From 5fa8f9fb0e121fc729a34a1f989068d5ff9f9405 Mon Sep 17 00:00:00 2001 From: mengskysama Date: Tue, 19 Dec 2017 18:36:07 +0800 Subject: [PATCH] adapt k8s 1.8 --- k8s-daemonset/README.md | 18 ++- k8s-daemonset/k8s/namerd-legacy.yml | 198 ++++++++++++++++++++++++++++ k8s-daemonset/k8s/namerd.yml | 17 ++- 3 files changed, 226 insertions(+), 7 deletions(-) create mode 100644 k8s-daemonset/k8s/namerd-legacy.yml diff --git a/k8s-daemonset/README.md b/k8s-daemonset/README.md index a4622759..d1a4d3a6 100644 --- a/k8s-daemonset/README.md +++ b/k8s-daemonset/README.md @@ -51,6 +51,14 @@ one is best for your use case. #### Daemonsets +If cluster enable RBAC please setting up the permission: + +```bash +kubectl apply -f k8s/linkerd-rbac-beta.yml +``` + +* [Using Linkerd with Kubernetes RBAC](https://buoyant.io/2017/07/24/using-linkerd-kubernetes-rbac/) + For the most basic linkerd DaemonSets configuration, you can run: ```bash @@ -86,7 +94,15 @@ To deploy this configuration, you can run: ```bash kubectl apply -f k8s/certificates.yml kubectl apply -f k8s/namerd.yml -kubectl apply -f k8s/linkerd-namerd-cni.yml +kubectl apply -f k8s/linkerd-namerd-cni-tls.yml +``` + +If Kubernets version < 1.8, you can run: + +```bash +kubectl apply -f k8s/certificates.yml +kubectl apply -f k8s/namerd-legacy.yml +kubectl apply -f k8s/linkerd-namerd-cni-tls.yml ``` This configuration enables routing via io.l5d.namerd on port 4140, and diff --git a/k8s-daemonset/k8s/namerd-legacy.yml b/k8s-daemonset/k8s/namerd-legacy.yml new file mode 100644 index 00000000..7fc21222 --- /dev/null +++ b/k8s-daemonset/k8s/namerd-legacy.yml @@ -0,0 +1,198 @@ +--- +kind: ThirdPartyResource +apiVersion: extensions/v1beta1 +metadata: + name: d-tab.l5d.io +description: stores dtabs used by namerd +versions: +- name: v1alpha1 +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: namerd-config +data: + config.yml: |- + admin: + ip: 0.0.0.0 + port: 9991 + + namers: + - kind: io.l5d.k8s + experimental: true + host: localhost + port: 8001 + + storage: + kind: io.l5d.k8s + host: localhost + port: 8001 + namespace: default + + interfaces: + - kind: io.l5d.thriftNameInterpreter + ip: 0.0.0.0 + port: 4100 + - kind: io.l5d.thriftNameInterpreter + ip: 0.0.0.0 + port: 4101 + tls: + certPath: /io.buoyant/namerd/certs/certificate.pem + keyPath: /io.buoyant/namerd/certs/key.pk8 + - kind: io.l5d.httpController + ip: 0.0.0.0 + port: 4180 + - kind: io.l5d.httpController + ip: 0.0.0.0 + port: 4181 + tls: + certPath: /io.buoyant/namerd/certs/certificate.pem + keyPath: /io.buoyant/namerd/certs/key.pk8 + - kind: io.l5d.mesh + ip: 0.0.0.0 + port: 4321 + - kind: io.l5d.mesh + ip: 0.0.0.0 + port: 4322 + tls: + certPath: /io.buoyant/namerd/certs/certificate.pem + keyPath: /io.buoyant/namerd/certs/key.pk8 + +--- +kind: ReplicationController +apiVersion: v1 +metadata: + name: namerd +spec: + replicas: 1 + selector: + app: namerd + template: + metadata: + labels: + app: namerd + spec: + dnsPolicy: ClusterFirst + volumes: + - name: namerd-config + configMap: + name: namerd-config + - name: certificates + secret: + secretName: certificates + containers: + - name: namerd + image: buoyantio/namerd:1.3.2 + args: + - /io.buoyant/namerd/config/config.yml + ports: + - name: thrift + containerPort: 4100 + - name: thrift-tls + containerPort: 4101 + - name: http + containerPort: 4180 + - name: http-tls + containerPort: 4181 + - name: mesh + containerPort: 4321 + - name: mesh-tls + containerPort: 4322 + - name: admin + containerPort: 9991 + volumeMounts: + - name: "namerd-config" + mountPath: "/io.buoyant/namerd/config" + readOnly: true + - name: "certificates" + mountPath: "/io.buoyant/namerd/certs" + readOnly: true + - name: kubectl + image: buoyantio/kubectl:v1.8.5 + args: + - "proxy" + - "-p" + - "8001" +--- +apiVersion: v1 +kind: Service +metadata: + name: namerd +spec: + selector: + app: namerd + type: LoadBalancer + ports: + - name: thrift + port: 4100 + - name: thrift-tls + port: 4101 + - name: http + port: 4180 + - name: http-tls + port: 4181 + - name: mesh + port: 4321 + - name: mesh-tls + port: 4322 + - name: admin + port: 9991 +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: namerctl-script +data: + createNs.sh: |- + #!/bin/sh + + set -e + + if namerctl dtab get external > /dev/null 2>&1; then + echo "external namespace already exists" + else + echo " + /host => /#/io.l5d.k8s/default/http/hello; + /svc/* => /host; + " | namerctl dtab create external - + fi + + if namerctl dtab get internal > /dev/null 2>&1; then + echo "internal namespace already exists" + else + echo " + /srv => /#/io.l5d.k8s/default/http; + /host => /srv; + /tmp => /srv; + /svc => /host; + /host/world => /srv/world-v1; + " | namerctl dtab create internal - + fi +--- +kind: Job +apiVersion: batch/v1 +metadata: + name: namerctl +spec: + template: + metadata: + name: namerctl + spec: + volumes: + - name: namerctl-script + configMap: + name: namerctl-script + defaultMode: 0755 + containers: + - name: namerctl + image: linkerd/namerctl:0.8.6 + env: + - name: NAMERCTL_BASE_URL + value: http://namerd.default.svc.cluster.local:4180 + command: + - "/namerctl/createNs.sh" + volumeMounts: + - name: "namerctl-script" + mountPath: "/namerctl" + readOnly: true + restartPolicy: OnFailure diff --git a/k8s-daemonset/k8s/namerd.yml b/k8s-daemonset/k8s/namerd.yml index 7fc21222..dd480e9a 100644 --- a/k8s-daemonset/k8s/namerd.yml +++ b/k8s-daemonset/k8s/namerd.yml @@ -1,11 +1,16 @@ --- -kind: ThirdPartyResource -apiVersion: extensions/v1beta1 +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 metadata: - name: d-tab.l5d.io -description: stores dtabs used by namerd -versions: -- name: v1alpha1 + name: dtabs.l5d.io +spec: + scope: Namespaced + group: l5d.io + version: v1alpha1 + names: + kind: DTab + plural: dtabs + singular: dtab --- kind: ConfigMap apiVersion: v1