kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9255 from olemarkus/romana-remove 

Remove romana support
This commit is contained in:
Kubernetes Prow Robot 2020-06-03 13:24:59 -07:00 committed by GitHub
parent 11928bf327 1a9de4511e
commit 4fe5ad03f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 5 additions and 1630 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kops/create_cluster.go
View File

@ -1008,8 +1008,6 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
cluster.Spec.Networking.Canal = &api.CanalNetworkingSpec{} cluster.Spec.Networking.Canal = &api.CanalNetworkingSpec{}
case "kube-router": case "kube-router":
cluster.Spec.Networking.Kuberouter = &api.KuberouterNetworkingSpec{} cluster.Spec.Networking.Kuberouter = &api.KuberouterNetworkingSpec{}
case "romana":
cluster.Spec.Networking.Romana = &api.RomanaNetworkingSpec{}
case "amazonvpc", "amazon-vpc-routed-eni": case "amazonvpc", "amazon-vpc-routed-eni":
cluster.Spec.Networking.AmazonVPC = &api.AmazonVPCNetworkingSpec{} cluster.Spec.Networking.AmazonVPC = &api.AmazonVPCNetworkingSpec{}
case "cilium": case "cilium":

2
docs/releases/1.19-NOTES.md
View File

@ -6,6 +6,8 @@
# Breaking changes # Breaking changes
* Support for the Romana networking provider has been removed.
# Required Actions # Required Actions
# Deprecations # Deprecations

2
nodeup/pkg/model/network.go
View File

@ -46,7 +46,7 @@ func (b *NetworkBuilder) Build(c *fi.ModelBuilderContext) error {
// external is based on kubenet // external is based on kubenet
assetNames = append(assetNames, "bridge", "host-local", "loopback") assetNames = append(assetNames, "bridge", "host-local", "loopback")
} else if networking.CNI != nil || networking.Weave != nil || networking.Flannel != nil || networking.Calico != nil || networking.Canal != nil || networking.Kuberouter != nil || networking.Romana != nil || networking.AmazonVPC != nil || networking.Cilium != nil { } else if networking.CNI != nil || networking.Weave != nil || networking.Flannel != nil || networking.Calico != nil || networking.Canal != nil || networking.Kuberouter != nil || networking.AmazonVPC != nil || networking.Cilium != nil {
assetNames = append(assetNames, "bridge", "host-local", "loopback", "ptp", "portmap") assetNames = append(assetNames, "bridge", "host-local", "loopback", "ptp", "portmap")
// Do we need tuning? // Do we need tuning?

2
pkg/apis/kops/cluster.go
View File

@ -623,8 +623,6 @@ func (c *Cluster) fillClusterSpecNetworkingSpec() {
// OK // OK
} else if c.Spec.Networking.Kuberouter != nil { } else if c.Spec.Networking.Kuberouter != nil {
// OK // OK
} else if c.Spec.Networking.Romana != nil {
// OK
} else if c.Spec.Networking.AmazonVPC != nil { } else if c.Spec.Networking.AmazonVPC != nil {
// OK // OK
} else if c.Spec.Networking.Cilium != nil { } else if c.Spec.Networking.Cilium != nil {

5
pkg/apis/kops/validation/validation.go
View File

@ -372,10 +372,7 @@ func validateNetworking(c *kops.ClusterSpec, v *kops.NetworkingSpec, fldPath *fi
} }
if v.Romana != nil { if v.Romana != nil {
if optionTaken { allErrs = append(allErrs, field.Forbidden(fldPath.Child("romana"), "support for Romana has been removed"))
allErrs = append(allErrs, field.Forbidden(fldPath.Child("romana"), "only one networking option permitted"))
}
optionTaken = true
} }
if v.AmazonVPC != nil { if v.AmazonVPC != nil {

