forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 1
/
template.go
178 lines (164 loc) · 3.62 KB
/
template.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
package systemtemplate
var templateSource = `
---
apiVersion: v1
kind: Namespace
metadata:
name: cattle-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cattle
namespace: cattle-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cattle-admin-binding
namespace: cattle-system
subjects:
- kind: ServiceAccount
name: cattle
namespace: cattle-system
roleRef:
kind: ClusterRole
name: cattle-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Secret
metadata:
name: cattle-credentials-{{.TokenKey}}
namespace: cattle-system
type: Opaque
data:
url: "{{.URL}}"
token: "{{.Token}}"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cattle-admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: cattle-cluster-agent
namespace: cattle-system
spec:
selector:
matchLabels:
app: cattle-cluster-agent
template:
metadata:
labels:
app: cattle-cluster-agent
spec:
serviceAccountName: cattle
containers:
- name: cluster-register
imagePullPolicy: IfNotPresent
env:
- name: CATTLE_SERVER
value: "{{.URLPlain}}"
- name: CATTLE_CA_CHECKSUM
value: "{{.CAChecksum}}"
- name: CATTLE_CLUSTER
value: "true"
- name: CATTLE_K8S_MANAGED
value: "true"
image: {{.AgentImage}}
volumeMounts:
- name: cattle-credentials
mountPath: /cattle-credentials
readOnly: true
volumes:
- name: cattle-credentials
secret:
secretName: cattle-credentials-{{.TokenKey}}
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: cattle-node-agent
namespace: cattle-system
spec:
selector:
matchLabels:
app: cattle-agent
template:
metadata:
labels:
app: cattle-agent
spec:
hostNetwork: true
serviceAccountName: cattle
tolerations:
- effect: NoExecute
key: "node-role.kubernetes.io/etcd"
value: "true"
- effect: NoSchedule
key: "node-role.kubernetes.io/controlplane"
value: "true"
containers:
- name: agent
image: {{.AgentImage}}
imagePullPolicy: IfNotPresent
env:
- name: CATTLE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CATTLE_SERVER
value: "{{.URLPlain}}"
- name: CATTLE_CA_CHECKSUM
value: "{{.CAChecksum}}"
- name: CATTLE_CLUSTER
value: "false"
- name: CATTLE_K8S_MANAGED
value: "true"
- name: CATTLE_AGENT_CONNECT
value: "true"
volumeMounts:
- name: cattle-credentials
mountPath: /cattle-credentials
readOnly: true
- name: k8s-ssl
mountPath: /etc/kubernetes
- name: var-run
mountPath: /var/run
- name: run
mountPath: /run
securityContext:
privileged: true
volumes:
- name: k8s-ssl
hostPath:
path: /etc/kubernetes
type: DirectoryOrCreate
- name: var-run
hostPath:
path: /var/run
type: DirectoryOrCreate
- name: run
hostPath:
path: /run
type: DirectoryOrCreate
- name: cattle-credentials
secret:
secretName: cattle-credentials-{{.TokenKey}}
updateStrategy:
type: RollingUpdate
`