-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Makes controller run in-cluster #1
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
## This Readme documents how to run the KubeProxy operator in a kinder cluster | ||
|
||
# 1. Create a kinder cluster | ||
Ensure kinder is installed. [Installation docs](https://github.com/kubernetes/kubeadm/blob/master/kinder/README.md) | ||
|
||
```bash | ||
kinder create cluster --image=kindest/node:v1.18.0 | ||
|
||
kinder do kubeadm-config | ||
kinder do loadbalancer | ||
|
||
docker exec -it kind-control-plane-1 /kind/bin/kubeadm init --skip-phases="addon/kube-proxy" --ignore-preflight-errors="FileContent--proc-sys-net-bridge-bridge-nf-call-iptables,Swap,SystemVerification" --config /kind/kubeadm.conf | ||
kinder exec @all -- sysctl -w net.ipv4.conf.all.rp_filter=1 | ||
|
||
kinder cp @cp1:/etc/kubernetes/admin.conf $(kinder get kubeconfig-path) | ||
export KUBECONFIG=$(kinder get kubeconfig-path) | ||
``` | ||
|
||
You might have set the server ip in the KUBECONFIG to use localhost to reach the cluster, `insecure-skip-tls-verify` to true, and delete the ca certificate. To find the port, run `docker ps | grep kind` and check the port | ||
|
||
> insecure-skip-tls-verify: true | ||
> server: https://127.0.0.1:<port> | ||
|
||
2. Set the Kubernetes Service host and port in manager.yaml | ||
ssh into the node and get the host and port. | ||
The command below should give the host. | ||
```bash | ||
docker inspect kind-control-plane-1 | grep IPAddress | ||
``` | ||
|
||
Replace it in the `manager.yaml` | ||
|
||
>- name: KUBERNETES_SERVICE_HOST | ||
> value: "172.17.0.2" | ||
>- name: KUBERNETES_SERVICE_PORT | ||
> value: "6443" | ||
|
||
|
||
3. Build and deploy Docker image | ||
```bash | ||
make docker-build | ||
|
||
make deploy | ||
``` | ||
|
||
4. Install CRD | ||
|
||
```bash | ||
make install | ||
kubectl apply -f config/samples/ | ||
``` | ||
|
||
5. KubeProxy should be up and running |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,8 @@ | |
apiVersion: apiextensions.k8s.io/v1beta1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.2.4 | ||
creationTimestamp: null | ||
name: kubeproxies.addons.x-k8s.io | ||
spec: | ||
|
@@ -12,20 +14,20 @@ spec: | |
listKind: KubeProxyList | ||
plural: kubeproxies | ||
singular: kubeproxy | ||
scope: "" | ||
scope: Namespaced | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is a notable change -- I think it does make sense. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is inline with the existing operators (eg coredns). I think I generated this CRD incorrectly by not picking Namespaced from the onset. Really great point about different node groups. |
||
validation: | ||
openAPIV3Schema: | ||
description: KubeProxy is the Schema for the API | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,11 @@ | ||
resources: | ||
- manager.yaml | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
images: | ||
- name: controller | ||
newName: controller | ||
newTag: latest | ||
patchesStrategicMerge: | ||
- patches/apiserver_endpoint.patch.yaml | ||
- patches/tolerations_controlplane.patch.yaml |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,12 +22,14 @@ spec: | |
labels: | ||
control-plane: controller-manager | ||
spec: | ||
hostNetwork: true | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this is a reasonable default 👍 |
||
containers: | ||
- command: | ||
- /manager | ||
args: | ||
- --enable-leader-election | ||
image: controller:latest | ||
imagePullPolicy: IfNotPresent | ||
name: manager | ||
resources: | ||
limits: | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: controller-manager | ||
namespace: system | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: manager | ||
env: | ||
- name: KUBERNETES_SERVICE_HOST | ||
value: "172.17.0.2" | ||
- name: KUBERNETES_SERVICE_PORT | ||
value: "6443" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: controller-manager | ||
namespace: system | ||
spec: | ||
template: | ||
spec: | ||
tolerations: | ||
- key: "node.kubernetes.io/not-ready" | ||
operator: "Exists" | ||
effect: "NoSchedule" | ||
- key: "node-role.kubernetes.io/master" | ||
operator: "Exists" | ||
effect: "NoSchedule" |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,14 +3,22 @@ module addon-operators/kubeproxy | |
go 1.12 | ||
|
||
require ( | ||
github.com/appscode/jsonpatch v0.0.0-20190108182946-7c0e3b262f30 // indirect | ||
github.com/go-logr/logr v0.1.0 | ||
github.com/onsi/ginkgo v1.7.0 | ||
github.com/onsi/gomega v1.4.3 | ||
k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d | ||
k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible | ||
k8s.io/klog v0.3.0 | ||
github.com/gobuffalo/envy v1.6.10 // indirect | ||
github.com/imdario/mergo v0.3.7 // indirect | ||
github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a // indirect | ||
github.com/onsi/ginkgo v1.10.1 | ||
github.com/onsi/gomega v1.7.0 | ||
github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c // indirect | ||
k8s.io/apimachinery v0.17.0 | ||
k8s.io/client-go v0.17.0 | ||
k8s.io/klog v1.0.0 | ||
k8s.io/kubeadm v0.0.0-20191014153037-d541f020334c // indirect | ||
k8s.io/kubeadm/kinder v0.0.0-20191014153037-d541f020334c // indirect | ||
sigs.k8s.io/controller-runtime v0.2.2 | ||
sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20190926123507-e845b6c6f25a | ||
sigs.k8s.io/cluster-addons/dashboard v0.0.0-20200515184536-657eb5be7e85 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you know why the dashboard operator and kind are getting pulled into this file? Maybe a weird local cache issue? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That's weird. I would look into it |
||
sigs.k8s.io/controller-runtime v0.4.0 | ||
sigs.k8s.io/controller-tools v0.1.6 // indirect | ||
sigs.k8s.io/kind v0.1.0 // indirect | ||
sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200226054827-748a6481b2a4 | ||
sigs.k8s.io/kustomize v2.0.3+incompatible // indirect | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I run
make manifests
will this get overwritten? If so, it may make more sense to have the user edit the patch (patches/apiserver_endpoint.patch.yaml
)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True. That should change