kubernetes
/
minikube
mirror of https://github.com/kubernetes/minikube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adds MetalLB addon

pull/7308/head
Zhongcheng Lao 2020-03-04 23:36:37 +08:00
parent 8984bbb871
commit d9fe5afa86
No known key found for this signature in database
GPG Key ID: 3B0C92A7E58EF413
5 changed files with 349 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
deploy/addons/metallb/metallb-config.yaml.tmpl Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- {{ .LoadBalancerStartIP }}-{{ .LoadBalancerEndIP }}

293
deploy/addons/metallb/metallb.yaml Normal file
View File

@ -0,0 +1,293 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app: metallb
name: metallb-system
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
fsGroup:
rule: RunAsAny
hostNetwork: true
hostPorts:
- max: 7472
min: 7472
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:controller
rules:
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ''
resources:
- services/status
verbs:
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:speaker
rules:
- apiGroups:
- ''
resources:
- services
- endpoints
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resourceNames:
- speaker
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: metallb
name: config-watcher
namespace: metallb-system
rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:controller
subjects:
- kind: ServiceAccount
name: controller
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:speaker
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:speaker
subjects:
- kind: ServiceAccount
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: metallb
name: config-watcher
namespace: metallb-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: config-watcher
subjects:
- kind: ServiceAccount
name: controller
- kind: ServiceAccount
name: speaker
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: metallb
component: speaker
name: speaker
namespace: metallb-system
spec:
selector:
matchLabels:
app: metallb
component: speaker
template:
metadata:
annotations:
prometheus.io/port: '7472'
prometheus.io/scrape: 'true'
labels:
app: metallb
component: speaker
spec:
containers:
- args:
- --port=7472
- --config=config
env:
- name: METALLB_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: METALLB_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
image: metallb/speaker:v0.8.2
imagePullPolicy: IfNotPresent
name: speaker
ports:
- containerPort: 7472
name: monitoring
resources:
limits:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
drop:
- ALL
readOnlyRootFilesystem: true
hostNetwork: true
nodeSelector:
beta.kubernetes.io/os: linux
serviceAccountName: speaker
terminationGracePeriodSeconds: 0
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metallb
component: controller
name: controller
namespace: metallb-system
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app: metallb
component: controller
template:
metadata:
annotations:
prometheus.io/port: '7472'
prometheus.io/scrape: 'true'
labels:
app: metallb
component: controller
spec:
containers:
- args:
- --port=7472
- --config=config
image: metallb/controller:v0.8.2
imagePullPolicy: IfNotPresent
name: controller
ports:
- containerPort: 7472
name: monitoring
resources:
limits:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: controller
terminationGracePeriodSeconds: 0

5
pkg/addons/config.go
View File

@ -122,4 +122,9 @@ var Addons = []*Addon{
set: SetBool,
callbacks: []setFn{enableOrDisableStorageClasses},
},
{
name: "metallb",
set: SetBool,
callbacks: []setFn{enableOrDisableAddon},
},
}

30
pkg/minikube/assets/addons.go
View File

@ -332,6 +332,20 @@ var Addons = map[string]*Addon{
"0640",
false),
}, false, "ingress-dns"),
"metallb": NewAddon([]*BinAsset{
MustBinAsset(
"deploy/addons/metallb/metallb.yaml",
vmpath.GuestAddonsDir,
"metallb.yaml",
"0640",
false),
MustBinAsset(
"deploy/addons/metallb/metallb-config.yaml.tmpl",
vmpath.GuestAddonsDir,
"metallb-config.yaml",
"0640",
true),
}, false, "metallb"),
}
// GenerateTemplateData generates template data for template assets
@ -345,13 +359,17 @@ func GenerateTemplateData(cfg config.KubernetesConfig) interface{} {
ea = "-" + runtime.GOARCH
}
opts := struct {
Arch string
ExoticArch string
ImageRepository string
Arch string
ExoticArch string
ImageRepository string
LoadBalancerStartIP string
LoadBalancerEndIP string
}{
Arch: a,
ExoticArch: ea,
ImageRepository: cfg.ImageRepository,
Arch: a,
ExoticArch: ea,
ImageRepository: cfg.ImageRepository,
LoadBalancerStartIP: cfg.LoadBalancerStartIP,
LoadBalancerEndIP: cfg.LoadBalancerEndIP,
}
return opts

28
pkg/minikube/config/types.go
View File

@ -71,19 +71,21 @@ type MachineConfig struct {
// KubernetesConfig contains the parameters used to configure the VM Kubernetes.
type KubernetesConfig struct {
KubernetesVersion string
ClusterName string
APIServerName string
APIServerNames []string
APIServerIPs []net.IP
DNSDomain string
ContainerRuntime string
CRISocket string
NetworkPlugin string
FeatureGates string // https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
ServiceCIDR string // the subnet which kubernetes services will be deployed to
ImageRepository string
ExtraOptions ExtraOptionSlice
KubernetesVersion string
ClusterName string
APIServerName string
APIServerNames []string
APIServerIPs []net.IP
DNSDomain string
ContainerRuntime string
CRISocket string
NetworkPlugin string
FeatureGates string // https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
ServiceCIDR string // the subnet which kubernetes services will be deployed to
ImageRepository string
LoadBalancerStartIP string
LoadBalancerEndIP string
ExtraOptions ExtraOptionSlice
ShouldLoadCachedImages bool
EnableDefaultCNI bool