diff --git a/.gitmodules b/.gitmodules index 0bf0db9..bd0d528 100644 --- a/.gitmodules +++ b/.gitmodules @@ -25,9 +25,6 @@ [submodule "docker-apt-cacher-ng"] path = docker-apt-cacher-ng url = https://github.com/sameersbn/docker-apt-cacher-ng.git -[submodule "kube-router"] - path = kube-router - url = https://github.com/cloudnativelabs/kube-router.git [submodule "mosquitto/charts"] path = mosquitto/charts url = https://github.com/smizy/charts.git diff --git a/_sys/kube-router-accounts.yaml b/_sys/kube-router-accounts.yaml new file mode 100644 index 0000000..5f1fe44 --- /dev/null +++ b/_sys/kube-router-accounts.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-router + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: kube-router +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + - services + - nodes + - endpoints + verbs: + - list + - get + - watch + - apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - extensions + resources: + - networkpolicies + verbs: + - get + - list + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: kube-router +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-router +subjects: +- kind: ServiceAccount + name: kube-router + namespace: kube-system diff --git a/_sys/kube-router-all-service-daemonset.yaml b/_sys/kube-router-all-service-daemonset.yaml new file mode 100644 index 0000000..7635dbe --- /dev/null +++ b/_sys/kube-router-all-service-daemonset.yaml @@ -0,0 +1,130 @@ +#https://gist.github.com/jjo/8c616aaf795284bb5b85d02143745f63 +apiVersion: v1 +kind: ConfigMap +metadata: + name: kube-router-cfg + namespace: kube-system + labels: + tier: node + k8s-app: kube-router +data: + cni-conf.json: | + { + "cniVersion":"0.3.0", + "name":"mynet", + "plugins":[ + { + "name":"kubernetes", + "type":"bridge", + "bridge":"kube-bridge", + "isDefaultGateway":true, + "ipam":{ + "type":"host-local" + } + } + ] + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-router + namespace: kube-system + labels: + k8s-app: kube-router +spec: + selector: + matchLabels: + k8s-app: kube-router + template: + metadata: + labels: + k8s-app: kube-router + spec: + priorityClassName: system-node-critical + containers: + - name: kube-router + image: docker.io/cloudnativelabs/kube-router:v1.0.1 + args: + - "--run-router=true" + - "--run-firewall=true" + - "--run-service-proxy=true" + - "--bgp-graceful-restart=true" + - "--kubeconfig=/var/lib/kube-router/kubeconfig" + securityContext: + privileged: true + imagePullPolicy: Always + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KUBE_ROUTER_CNI_CONF_FILE + value: /etc/cni/net.d/10-kuberouter.conflist + livenessProbe: + httpGet: + path: /healthz + port: 20244 + initialDelaySeconds: 10 + periodSeconds: 3 + volumeMounts: + - name: lib-modules + mountPath: /lib/modules + readOnly: true + - name: cni-conf-dir + mountPath: /etc/cni/net.d + - name: kubeconfig + mountPath: /var/lib/kube-router/kubeconfig + readOnly: true + - name: xtables-lock + mountPath: /run/xtables.lock + readOnly: false + initContainers: + - name: install-cni + image: docker.io/cloudnativelabs/kube-router:v1.0.1 + imagePullPolicy: Always + command: + - /bin/sh + - -c + - set -e -x; + if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then + if [ -f /etc/cni/net.d/*.conf ]; then + rm -f /etc/cni/net.d/*.conf; + fi; + TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; + cp /etc/kube-router/cni-conf.json ${TMP}; + mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; + fi + volumeMounts: + - name: cni-conf-dir + mountPath: /etc/cni/net.d + - name: kube-router-cfg + mountPath: /etc/kube-router + hostNetwork: true + serviceAccountName: kube-router + serviceAccount: kube-router + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: lib-modules + hostPath: + path: /lib/modules + - name: cni-conf-dir + hostPath: + path: /etc/cni/net.d + - name: kube-router-cfg + configMap: + name: kube-router-cfg + - name: kubeconfig + hostPath: + path: /var/lib/kube-router/kubeconfig + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + diff --git a/apps/docker-registry/registry-deployment.yaml b/apps/docker-registry/registry-deployment.yaml index cfdcd4d..25bdcbf 100644 --- a/apps/docker-registry/registry-deployment.yaml +++ b/apps/docker-registry/registry-deployment.yaml @@ -122,11 +122,11 @@ kind: Ingress metadata: name: docker-registry namespace: docker-registry - annotations: - nginx.ingress.kubernetes.io/proxy‑connect‑timeout: 30 - nginx.ingress.kubernetes.io/proxy‑read‑timeout: 1800 - nginx.ingress.kubernetes.io/proxy‑send‑timeout: 1800 - nginx.ingress.kubernetes.io/proxy-body-size: 0 + #annotations: + # nginx.ingress.kubernetes.io/proxy‑connect‑timeout: 30 + # nginx.ingress.kubernetes.io/proxy‑read‑timeout: 1800 + # nginx.ingress.kubernetes.io/proxy‑send‑timeout: 1800 + # nginx.ingress.kubernetes.io/proxy-body-size: '5g' spec: rules: - host: docker-registry.lan diff --git a/apps/mariadb/mariadb-deployment.yaml b/apps/mariadb/mariadb-deployment.yaml index 2c1e4a0..e4c3aa5 100644 --- a/apps/mariadb/mariadb-deployment.yaml +++ b/apps/mariadb/mariadb-deployment.yaml @@ -57,11 +57,11 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mariadb-pv-claim - annotations: - volume.beta.kubernetes.io/storage-provisioner: "nfs-storage" - volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" + #annotations: + # volume.beta.kubernetes.io/storage-provisioner: "nfs-storage" + # volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" spec: - storageClassName: "fast" + storageClassName: csi-s3-slow accessModes: - ReadWriteOnce resources: diff --git a/apps/mosquitto/deployment.yaml b/apps/mosquitto/deployment.yaml index b885c51..a92af3e 100644 --- a/apps/mosquitto/deployment.yaml +++ b/apps/mosquitto/deployment.yaml @@ -113,8 +113,8 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - annotations: - volume.beta.kubernetes.io/storage-provisioner: nfs-storage + #annotations: + # volume.beta.kubernetes.io/storage-provisioner: nfs-storage labels: app: mosquitto release: mqtt @@ -126,7 +126,7 @@ spec: resources: requests: storage: 2Gi - storageClassName: managed-nfs-storage + storageClassName: csi-s3-slow volumeMode: Filesystem --- apiVersion: v1 @@ -140,7 +140,8 @@ metadata: data: mosquitto.conf: |- log_dest none + user root port 1883 - persistence false + persistence true persistence_location /mosquitto/data/ diff --git a/apps/pihole-deployment.yaml b/apps/pihole-deployment.yaml index 2a28aed..0d9e40a 100644 --- a/apps/pihole-deployment.yaml +++ b/apps/pihole-deployment.yaml @@ -46,7 +46,7 @@ spec: value: 208.67.222.222 - name: DNS2 value: 208.67.220.220 - image: pihole/pihole:v5.1.1 + image: pihole/pihole:latest imagePullPolicy: Always livenessProbe: failureThreshold: 10 @@ -107,8 +107,8 @@ spec: subPath: addn-hosts dnsConfig: nameservers: - - 127.0.0.1 - - 192.168.10.1 + - 208.67.222.222 + - 208.67.220.220 dnsPolicy: None restartPolicy: Always schedulerName: default-scheduler @@ -144,10 +144,11 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pihole-data - #annotations: - # volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" + annotations: + volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" spec: - storageClassName: csi-s3-slow + #storageClassName: csi-s3-slow + storageClassName: managed-nfs-storage accessModes: - ReadWriteOnce resources: diff --git a/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile b/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile index f2cc918..45c48d5 100644 --- a/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile +++ b/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainers="Cyrill Troxler " LABEL description="csi-s3 slim image" -RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy +#RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy # s3fs and some other dependencies RUN apt-get update && \ apt-get install -y \ @@ -10,5 +10,5 @@ RUN apt-get update && \ apt-get clean -y && \ rm -rf /var/lib/apt/lists/* -COPY ./_output/s3driver /s3driver +COPY ./s3driver /s3driver ENTRYPOINT ["/s3driver"] diff --git a/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile.full b/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile.full index a2a13bf..8b5eed2 100644 --- a/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile.full +++ b/csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile.full @@ -1,7 +1,7 @@ FROM debian:buster-slim as s3backer ARG S3BACKER_VERSION=1.5.4 -RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy +#RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy RUN apt-get update && apt-get install -y \ build-essential \ autoconf \ diff --git a/csi-s3/storage-csi-s3/deploy/kubernetes/csi-s3.yaml b/csi-s3/storage-csi-s3/deploy/kubernetes/csi-s3.yaml index 67d4b3c..f38936b 100644 --- a/csi-s3/storage-csi-s3/deploy/kubernetes/csi-s3.yaml +++ b/csi-s3/storage-csi-s3/deploy/kubernetes/csi-s3.yaml @@ -94,6 +94,7 @@ spec: fieldRef: fieldPath: spec.nodeName imagePullPolicy: "Always" + #imagePullPolicy: "IfNotPresent" volumeMounts: - name: plugin-dir mountPath: /csi diff --git a/csi-s3/storage-csi-s3/deploy/kubernetes/provisioner.yaml b/csi-s3/storage-csi-s3/deploy/kubernetes/provisioner.yaml index d90a1b6..93e189d 100644 --- a/csi-s3/storage-csi-s3/deploy/kubernetes/provisioner.yaml +++ b/csi-s3/storage-csi-s3/deploy/kubernetes/provisioner.yaml @@ -79,7 +79,7 @@ spec: env: - name: ADDRESS value: /var/lib/kubelet/plugins/ch.ctrox.csi.s3-driver/csi.sock - imagePullPolicy: "IfNotPresent" + imagePullPolicy: "Always" volumeMounts: - name: socket-dir mountPath: /var/lib/kubelet/plugins/ch.ctrox.csi.s3-driver diff --git a/dashboard-adminuser-serviceaccount.yaml b/dashboard-adminuser-serviceaccount.yaml deleted file mode 100644 index 54cabb7..0000000 --- a/dashboard-adminuser-serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: admin-user - namespace: kubernetes-dashboard diff --git a/dashboard-adminuser.yaml b/dashboard-adminuser.yaml index 6db3be5..a3f84bc 100644 --- a/dashboard-adminuser.yaml +++ b/dashboard-adminuser.yaml @@ -10,3 +10,9 @@ subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kubernetes-dashboard diff --git a/kube-router b/kube-router deleted file mode 160000 index a23017d..0000000 --- a/kube-router +++ /dev/null @@ -1 +0,0 @@ -Subproject commit a23017d58f8fd3bfd7c4161a2d5a3d18f07fb32b