Skip to content

Commit 4b95eed

Browse files
committed
k8s manifests
1 parent fd7f9ff commit 4b95eed

3 files changed

Lines changed: 92 additions & 0 deletions

File tree

k8s/daemonset.yaml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
name: nodecryptor
5+
namespace: kube-system
6+
labels:
7+
app: nodecryptor
8+
spec:
9+
selector:
10+
matchLabels:
11+
app: nodecryptor
12+
template:
13+
metadata:
14+
labels:
15+
app: nodecryptor
16+
spec:
17+
serviceAccountName: nodecryptor
18+
hostNetwork: true
19+
containers:
20+
- name: nodecryptor
21+
image: ghcr.io/niklasbeierl/nodecryptor:latest
22+
imagePullPolicy: Always
23+
securityContext:
24+
capabilities:
25+
add:
26+
- NET_ADMIN
27+
env:
28+
- name: NODE_NAME
29+
valueFrom:
30+
fieldRef:
31+
fieldPath: spec.nodeName
32+
args:
33+
- --noop-route
34+
- 10.0.0.255/32

k8s/netshoot-daemonset.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
name: nettest
5+
namespace: kube-system
6+
spec:
7+
updateStrategy:
8+
type: RollingUpdate
9+
rollingUpdate:
10+
maxUnavailable: 100%
11+
selector:
12+
matchLabels:
13+
app: nettest
14+
template:
15+
metadata:
16+
labels:
17+
app: nettest
18+
spec:
19+
containers:
20+
- name: nettest
21+
image: nicolaka/netshoot
22+
command: ["sleep", "infinity"]
23+
securityContext:
24+
capabilities:
25+
add:
26+
- NET_RAW

k8s/rbac.yaml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
apiVersion: v1
2+
kind: ServiceAccount
3+
metadata:
4+
name: nodecryptor
5+
namespace: kube-system
6+
---
7+
apiVersion: rbac.authorization.k8s.io/v1
8+
kind: ClusterRole
9+
metadata:
10+
name: nodecryptor
11+
rules:
12+
- apiGroups:
13+
- cilium.io
14+
resources:
15+
- ciliumnodes
16+
verbs:
17+
- get
18+
- list
19+
- watch
20+
---
21+
apiVersion: rbac.authorization.k8s.io/v1
22+
kind: ClusterRoleBinding
23+
metadata:
24+
name: nodecryptor
25+
roleRef:
26+
apiGroup: rbac.authorization.k8s.io
27+
kind: ClusterRole
28+
name: nodecryptor
29+
subjects:
30+
- kind: ServiceAccount
31+
name: nodecryptor
32+
namespace: kube-system

0 commit comments

Comments
 (0)