apiVersion: v1 kind: Namespace metadata: name: openelb-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: bgpconfs.network.kubesphere.io spec: group: network.kubesphere.io names: kind: BgpConf listKind: BgpConfList plural: bgpconfs singular: bgpconf scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: description: BgpConf is the Schema for the bgpconfs API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: struct for container bgp:config. Configuration parameters relating to the global BGP router. properties: as: description: original -> bgp:as bgp:as's original type is inet:as-number. Local autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991. format: int32 type: integer port: description: original -> gobgp:port format: int32 maximum: 65535 minimum: 1 type: integer routerID: description: original -> bgp:router-id bgp:router-id's original type is inet:ipv4-address. Router id of the router, expressed as an 32-bit value, IPv4 address. pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}$ type: string required: - as - port - routerID type: object status: description: BgpConfStatus defines the observed state of BgpConf type: object type: object served: true storage: false - name: v1alpha2 schema: openAPIV3Schema: description: BgpConf is the Schema for the bgpconfs API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: Configuration parameters relating to the global BGP router. properties: as: format: int32 type: integer asPerRack: additionalProperties: format: int32 type: integer type: object families: items: format: int32 type: integer type: array gracefulRestart: properties: deferralTime: format: int32 type: integer enabled: type: boolean helperOnly: type: boolean localRestarting: type: boolean longlivedEnabled: type: boolean mode: type: string notificationEnabled: type: boolean peerRestartTime: format: int32 type: integer peerRestarting: type: boolean restartTime: format: int32 type: integer staleRoutesTime: format: int32 type: integer type: object listenAddresses: items: type: string type: array listenPort: format: int32 type: integer policy: type: string routerId: type: string useMultiplePaths: type: boolean type: object status: description: BgpConfStatus defines the observed state of BgpConf properties: nodesConfStatus: additionalProperties: properties: as: format: int32 type: integer routerId: type: string type: object type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: bgppeers.network.kubesphere.io spec: group: network.kubesphere.io names: kind: BgpPeer listKind: BgpPeerList plural: bgppeers singular: bgppeer scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: description: BgpPeer is the Schema for the bgppeers API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: addPaths: description: original -> bgp:add-paths Parameters relating to the advertisement and receipt of multiple paths for a single NLRI (add-paths). properties: sendMax: description: original -> bgp:send-max The maximum number of paths to advertise to neighbors for a single NLRI. type: integer type: object config: description: original -> bgp:neighbor-address original -> bgp:neighbor-config Configuration parameters relating to the BGP neighbor or group. properties: neighborAddress: description: original -> bgp:neighbor-address bgp:neighbor-address's original type is inet:ip-address. Address of the BGP peer, either in IPv4 or IPv6. pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}$ type: string peerAs: description: original -> bgp:peer-as bgp:peer-as's original type is inet:as-number. AS number of the peer. format: int32 type: integer required: - neighborAddress - peerAs type: object transport: description: original -> bgp:transport Transport session parameters for the BGP neighbor or group. properties: passiveMode: description: original -> bgp:passive-mode bgp:passive-mode's original type is boolean. Wait for peers to issue requests to open a BGP session, rather than initiating sessions from the local router. type: boolean remotePort: description: original -> gobgp:remote-port gobgp:remote-port's original type is inet:port-number. maximum: 65535 minimum: 1 type: integer type: object usingPortForward: type: boolean type: object status: description: BgpPeerStatus defines the observed state of BgpPeer type: object type: object served: true storage: false - name: v1alpha2 schema: openAPIV3Schema: description: BgpPeer is the Schema for the bgppeers API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: afiSafis: items: properties: addPaths: properties: config: properties: receive: type: boolean sendMax: format: int32 type: integer type: object type: object config: properties: enabled: type: boolean family: properties: afi: type: string safi: type: string type: object type: object mpGracefulRestart: properties: config: properties: enabled: type: boolean type: object type: object type: object type: array conf: properties: adminDown: type: boolean allowOwnAs: format: int32 type: integer authPassword: type: string description: type: string localAs: format: int32 type: integer neighborAddress: type: string neighborInterface: type: string peerAs: format: int32 type: integer peerGroup: type: string peerType: format: int32 type: integer removePrivateAs: type: string replacePeerAs: type: boolean routeFlapDamping: type: boolean sendCommunity: format: int32 type: integer vrf: type: string type: object ebgpMultihop: properties: enabled: type: boolean multihopTtl: format: int32 type: integer type: object gracefulRestart: properties: deferralTime: format: int32 type: integer enabled: type: boolean helperOnly: type: boolean localRestarting: type: boolean longlivedEnabled: type: boolean mode: type: string notificationEnabled: type: boolean peerRestartTime: format: int32 type: integer peerRestarting: type: boolean restartTime: format: int32 type: integer staleRoutesTime: format: int32 type: integer type: object