13
pkg/model/components/networking.go
View File

@ -59,18 +59,5 @@ func (b *NetworkingOptionsBuilder) BuildOptions(o interface{}) error {
return fmt.Errorf("classic networking not supported") return fmt.Errorf("classic networking not supported")
} }
if networking.Romana != nil {
daemonIP, err := WellKnownServiceIP(clusterSpec, 99)
if err != nil {
return err
}
networking.Romana.DaemonServiceIP = daemonIP.String()
etcdIP, err := WellKnownServiceIP(clusterSpec, 88)
if err != nil {
return err
}
networking.Romana.EtcdServiceIP = etcdIP.String()
}
return nil return nil
} }

7
pkg/model/firewall.go
View File

@ -257,13 +257,6 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu
protocols = append(protocols, ProtocolIPIP) protocols = append(protocols, ProtocolIPIP)
} }
if b.Cluster.Spec.Networking.Romana != nil {
// Romana needs to access etcd
klog.Warningf("Opening etcd port on masters for access from the nodes, for romana. This is unsafe in untrusted environments.")
tcpBlocked[4001] = false
protocols = append(protocols, ProtocolIPIP)
}
if b.Cluster.Spec.Networking.Kuberouter != nil { if b.Cluster.Spec.Networking.Kuberouter != nil {
protocols = append(protocols, ProtocolIPIP) protocols = append(protocols, ProtocolIPIP)
} }

38
pkg/model/iam/iam_builder.go
View File

@ -180,10 +180,6 @@ func (b *PolicyBuilder) BuildAWSPolicyMaster() (*Policy, error) {
addECRPermissions(p) addECRPermissions(p)
} }
if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Romana != nil {
addRomanaCNIPermissions(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName())
}
if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.AmazonVPC != nil { if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.AmazonVPC != nil {
addAmazonVPCCNIPermissions(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName(), b.IAMPrefix()) addAmazonVPCCNIPermissions(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName(), b.IAMPrefix())
} }
@ -826,40 +822,6 @@ func addRoute53ListHostedZonesPermission(p *Policy) {
}) })
} }
func addRomanaCNIPermissions(p *Policy, resource stringorslice.StringOrSlice, legacyIAM bool, clusterName string) {
if legacyIAM {
// Legacy IAM provides ec2:*, so no additional permissions required
return
}
// Romana requires additional Describe permissions
// Comments are which Romana component makes the call
p.Statement = append(p.Statement,
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"ec2:DescribeAvailabilityZones", // vpcrouter
"ec2:DescribeVpcs", // vpcrouter
}),
Resource: resource,
},
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"ec2:CreateRoute", // vpcrouter
"ec2:DeleteRoute", // vpcrouter
"ec2:ReplaceRoute", // vpcrouter
}),
Resource: resource,
Condition: Condition{
"StringEquals": map[string]string{
"ec2:ResourceTag/KubernetesCluster": clusterName,
},
},
},
)
}
func addLyftVPCPermissions(p *Policy, resource stringorslice.StringOrSlice, legacyIAM bool, clusterName string) { func addLyftVPCPermissions(p *Policy, resource stringorslice.StringOrSlice, legacyIAM bool, clusterName string) {
if legacyIAM { if legacyIAM {
// Legacy IAM provides ec2:*, so no additional permissions required // Legacy IAM provides ec2:*, so no additional permissions required

7
pkg/model/openstackmodel/firewall.go
View File

@ -163,8 +163,7 @@ func (b *FirewallModelBuilder) addETCDRules(c *fi.ModelBuilderContext, sgMap map
addDirectionalGroupRule(c, masterSG, masterSG, etcdMgmrRule) addDirectionalGroupRule(c, masterSG, masterSG, etcdMgmrRule)
} }
if b.Cluster.Spec.Networking.Romana != nil || if b.Cluster.Spec.Networking.Calico != nil {
b.Cluster.Spec.Networking.Calico != nil {
etcdCNIRule := &openstacktasks.SecurityGroupRule{ etcdCNIRule := &openstacktasks.SecurityGroupRule{
Lifecycle: b.Lifecycle, Lifecycle: b.Lifecycle,
@ -391,10 +390,6 @@ func (b *FirewallModelBuilder) addCNIRules(c *fi.ModelBuilderContext, sgMap map[
protocols = append(protocols, ProtocolIPEncap) protocols = append(protocols, ProtocolIPEncap)
} }
if b.Cluster.Spec.Networking.Romana != nil {
tcpPorts = append(tcpPorts, 9600)
}
if b.Cluster.Spec.Networking.Kuberouter != nil { if b.Cluster.Spec.Networking.Kuberouter != nil {
protocols = append(protocols, ProtocolIPEncap) protocols = append(protocols, ProtocolIPEncap)
} }

