v1", + kind: "ServiceAccount", + metadata: { + name: "aws-node", + namespace: "kube-system", + }, + }, + + binding: { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRoleBinding", + metadata: { + name: "aws-node", + }, + roleRef: { + apiGroup: "rbac.authorization.k8s.io", + kind: $.clusterRole.kind, + name: $.clusterRole.metadata.name, + }, + subjects: [{ + kind: $.serviceAccount.kind, + name: $.serviceAccount.metadata.name, + namespace: $.serviceAccount.metadata.namespace, + }], + }, + + daemonset: { + kind: "DaemonSet", + apiVersion: "apps/v1", + metadata: { + name: "aws-node", + namespace: "kube-system", + labels: { + "k8s-app": "aws-node", + }, + }, + spec: { + local spec = self, + updateStrategy: { + type: "RollingUpdate", + rollingUpdate: {maxUnavailable: "10%"}, + }, + selector: { + matchLabels: spec.template.metadata.labels, + }, + template: { + metadata: { + labels: { + "k8s-app": "aws-node", + }, + }, + spec: { + priorityClassName: "system-node-critical", + affinity: { + nodeAffinity: { + requiredDuringSchedulingIgnoredDuringExecution: { + nodeSelectorTerms: [ + { + matchExpressions: [ + { + key: prefix + "kubernetes.io/os", + operator: "In", + values: ["linux"], + }, + { + key: prefix + "kubernetes.io/arch", + operator: "In", + values: ["amd64"], + }, + { + key: "eks.amazonaws.com/compute-type", + operator: "NotIn", + values: ["fargate"], + }, + ], + } for prefix in ["beta.", ""] + ], + }, + }, + }, + serviceAccountName: $.serviceAccount.metadata.name, + hostNetwork: true, + tolerations: [{operator: "Exists"}], + containers_:: { + awsnode: { + image: "%s/amazon-k8s-cni:%s" % [$.ecrRepo, $.version], + imagePullPolicy: "Always", + ports: [{ + containerPort: 61678, + name: "metrics" + }], + name: "aws-node", + readinessProbe: { + exec: { + command: ["/app/grpc-health-probe", "-addr=:50051"], + }, + initialDelaySeconds: 35, + }, + livenessProbe: self.readinessProbe, + env_:: { + AWS_VPC_K8S_CNI_LOGLEVEL: "DEBUG", + AWS_VPC_K8S_CNI_VETHPREFIX: "eni", + AWS_VPC_ENI_MTU: "9001", + MY_NODE_NAME: { + valueFrom: { + fieldRef: {fieldPath: "spec.nodeName"}, + }, + }, + }, + env: [ + {name: kv[0]} + if std.isObject(kv[1]) then kv[1] else {value: kv[1]} + for kv in objectItems(self.env_) + ], + resources: { + requests: {cpu: "10m"}, + }, + securityContext: {privileged: true}, + volumeMounts: [ + {mountPath: "/host/opt/cni/bin", name: "cni-bin-dir"}, + {mountPath: "/host/etc/cni/net.d", name: "cni-net-dir"}, + {mountPath: "/host/var/log", name: "log-dir"}, + {mountPath: "/var/run/docker.sock", name: "dockersock"}, + {mountPath: "/var/run/dockershim.sock", name: "dockershim"}, + ], + }, + }, + containers: objectValues(self.containers_), + volumes: [ + {name: "cni-bin-dir", hostPath: {path: "/opt/cni/bin"}}, + {name: "cni-net-dir", hostPath: {path: "/etc/cni/net.d"}}, + {name: "log-dir", hostPath: {path: "/var/log"}}, + {name: "dockersock", hostPath: {path: "/var/run/docker.sock"}}, + {name: "dockershim", hostPath: {path: "/var/run/dockershim.sock"}}, + ], + }, + }, + }, + }, + + crd: { + apiVersion: "apiextensions.k8s.io/v1beta1", + kind: "CustomResourceDefinition", + metadata: { + name: "eniconfigs.crd.k8s.amazonaws.com", + }, + spec: { + scope: "Cluster", + group: "crd.k8s.amazonaws.com", + versions: [{ + name: "v1alpha1", + served: true, + storage: true, + }], + names: { + plural: "eniconfigs", + singular: "eniconfig", + kind: "ENIConfig", + }, + }, + }, +}; + +local metricsHelper = { + clusterRole: { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRole", + metadata: { + name: "cni-metrics-helper", + }, + rules: [ + { + apiGroups: [""], + resources: [ + "nodes", + "pods", + "pods/proxy", + "services", + "resourcequotas", + "replicationcontrollers", + "limitranges", + "persistentvolumeclaims", + "persistentvolumes", + "namespaces", + "endpoints", + ], + verbs: ["list", "watch", "get"], + }, + { + apiGroups: ["extensions"], + resources: ["daemonsets", "deployments", "replicasets"], + verbs: ["list", "watch"], + }, + { + apiGroups: ["apps"], + resources: ["statefulsets"], + verbs: ["list", "watch"], + }, + { + apiGroups: ["batch"], + resources: ["cronjobs", "jobs"], + verbs: ["list", "watch"], + }, + { + apiGroups: ["autoscaling"], + resources: ["horizontalpodautoscalers"], + verbs: ["list", "watch"], + }, + ], + }, + + serviceAccount: { + apiVersion: "v1", + kind: "ServiceAccount", + metadata: { + name: "cni-metrics-helper", + namespace: "kube-system", + }, + }, + + binding: { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRoleBinding", + metadata: { + name: "cni-metrics-helper", + }, + roleRef: { + apiGroup: "rbac.authorization.k8s.io", + kind: $.clusterRole.kind, + name: $.clusterRole.metadata.name, + }, + subjects: [{ + kind: $.serviceAccount.kind, + name: $.serviceAccount.metadata.name, + namespace: $.serviceAccount.metadata.namespace, + }], + }, + + deployment: { + apiVersion: "apps/v1", + kind: "Deployment", + metadata: { + name: "cni-metrics-helper", + namespace: "kube-system", + labels: { + "k8s-app": "cni-metrics-helper", + }, + }, + spec: { + local spec = self, + selector: { + matchLabels: spec.template.metadata.labels, + }, + template: { + metadata: { + labels: { + "k8s-app": "cni-metrics-helper", + }, + }, + spec: { + serviceAccountName: $.serviceAccount.metadata.name, + containers_:: { + metricshelper: { + image: "%s/cni-metrics-helper:%s" % [$.ecrRepo, $.version], + imagePullPolicy: "Always", + name: "cni-metrics-helper", + env_:: { + USE_CLOUDWATCH: "true", + }, + env: [ + {name: kv[0]} + if std.isObject(kv[1]) then kv[1] else {value: kv[1]} + for kv in objectItems(self.env_) + ], + }, + }, + containers: objectValues(self.containers_), + }, + }, + }, + }, +}; + +local byRegion(basename, template) = { + [ + basename + (if kv[0] == "default" then "" else "-" + kv[0]) + ]: template + kv[1] + for kv in objectItems(regions) +}; + +// Output values, as jsonnet objects +local output = +byRegion("aws-k8s-cni", awsnode) + +byRegion("cni-metrics-helper", metricsHelper); + +// Yaml-ified output values +{ + [kv[0] + ".yaml"]: std.manifestYamlStream(objectValues(kv[1])) + for kv in objectItems(output) +} diff --git a/go.mod b/go.mod index 6ba95824d4..3113a35674 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/golang/mock v1.4.1 github.com/golang/protobuf v1.3.5 github.com/google/btree v1.0.0 // indirect + github.com/google/go-jsonnet v0.15.0 // indirect github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect github.com/googleapis/gnostic v0.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect @@ -21,8 +22,8 @@ require ( github.com/json-iterator/go v1.1.5 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 // indirect - github.com/onsi/ginkgo v1.8.0 // indirect - github.com/onsi/gomega v1.5.0 // indirect + github.com/onsi/ginkgo v1.11.0 // indirect + github.com/onsi/gomega v1.8.1 // indirect github.com/operator-framework/operator-sdk v0.0.7 github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 @@ -40,8 +41,10 @@ require ( golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 // indirect google.golang.org/grpc v1.29.0 + gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 + gopkg.in/yaml.v2 v2.2.7 // indirect k8s.io/api v0.0.0-20180712090710-2d6f90ab1293 k8s.io/apimachinery v0.0.0-20180621070125-103fd098999d k8s.io/client-go v0.0.0-20180806134042-1f13a808da65 diff --git a/go.sum b/go.sum index 6d306cc148..4bb3e6defc 100644 --- a/go.sum +++ b/go.sum @@ -34,6 +34,8 @@ github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -65,6 +67,8 @@ github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-jsonnet v0.15.0 h1:lEUXTDnVsHu+CLLzMeWAdWV4JpCgkJeDqdVNS8RtyuY= +github.com/google/go-jsonnet v0.15.0/go.mod h1:ex9QcU8vzXQUDeNe4gaN1uhGQbTYpOeZ6AbWdy6JbX4= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck= github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= @@ -99,6 +103,11 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mattn/go-colorable v0.1.1 h1:G1f5SKeVxmagw/IyvzvtZE4Gybcc4Tr1tf7I8z0XgOg= +github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= +github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.7 h1:UvyT9uN+3r7yLEYSlJsbQGdsaB/a0DlgWP3pql6iwOc= +github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -111,12 +120,12 @@ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8m github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.8.0 h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w= -github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= +github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= +github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/operator-framework/operator-sdk v0.0.7 h1:feujqHLhibLBbDVrSAFswpSzTVS5mEuarvywJ079mYE= github.com/operator-framework/operator-sdk v0.0.7/go.mod h1:iVyukRkam5JZa8AnjYf+/G3rk7JI1+M6GsU0sq0B9NA= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= @@ -138,6 +147,7 @@ github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 h1:2c1EFnZHIPCW8qKWgHMH/fX2PkSabFc5mrVzfUNdg5U= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= +github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= @@ -194,13 +204,16 @@ golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAG golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg= @@ -224,6 +237,7 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5 h1:hKsoRgsbwY1NafxrwTs+k64bikrLBkAgPir1TNCj3Zs= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -235,13 +249,14 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.28.0 h1:bO/TA4OxCOummhSf10siHuG7vJOiwh7SpRpFZDkOgl4= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.0 h1:2pJjwYOdkZ9HlN4sWRYBg9ttH5bCOlsueaM+b/oYjwo= google.golang.org/grpc v1.29.0/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= @@ -256,6 +271,9 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= +gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=