From a7a721358f78a9e06ba455de424a68ae9390559d Mon Sep 17 00:00:00 2001 From: Suraj Deshmukh Date: Fri, 22 May 2020 18:44:30 +0530 Subject: [PATCH] Revert "calico-host-protection: Remove HostEndpoint Controller" This reverts commit 84c2ec76809c34789df23dd837a27d937ab7b17b. --- .../templates/host-endpoint-controller.yaml | 72 +++++++++++++++++++ .../templates/host-endpoints.yaml | 14 ++++ 2 files changed, 86 insertions(+) create mode 100644 assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoint-controller.yaml create mode 100644 assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoints.yaml diff --git a/assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoint-controller.yaml b/assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoint-controller.yaml new file mode 100644 index 000000000..13713a39e --- /dev/null +++ b/assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoint-controller.yaml @@ -0,0 +1,72 @@ +# manifests for component calico-hostendpoint-controller + +--- +# deployment.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-hostendpoint-controller + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: calico-hostendpoint-controller + name: calico-hostendpoint-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: calico-hostendpoint-controller + template: + metadata: + labels: + app: calico-hostendpoint-controller + spec: + serviceAccountName: calico-hostendpoint-controller + containers: + - image: kinvolk/calico-hostendpoint-controller:v0.0.3 + name: calico-hostendpoint-controller + volumeMounts: + - mountPath: /tmp/ + name: tmp-dir + volumes: + # mount in tmp so we can safely use from-scratch images and/or read-only containers + - name: tmp-dir + emptyDir: {} + +--- +# rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: calico-hostendpoint-controller-role +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "watch", "list"] +- apiGroups: ["crd.projectcalico.org"] + resources: ["hostendpoints"] + verbs: + - create + - get + - list + - update + - delete + # To use kubectl apply on resources that already exist + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: calico-hostendpoint-controller-role-binding +subjects: +- kind: ServiceAccount + name: calico-hostendpoint-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: calico-hostendpoint-controller-role + apiGroup: rbac.authorization.k8s.io diff --git a/assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoints.yaml b/assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoints.yaml new file mode 100644 index 000000000..f72d42be0 --- /dev/null +++ b/assets/lokomotive-kubernetes/packet/flatcar-linux/kubernetes/calico-host-protection/templates/host-endpoints.yaml @@ -0,0 +1,14 @@ +{{- range .Values.hostEndpoints }} +--- +apiVersion: crd.projectcalico.org/v1 +kind: HostEndpoint +metadata: + name: {{ .name }} + labels: + {{- range $key, $value := .labels }} + {{ $key }}: {{ $value }} + {{- end }} +spec: + interfaceName: {{ .interfaceName }} + node: {{ .nodeName }} +{{- end }}