770
upup/models/bindata.go
View File

@ -46,8 +46,6 @@
// upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template // upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template
// upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template // upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template
// upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.9.yaml.template // upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.9.yaml.template
// upup/models/cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template
// upup/models/cloudup/resources/addons/networking.romana/k8s-1.7.yaml.template
// upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template // upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template
// upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template // upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template
// upup/models/cloudup/resources/addons/node-authorizer.addons.k8s.io/k8s-1.10.yaml.template // upup/models/cloudup/resources/addons/node-authorizer.addons.k8s.io/k8s-1.10.yaml.template
@ -13397,768 +13395,6 @@ func cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s19YamlTemplate() (*
return a, nil return a, nil
} }
var _cloudupResourcesAddonsNetworkingRomanaK8s112YamlTemplate = []byte(`---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-listener
rules:
- apiGroups:
- "*"
resources:
- pods
- namespaces
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- "*"
resources:
- services
verbs:
- update
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-listener
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-listener
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-listener
subjects:
- kind: ServiceAccount
name: romana-listener
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-agent
rules:
- apiGroups:
- "*"
resources:
- pods
- nodes
verbs:
- get
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-agent
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-agent
subjects:
- kind: ServiceAccount
name: romana-agent
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
name: romana-etcd
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.EtcdServiceIP }}
ports:
- name: etcd
port: 12379
protocol: TCP
targetPort: 4001
selector:
k8s-app: etcd-server
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: romana
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.DaemonServiceIP }}
ports:
- name: daemon
port: 9600
protocol: TCP
targetPort: 9600
selector:
romana-app: daemon
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-daemon
namespace: kube-system
labels:
romana-app: daemon
spec:
replicas: 1
selector:
matchLabels:
romana-app: daemon
template:
metadata:
labels:
romana-app: daemon
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-daemon
image: quay.io/romana/daemon:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
args:
- --cloud=aws
- --network-cidr-overrides=romana-network={{ .KubeControllerManager.ClusterCIDR }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-listener
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
romana-app: listener
template:
metadata:
labels:
romana-app: listener
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
serviceAccountName: romana-listener
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-listener
image: quay.io/romana/listener:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: romana-agent
namespace: kube-system
labels:
romana-app: agent
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
romana-app: agent
template:
metadata:
labels:
romana-app: agent
spec:
hostNetwork: true
priorityClassName: system-node-critical
securityContext:
seLinuxOptions:
type: spc_t
serviceAccountName: romana-agent
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- name: romana-agent
image: quay.io/romana/agent:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
memory: 128Mi
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODEIP
valueFrom:
fieldRef:
fieldPath: status.hostIP
args:
- --service-cluster-ip-range={{ .ServiceClusterIPRange }}
securityContext:
privileged: true
volumeMounts:
- name: host-usr-local-bin
mountPath: /host/usr/local/bin
- name: host-etc-romana
mountPath: /host/etc/romana
- name: host-cni-bin
mountPath: /host/opt/cni/bin
- name: host-cni-net-d
mountPath: /host/etc/cni/net.d
- name: run-path
mountPath: /var/run/romana
volumes:
- name: host-usr-local-bin
hostPath:
path: /usr/local/bin
- name: host-etc-romana
hostPath:
path: /etc/romana
- name: host-cni-bin
hostPath:
path: /opt/cni/bin
- name: host-cni-net-d
hostPath:
path: /etc/cni/net.d
- name: run-path
hostPath:
path: /var/run/romana
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-aws
rules:
- apiGroups:
- "*"
resources:
- nodes
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-aws
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-aws
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-aws
subjects:
- kind: ServiceAccount
name: romana-aws
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-aws
namespace: kube-system
labels:
romana-app: aws
spec:
replicas: 1
selector:
matchLabels:
romana-app: aws
template:
metadata:
labels:
