98 lines
2.7 KiB
Cheetah
98 lines
2.7 KiB
Cheetah
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: cilium-install
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cluster-admin
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: cilium-install
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: cilium-install
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: cilium-install
|
|
namespace: kube-system
|
|
spec:
|
|
backoffLimit: 10
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: cilium-install
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
tolerations:
|
|
- operator: Exists
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- effect: PreferNoSchedule
|
|
operator: Exists
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: NoExecute
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: PreferNoSchedule
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
serviceAccount: cilium-install
|
|
serviceAccountName: cilium-install
|
|
hostNetwork: true
|
|
containers:
|
|
- name: cilium-install
|
|
image: quay.io/cilium/cilium-cli:latest
|
|
env:
|
|
- name: KUBERNETES_SERVICE_HOST
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: status.podIP
|
|
- name: KUBERNETES_SERVICE_PORT
|
|
value: "6443"
|
|
command:
|
|
- cilium
|
|
- install
|
|
- --set
|
|
- ipam.mode=kubernetes
|
|
- --set
|
|
- kubeProxyReplacement=true
|
|
- --set
|
|
- securityContext.capabilities.ciliumAgent={CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}
|
|
- --set
|
|
- securityContext.capabilities.cleanCiliumState={NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}
|
|
- --set
|
|
- cgroup.autoMount.enabled=false
|
|
- --set
|
|
- cgroup.hostRoot=/sys/fs/cgroup
|
|
- --set
|
|
- k8sServiceHost=10.13.38.11
|
|
- --set
|
|
- k8sServicePort=6443
|
|
- --set
|
|
- gatewayAPI.enabled=true
|
|
- --set
|
|
- gatewayAPI.enableAlpn=true
|
|
- --set
|
|
- gatewayAPI.enableAppProtocol=true
|
|
- --set
|
|
- hubble.relay.enabled=true
|