forked from kubernetes-retired/kpng
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkpng-deployment-ds-template.txt
145 lines (145 loc) · 4.16 KB
/
kpng-deployment-ds-template.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
apiVersion: apps/v1
kind: DaemonSet
metadata:
creationTimestamp: null
labels:
app: kpng
name: kpng
namespace: {{ .Namespace }}
spec:
selector:
matchLabels:
app: kpng
template:
metadata:
labels:
app: kpng
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9099"
spec:
# to enable progressive deployment on existing cluster you can use node labels:
#nodeSelector:
# kpng: kpng
serviceAccountName: {{ .ServiceAccountName }}
hostNetwork: true
# so that kpng always runs on the controlplane nodes...
tolerations:
- operator: "Exists"
effect: "NoSchedule"
containers:
# only spin up bpftools image if ebpf is the selected backend.
{{- if .IsEbpfBackend }}
- image: cilium/cilium-bpftool:b5ba881d2a7ec68d88ecd72efd60ac551c720701
imagePullPolicy: {{ .ImagePullPolicy }}
name: kpng-ebpf-tools
securityContext:
privileged: true
command: [ "/bin/bash", "-c", "--", "mount bpffs /sys/fs/bpf -t bpf && sleep infinity" ]
volumeMounts:
- name: modules
mountPath: /lib/modules
readOnly: true
- name: bpf-maps
mountPath: /sys/fs/bpf
mountPropagation: Bidirectional
- name: bpf-log
mountPath: /tracing
{{- end }}
# spinup single container when running in one process
{{- if eq .Deployment_model "single-process-per-node" }}
- image: {{ .KpngImage }}
imagePullPolicy: {{ .ImagePullPolicy }}
env:
- name: GOLANG_PROTOBUF_REGISTRATION_CONFLICT
value: warn
name: kpng-{{ .Backend }}
securityContext:
privileged: true
volumeMounts:
- name: empty
mountPath: /k8s
- name: modules
mountPath: /lib/modules
readOnly: true
- mountPath: /var/lib/kpng
name: kpng-config
{{- if .IsEbpfBackend }}
- name: bpf-maps
mountPath: /sys/fs/bpf
mountPropagation: Bidirectional
- name: cgroup-v2-fs
mountPath: /sys/fs/cgroup/unified
readOnly: true
- name: cgroup-v2-mount
mountPath: /host-mount/mounts
mountPropagation: HostToContainer
{{- end }}
args: {{ .E2eBackendArgs }}
{{- else }}
- image: {{ .KpngImage }}
imagePullPolicy: {{ .ImagePullPolicy }}
env:
- name: GOLANG_PROTOBUF_REGISTRATION_CONFLICT
value: warn
name: kpng
ports:
- containerPort: 9099
protocol: TCP
volumeMounts:
- name: empty
mountPath: /k8s
- mountPath: /var/lib/kpng
name: kpng-config
args: {{ .E2eServerArgs }}
- image: {{ .KpngImage }}
imagePullPolicy: {{ .ImagePullPolicy }}
env:
- name: GOLANG_PROTOBUF_REGISTRATION_CONFLICT
value: warn
name: kpng-{{ .Backend }}
securityContext:
privileged: true
volumeMounts:
- name: empty
mountPath: /k8s
- name: modules
mountPath: /lib/modules
readOnly: true
{{- if .IsEbpfBackend }}
- name: bpf-maps
mountPath: /sys/fs/bpf
mountPropagation: Bidirectional
- name: cgroup-v2-fs
mountPath: /sys/fs/cgroup/unified
readOnly: true
- name: cgroup-v2-mount
mountPath: /host-mount/mounts
mountPropagation: HostToContainer
{{- end }}
args: {{ .E2eBackendArgs }}
{{- end }}
volumes:
- name: empty
emptyDir: {}
- name: modules
hostPath:
path: /lib/modules
- name: kpng-config
configMap:
name: {{ .ConfigMapName }}
{{- if .IsEbpfBackend }}
- name: bpf-maps
hostPath:
path: /sys/fs/bpf
type: DirectoryOrCreate
- name: bpf-log
hostPath:
path: /sys/kernel/debug/tracing
- name: cgroup-v2-fs
hostPath:
path: /sys/fs/cgroup/unified
- name: cgroup-v2-mount
hostPath:
path: /proc/mounts
{{- end }}