diff --git a/system-apps/whereabouts/config.yaml b/system-apps/whereabouts/config.yaml new file mode 100644 index 0000000..8bc9d72 --- /dev/null +++ b/system-apps/whereabouts/config.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: whereabouts-config + namespace: kube-system + annotations: + kubernetes.io/description: | + Configmap containing user customizable cronjob schedule +data: + cron-expression: "30 4 * * *" # Default schedule is once per day at 4:30am. Users may configure this value to their liking. \ No newline at end of file diff --git a/system-apps/whereabouts/crds/ippools.yaml b/system-apps/whereabouts/crds/ippools.yaml new file mode 100644 index 0000000..d7c3a17 --- /dev/null +++ b/system-apps/whereabouts/crds/ippools.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ippools.whereabouts.cni.cncf.io +spec: + group: whereabouts.cni.cncf.io + names: + kind: IPPool + listKind: IPPoolList + plural: ippools + singular: ippool + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IPPool is the Schema for the ippools API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPPoolSpec defines the desired state of IPPool + properties: + allocations: + additionalProperties: + description: IPAllocation represents metadata about the pod/container + owner of a specific IP + properties: + id: + type: string + ifname: + type: string + podref: + type: string + required: + - id + - podref + type: object + description: |- + Allocations is the set of allocated IPs for the given range. Its` indices are a direct mapping to the + IP with the same index/offset for the pool's range. + type: object + range: + description: Range is a RFC 4632/4291-style string that represents + an IP address and prefix length in CIDR notation + type: string + required: + - allocations + - range + type: object + type: object + served: true + storage: true \ No newline at end of file diff --git a/system-apps/whereabouts/crds/overlappingrangeipreservations.yaml b/system-apps/whereabouts/crds/overlappingrangeipreservations.yaml new file mode 100644 index 0000000..692d067 --- /dev/null +++ b/system-apps/whereabouts/crds/overlappingrangeipreservations.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: overlappingrangeipreservations.whereabouts.cni.cncf.io +spec: + group: whereabouts.cni.cncf.io + names: + kind: OverlappingRangeIPReservation + listKind: OverlappingRangeIPReservationList + plural: overlappingrangeipreservations + singular: overlappingrangeipreservation + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OverlappingRangeIPReservation is the Schema for the OverlappingRangeIPReservations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OverlappingRangeIPReservationSpec defines the desired state + of OverlappingRangeIPReservation + properties: + containerid: + type: string + ifname: + type: string + podref: + type: string + required: + - podref + type: object + required: + - spec + type: object + served: true + storage: true \ No newline at end of file diff --git a/system-apps/whereabouts/daemonset.yaml b/system-apps/whereabouts/daemonset.yaml new file mode 100644 index 0000000..50005dc --- /dev/null +++ b/system-apps/whereabouts/daemonset.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: whereabouts + namespace: kube-system + labels: + tier: node + app: whereabouts +spec: + selector: + matchLabels: + name: whereabouts + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: whereabouts + name: whereabouts + spec: + hostNetwork: true + serviceAccountName: whereabouts + tolerations: + - operator: Exists + effect: NoSchedule + containers: + - name: whereabouts + command: [ "/bin/sh" ] + args: + - -c + - | + SLEEP=false source /install-cni.sh + /token-watcher.sh & + /ip-control-loop -log-level debug + image: ghcr.io/k8snetworkplumbingwg/whereabouts:latest + env: + - name: NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: WHEREABOUTS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "100m" + memory: "200Mi" + securityContext: + privileged: true + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + - name: cni-net-dir + mountPath: /host/etc/cni/net.d + - name: cron-scheduler-configmap + mountPath: /cron-schedule + volumes: + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d + - name: cron-scheduler-configmap + configMap: + name: "whereabouts-config" + defaultMode: 0744 + items: + - key: "cron-expression" + path: "config" \ No newline at end of file diff --git a/system-apps/whereabouts/rbac.yaml b/system-apps/whereabouts/rbac.yaml new file mode 100644 index 0000000..75dcbbd --- /dev/null +++ b/system-apps/whereabouts/rbac.yaml @@ -0,0 +1,76 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: whereabouts + namespace: kube-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: whereabouts +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: whereabouts-cni +subjects: +- kind: ServiceAccount + name: whereabouts + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: whereabouts-cni +rules: +- apiGroups: + - whereabouts.cni.cncf.io + resources: + - ippools + - overlappingrangeipreservations + - nodeslicepools + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' +- apiGroups: [""] + resources: + - pods + verbs: + - list + - watch + - get +- apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: ["k8s.cni.cncf.io"] + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update + - get \ No newline at end of file