From ac305d925ef724613b074b5315bbb0155e81f078 Mon Sep 17 00:00:00 2001 From: Aleksandr Melnik Date: Fri, 8 May 2020 13:23:38 -0700 Subject: [PATCH] add config files to deploy to govcloud regions --- config/v1.6/aws-k8s-cni-us-gov-east-1.yaml | 175 ++++++++++++++++++ config/v1.6/aws-k8s-cni-us-gov-west-1.yaml | 175 ++++++++++++++++++ config/v1.6/cni-metrics-helper-us-east-1.yaml | 83 +++++++++ .../cni-metrics-helper-us-gov-west-1.yaml | 83 +++++++++ 4 files changed, 516 insertions(+) create mode 100644 config/v1.6/aws-k8s-cni-us-gov-east-1.yaml create mode 100644 config/v1.6/aws-k8s-cni-us-gov-west-1.yaml create mode 100644 config/v1.6/cni-metrics-helper-us-east-1.yaml create mode 100644 config/v1.6/cni-metrics-helper-us-gov-west-1.yaml diff --git a/config/v1.6/aws-k8s-cni-us-gov-east-1.yaml b/config/v1.6/aws-k8s-cni-us-gov-east-1.yaml new file mode 100644 index 0000000000..b5aec5b332 --- /dev/null +++ b/config/v1.6/aws-k8s-cni-us-gov-east-1.yaml @@ -0,0 +1,175 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: aws-node +rules: + - apiGroups: + - crd.k8s.amazonaws.com + resources: + - "*" + verbs: + - "*" + - apiGroups: [""] + resources: + - pods + - nodes + - namespaces + verbs: ["list", "watch", "get"] + - apiGroups: ["extensions"] + resources: + - daemonsets + verbs: ["list", "watch"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: aws-node + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aws-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aws-node +subjects: + - kind: ServiceAccount + name: aws-node + namespace: kube-system + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: aws-node + namespace: kube-system + labels: + k8s-app: aws-node +spec: + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: "10%" + selector: + matchLabels: + k8s-app: aws-node + template: + metadata: + labels: + k8s-app: aws-node + spec: + priorityClassName: system-node-critical + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "beta.kubernetes.io/os" + operator: In + values: + - linux + - key: "beta.kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "eks.amazonaws.com/compute-type" + operator: NotIn + values: + - fargate + - matchExpressions: + - key: "kubernetes.io/os" + operator: In + values: + - linux + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "eks.amazonaws.com/compute-type" + operator: NotIn + values: + - fargate + serviceAccountName: aws-node + hostNetwork: true + tolerations: + - operator: Exists + containers: + - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.6.1 + imagePullPolicy: Always + ports: + - containerPort: 61678 + name: metrics + name: aws-node + readinessProbe: + exec: + command: ["/app/grpc-health-probe", "-addr=:50051"] + initialDelaySeconds: 35 + livenessProbe: + exec: + command: ["/app/grpc-health-probe", "-addr=:50051"] + initialDelaySeconds: 35 + env: + - name: AWS_VPC_K8S_CNI_LOGLEVEL + value: DEBUG + - name: AWS_VPC_K8S_CNI_VETHPREFIX + value: eni + - name: AWS_VPC_ENI_MTU + value: "9001" + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + resources: + requests: + cpu: 10m + securityContext: + privileged: true + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + - mountPath: /host/var/log + name: log-dir + - mountPath: /var/run/docker.sock + name: dockersock + - mountPath: /var/run/dockershim.sock + name: dockershim + volumes: + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d + - name: log-dir + hostPath: + path: /var/log + - name: dockersock + hostPath: + path: /var/run/docker.sock + - name: dockershim + hostPath: + path: /var/run/dockershim.sock + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: eniconfigs.crd.k8s.amazonaws.com +spec: + scope: Cluster + group: crd.k8s.amazonaws.com + versions: + - name: v1alpha1 + served: true + storage: true + names: + plural: eniconfigs + singular: eniconfig + kind: ENIConfig diff --git a/config/v1.6/aws-k8s-cni-us-gov-west-1.yaml b/config/v1.6/aws-k8s-cni-us-gov-west-1.yaml new file mode 100644 index 0000000000..266b035937 --- /dev/null +++ b/config/v1.6/aws-k8s-cni-us-gov-west-1.yaml @@ -0,0 +1,175 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: aws-node +rules: + - apiGroups: + - crd.k8s.amazonaws.com + resources: + - "*" + verbs: + - "*" + - apiGroups: [""] + resources: + - pods + - nodes + - namespaces + verbs: ["list", "watch", "get"] + - apiGroups: ["extensions"] + resources: + - daemonsets + verbs: ["list", "watch"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: aws-node + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aws-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aws-node +subjects: + - kind: ServiceAccount + name: aws-node + namespace: kube-system + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: aws-node + namespace: kube-system + labels: + k8s-app: aws-node +spec: + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: "10%" + selector: + matchLabels: + k8s-app: aws-node + template: + metadata: + labels: + k8s-app: