Skip to content

Commit

Permalink
[cni-cilium] New module
Browse files Browse the repository at this point in the history
  • Loading branch information
@zuzzas
zuzzas committed Jan 20, 2022
1 parent 1db6f2c commit bd3d637
Show file tree
Hide file tree
Showing 45 changed files with 12,809 additions and 1 deletion.
1 change: 1 addition & 0 deletions deckhouse-controller/cmd/deckhouse-controller/register-go-hooks.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions global-hooks/enable_cni.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ var (
cniNameToModule = map[string]string{
"flannel": "cniFlannelEnabled",
"simple-bridge": "cniSimpleBridgeEnabled",
"cilium": "cniCiliumEnabled",
}
)

Expand Down Expand Up @@ -78,6 +79,11 @@ func enableCni(input *go_hook.HookInput) error {
}

for cniName, module := range cniNameToModule {
_, ok := input.ConfigValues.GetOk(module)
if ok {
continue
}

if cniToEnable == cniName {
input.Values.Set(module, true)
} else {
Expand Down
8 changes: 8 additions & 0 deletions modules/020-cni-cilium/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
images
hooks
openapi
crds
template_tests
enabled
README.md
candi
1 change: 1 addition & 0 deletions modules/020-cni-cilium/.namespace
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
d8-cni-cilium
2 changes: 2 additions & 0 deletions modules/020-cni-cilium/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
name: cni-cilium
version: 0.1.0
1 change: 1 addition & 0 deletions modules/020-cni-cilium/charts/helm_lib
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/deckhouse/helm_lib
4,854 changes: 4,854 additions & 0 deletions modules/020-cni-cilium/crds/ciliumclusterwidenetworkpolicies.yaml
View file

Large diffs are not rendered by default.

194 changes: 194 additions & 0 deletions modules/020-cni-cilium/crds/ciliumegressnatpolicies.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
labels:
heritage: deckhouse
module: deckhouse
name: ciliumegressnatpolicies.cilium.io
spec:
group: cilium.io
names:
categories:
- cilium
- ciliumpolicy
kind: CiliumEgressNATPolicy
listKind: CiliumEgressNATPolicyList
plural: ciliumegressnatpolicies
singular: ciliumegressnatpolicy
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
destinationCIDRs:
description: DestinationCIDRs is a list of destination CIDRs for destination
IP addresses. If a destination IP matches any one CIDR, it will
be selected.
items:
pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]|[1-2][0-9]|3[0-2])$
type: string
type: array
egress:
description: Egress represents a list of rules by which egress traffic
is filtered from the source pods.
items:
properties:
namespaceSelector:
description: Selects Namespaces using cluster-scoped labels.
This field follows standard label selector semantics; if present
but empty, it selects all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
description: MatchLabelsValue represents the value from
the MatchLabels {key,value} pair.
maxLength: 63
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
podSelector:
description: This is a label selector which selects Pods. This
field follows standard label selector semantics; if present
but empty, it selects all pods.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
description: MatchLabelsValue represents the value from
the MatchLabels {key,value} pair.
maxLength: 63
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
type: object
type: array
egressSourceIP:
description: "EgressSourceIP is a source ip address that the egress
traffic is redirected to and SNATed with. \n Example: When it is
set to \"192.168.1.100\", matched egress packets will be redirected
to node with ip 192.168.1.100 and SNAT’ed with IP address 192.168.1.100."
pattern: ((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))
type: string
required:
- destinationCIDRs
- egress
- egressSourceIP
type: object
required:
- metadata
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

0 comments on commit bd3d637

Please sign in to comment.