nodeSelector: description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object timers: properties: config: description: https://stackoverflow.com/questions/21151765/cannot-unmarshal-string-into-go-value-of-type-int64 properties: connectRetry: type: string holdTime: type: string keepaliveInterval: type: string minimumAdvertisementInterval: type: string type: object type: object transport: properties: mtuDiscovery: type: boolean passiveMode: type: boolean remoteAddress: type: string remotePort: format: int32 type: integer tcpMss: format: int32 type: integer type: object type: object status: description: BgpPeerStatus defines the observed state of BgpPeer properties: nodesPeerStatus: additionalProperties: properties: peerState: properties: adminState: type: string authPassword: type: string description: type: string flops: format: int32 type: integer localAs: format: int32 type: integer messages: properties: received: properties: discarded: type: string keepalive: type: string notification: type: string open: type: string refresh: type: string total: type: string update: type: string withdrawPrefix: type: string withdrawUpdate: type: string type: object sent: properties: discarded: type: string keepalive: type: string notification: type: string open: type: string refresh: type: string total: type: string update: type: string withdrawPrefix: type: string withdrawUpdate: type: string type: object type: object neighborAddress: type: string outQ: format: int32 type: integer peerAs: format: int32 type: integer peerGroup: type: string peerType: format: int32 type: integer queues: properties: input: format: int32 type: integer output: format: int32 type: integer type: object removePrivateAs: format: int32 type: integer routeFlapDamping: type: boolean routerId: type: string sendCommunity: format: int32 type: integer sessionState: type: string type: object timersState: properties: connectRetry: type: string downtime: type: string holdTime: type: string keepaliveInterval: type: string minimumAdvertisementInterval: type: string negotiatedHoldTime: type: string uptime: type: string type: object type: object description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: eips.network.kubesphere.io spec: group: network.kubesphere.io names: categories: - networking kind: Eip listKind: EipList plural: eips singular: eip scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .spec.address name: cidr type: string - jsonPath: .status.usage name: usage type: integer - jsonPath: .status.poolSize name: total type: integer name: v1alpha1 schema: openAPIV3Schema: description: Eip is the Schema for the eips API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: EipSpec defines the desired state of EIP properties: address: pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}((\/([0-9]|[1-2][0-9]|3[0-2]))|(\-([0-9]{1,3}\.){3}[0-9]{1,3}))?$ type: string disable: type: boolean protocol: enum: - bgp - layer2 type: string usingKnownIPs: type: boolean required: - address type: object status: description: EipStatus defines the observed state of EIP properties: occupied: type: boolean poolSize: type: integer usage: type: integer type: object type: object served: true storage: false subresources: {} - additionalPrinterColumns: - jsonPath: .spec.address name: cidr type: string - jsonPath: .status.usage name: usage type: integer - jsonPath: .status.poolSize name: total type: integer name: v1alpha2 schema: openAPIV3Schema: description: Eip is the Schema for the eips API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: EipSpec defines the desired state of EIP properties: address: type: string disable: type: boolean interface: type: string protocol: enum: - bgp - layer2 - vip type: string usingKnownIPs: type: boolean required: - address type: object status: description: EipStatus defines the observed state of EIP properties: firstIP: type: string lastIP: type: string occupied: type: boolean poolSize: type: integer ready: type: boolean usage: type: integer used: additionalProperties: type: string type: object v4: type: boolean type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: ServiceAccount metadata: name: kube-keepalived-vip namespace: openelb-system --- apiVersion: v1 kind: ServiceAccount metadata: name: openelb-admission namespace: openelb-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: leader-election-role namespace: openelb-system rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases/status verbs: - get - update - patch - apiGroups: - "" resources: - events verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: openelb-admission namespace: openelb-system rules: - apiGroups: - "" resources: - secrets verbs: - get - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kube-keepalived-vip rules: - apiGroups: - "" resources: - pods - nodes - endpoints - services - configmaps verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: openelb-admission rules: - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations - mutatingwebhookconfigurations verbs: - get - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: openelb-manager-role rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - apiGroups: - apps resources: - daemonsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - daemonsets/status verbs: - get - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - deployments/status verbs: - get - apiGroups: - "" resources: - configmaps verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - endpoints verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - "" resources: - nodes/status verbs: - get - patch - update - apiGroups: - "" resources: - pods verbs: - get - list - watch - apiGroups: - "" resources: - pods/status verbs: - get - list - watch - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services/finalizers verbs: - update - apiGroups: - "" resources: - services/status verbs: - get - patch - update - apiGroups: - network.kubesphere.io resources: - bgpconfs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - network.kubesphere.io resources: - bgpconfs/finalizers verbs: - update - apiGroups: - network.kubesphere.io resources: - bgpconfs/status verbs: - get - patch - update - apiGroups: - network.kubesphere.io resources: - bgppeers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - network.kubesphere.io resources: - bgppeers/status verbs: - get - patch - update - apiGroups: - network.kubesphere.io resources: - eips verbs: - create - delete - get - list - patch - update - watch - apiGroups: - network.kubesphere.io resources: - eips/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: leader-election-rolebinding namespace: openelb-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: leader-election-role subjects: - kind: ServiceAccount name: openelb-admission namespace: openelb-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: openelb-admission namespace: openelb-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: openelb-admission subjects: - kind: ServiceAccount name: openelb-admission namespace: openelb-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kube-keepalived-vip roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kube-keepalived-vip subjects: - kind: ServiceAccount name: kube-keepalived-vip namespace: openelb-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openelb-admission roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: openelb-admission subjects: - kind: ServiceAccount name: openelb-admission namespace: openelb-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openelb-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: openelb-manager-role subjects: - kind: ServiceAccount name: openelb-admission namespace: openelb-system --- apiVersion: v1 kind: Service metadata: name: openelb-admission namespace: openelb-system spec: ports: - name: https-webhook port: 443 targetPort: webhook selector: app: openelb-manager control-plane: openelb-manager type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: openelb-manager control-plane: openelb-manager name: openelb-manager namespace: openelb-system spec: selector: matchLabels: app: openelb-manager control-plane: openelb-manager strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app: openelb-manager control-plane: openelb-manager spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - openelb-manager topologyKey: kubernetes.io/hostname containers: - args: - --api-hosts=:50051 - --metrics-addr=:50052 - --webhook-port=443 command: - openelb-manager env: - name: OPENELB_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName image: kubesphere/openelb:v0.5.1 imagePullPolicy: IfNotPresent name: openelb-manager ports: - containerPort: 443 name: webhook protocol: TCP readinessProbe: exec: command: - sh - -c - | gobgp -p 50051 global failureThreshold: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 100m memory: 100Mi securityContext: capabilities: add: - NET_ADMIN - SYS_TIME volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs/ name: webhook-cert readOnly: true hostNetwork: true nodeSelector: kubernetes.io/os: linux serviceAccountName: openelb-admission terminationGracePeriodSeconds: 10 tolerations: - key: CriticalAddonsOnly operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes: - name: webhook-cert secret: items: - key: key path: tls.key - key: cert path: tls.crt secretName: openelb-admission --- apiVersion: batch/v1 kind: Job metadata: name: openelb-admission-create namespace: openelb-system spec: template: metadata: name: openelb-admission-create spec: containers: - args: - create - --host=openelb-admission,openelb-admission.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - --secret-name=openelb-admission env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # If you cannot access "registry.k8s.io/ingress-nginx/kube-webhook-certgen", you can replace it with "kubespheredev/kube-webhook-certgen" image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1 imagePullPolicy: IfNotPresent name: create restartPolicy: OnFailure securityContext: runAsNonRoot: true runAsUser: 2000 serviceAccountName: openelb-admission --- apiVersion: batch/v1 kind: Job metadata: name: openelb-admission-patch namespace: openelb-system spec: template: metadata: name: openelb-admission-patch spec: containers: - args: - patch - --webhook-name=openelb-admission - --namespace=$(POD_NAMESPACE) - --patch-mutating=true - --secret-name=openelb-admission - --patch-failure-policy=Fail env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # If you cannot access "registry.k8s.io/ingress-nginx/kube-webhook-certgen", you can replace it with "kubespheredev/kube-webhook-certgen" image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1 imagePullPolicy: IfNotPresent name: patch restartPolicy: OnFailure securityContext: runAsNonRoot: true runAsUser: 2000 serviceAccountName: openelb-admission --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: creationTimestamp: null name: openelb-admission webhooks: - admissionReviewVersions: - v1beta1 - v1 clientConfig: service: name: openelb-admission namespace: openelb-system path: /validate-network-kubesphere-io-v1alpha2-svc failurePolicy: Fail name: mutating.eip.network.kubesphere.io rules: - apiGroups: - "" apiVersions: - v1 operations: - CREATE - UPDATE resources: - services sideEffects: NoneOnDryRun --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: openelb-admission webhooks: - admissionReviewVersions: - v1beta1 - v1 clientConfig: service: name: openelb-admission namespace: openelb-system path: /validate-network-kubesphere-io-v1alpha2-eip failurePolicy: Fail matchPolicy: Equivalent name: validate.eip.network.kubesphere.io rules: - apiGroups: - network.kubesphere.io apiVersions: - v1alpha2 operations: - CREATE - UPDATE resources: - eips sideEffects: None