aws-node + spec: + priorityClassName: system-node-critical + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "beta.kubernetes.io/os" + operator: In + values: + - linux + - key: "beta.kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "eks.amazonaws.com/compute-type" + operator: NotIn + values: + - fargate + - matchExpressions: + - key: "kubernetes.io/os" + operator: In + values: + - linux + - key: "kubernetes.io/arch" + operator: In + values: + - amd64 + - key: "eks.amazonaws.com/compute-type" + operator: NotIn + values: + - fargate + serviceAccountName: aws-node + hostNetwork: true + tolerations: + - operator: Exists + containers: + - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.6.1 + imagePullPolicy: Always + ports: + - containerPort: 61678 + name: metrics + name: aws-node + readinessProbe: + exec: + command: ["/app/grpc-health-probe", "-addr=:50051"] + initialDelaySeconds: 35 + livenessProbe: + exec: + command: ["/app/grpc-health-probe", "-addr=:50051"] + initialDelaySeconds: 35 + env: + - name: AWS_VPC_K8S_CNI_LOGLEVEL + value: DEBUG + - name: AWS_VPC_K8S_CNI_VETHPREFIX + value: eni + - name: AWS_VPC_ENI_MTU + value: "9001" + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + resources: + requests: + cpu: 10m + securityContext: + privileged: true + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + - mountPath: /host/var/log + name: log-dir + - mountPath: /var/run/docker.sock + name: dockersock + - mountPath: /var/run/dockershim.sock + name: dockershim + volumes: + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d + - name: log-dir + hostPath: + path: /var/log + - name: dockersock + hostPath: + path: /var/run/docker.sock + - name: dockershim + hostPath: + path: /var/run/dockershim.sock + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: eniconfigs.crd.k8s.amazonaws.com +spec: + scope: Cluster + group: crd.k8s.amazonaws.com + versions: + - name: v1alpha1 + served: true + storage: true + names: + plural: eniconfigs + singular: eniconfig + kind: ENIConfig diff --git a/config/v1.6/cni-metrics-helper-us-east-1.yaml b/config/v1.6/cni-metrics-helper-us-east-1.yaml new file mode 100644 index 0000000000..3640d402a1 --- /dev/null +++ b/config/v1.6/cni-metrics-helper-us-east-1.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cni-metrics-helper +rules: + - apiGroups: [""] + resources: + - nodes + - pods + - pods/proxy + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: ["list", "watch", "get"] + - apiGroups: ["extensions"] + resources: + - daemonsets + - deployments + - replicasets + verbs: ["list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + - apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: ["list", "watch"] + - apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cni-metrics-helper + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cni-metrics-helper +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cni-metrics-helper +subjects: + - kind: ServiceAccount + name: cni-metrics-helper + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cni-metrics-helper + namespace: kube-system + labels: + k8s-app: cni-metrics-helper +spec: + selector: + matchLabels: + k8s-app: cni-metrics-helper + template: + metadata: + labels: + k8s-app: cni-metrics-helper + spec: + serviceAccountName: cni-metrics-helper + containers: + - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.6.1 + imagePullPolicy: Always + name: cni-metrics-helper + env: + - name: USE_CLOUDWATCH + value: "true" diff --git a/config/v1.6/cni-metrics-helper-us-gov-west-1.yaml b/config/v1.6/cni-metrics-helper-us-gov-west-1.yaml new file mode 100644 index 0000000000..49450512fd --- /dev/null +++ b/config/v1.6/cni-metrics-helper-us-gov-west-1.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cni-metrics-helper +rules: + - apiGroups: [""] + resources: + - nodes + - pods + - pods/proxy + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: ["list", "watch", "get"] + - apiGroups: ["extensions"] + resources: + - daemonsets + - deployments + - replicasets + verbs: ["list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + - apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: ["list", "watch"] + - apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cni-metrics-helper + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cni-metrics-helper +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cni-metrics-helper +subjects: + - kind: ServiceAccount + name: cni-metrics-helper + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cni-metrics-helper + namespace: kube-system + labels: + k8s-app: cni-metrics-helper +spec: + selector: + matchLabels: + k8s-app: cni-metrics-helper + template: + metadata: + labels: + k8s-app: cni-metrics-helper + spec: + serviceAccountName: cni-metrics-helper + containers: + - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.6.1 + imagePullPolicy: Always + name: cni-metrics-helper + env: + - name: USE_CLOUDWATCH + value: "true"