romana-app: aws
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
serviceAccountName: romana-aws
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-aws
image: quay.io/romana/aws:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-vpcrouter
namespace: kube-system
labels:
romana-app: vpcrouter
spec:
replicas: 1
selector:
matchLabels:
romana-app: vpcrouter
template:
metadata:
labels:
romana-app: vpcrouter
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-vpcrouter
image: quay.io/romana/vpcrouter-romana-plugin:1.1.17
imagePullPolicy: Always
resources:
requests:
cpu: 45m
memory: 128Mi
limits:
memory: 128Mi
args:
- --etcd_use_v2
- --etcd_addr={{ .Networking.Romana.EtcdServiceIP }}
- --etcd_port=12379
`)
func cloudupResourcesAddonsNetworkingRomanaK8s112YamlTemplateBytes() ([]byte, error) {
return _cloudupResourcesAddonsNetworkingRomanaK8s112YamlTemplate, nil
}
func cloudupResourcesAddonsNetworkingRomanaK8s112YamlTemplate() (*asset, error) {
bytes, err := cloudupResourcesAddonsNetworkingRomanaK8s112YamlTemplateBytes()
if err != nil {
return nil, err
}
info := bindataFileInfo{name: "cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
var _cloudupResourcesAddonsNetworkingRomanaK8s17YamlTemplate = []byte(`---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-listener
rules:
- apiGroups:
- "*"
resources:
- pods
- namespaces
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- "*"
resources:
- services
verbs:
- update
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-listener
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-listener
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-listener
subjects:
- kind: ServiceAccount
name: romana-listener
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-agent
rules:
- apiGroups:
- "*"
resources:
- pods
- nodes
verbs:
- get
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-agent
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-agent
subjects:
- kind: ServiceAccount
name: romana-agent
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
name: romana-etcd
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.EtcdServiceIP }}
ports:
- name: etcd
port: 12379
protocol: TCP
targetPort: 4001
selector:
k8s-app: etcd-server
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: romana
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.DaemonServiceIP }}
ports:
- name: daemon
port: 9600
protocol: TCP
targetPort: 9600
selector:
romana-app: daemon
sessionAffinity: None
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-daemon
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: daemon
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-daemon
image: quay.io/romana/daemon:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
args:
- --cloud=aws
- --network-cidr-overrides=romana-network={{ .KubeControllerManager.ClusterCIDR }}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-listener
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: listener
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
serviceAccountName: romana-listener
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-listener
image: quay.io/romana/listener:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: romana-agent
namespace: kube-system
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
romana-app: agent
spec:
hostNetwork: true
securityContext:
seLinuxOptions:
type: spc_t
serviceAccountName: romana-agent
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- name: romana-agent
image: quay.io/romana/agent:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
memory: 128Mi
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODEIP
valueFrom:
fieldRef:
fieldPath: status.hostIP
args:
- --service-cluster-ip-range={{ .ServiceClusterIPRange }}
securityContext:
privileged: true
volumeMounts:
- name: host-usr-local-bin
mountPath: /host/usr/local/bin
- name: host-etc-romana
mountPath: /host/etc/romana
- name: host-cni-bin
mountPath: /host/opt/cni/bin
- name: host-cni-net-d
mountPath: /host/etc/cni/net.d
- name: run-path
mountPath: /var/run/romana
volumes:
- name: host-usr-local-bin
hostPath:
path: /usr/local/bin
- name: host-etc-romana
hostPath:
path: /etc/romana
- name: host-cni-bin
hostPath:
path: /opt/cni/bin
- name: host-cni-net-d
hostPath:
path: /etc/cni/net.d
- name: run-path
hostPath:
path: /var/run/romana
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-aws
rules:
- apiGroups:
- "*"
resources:
- nodes
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-aws
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-aws
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-aws
subjects:
- kind: ServiceAccount
name: romana-aws
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-aws
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: aws
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
serviceAccountName: romana-aws
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-aws
image: quay.io/romana/aws:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-vpcrouter
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: vpcrouter
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-vpcrouter
image: quay.io/romana/vpcrouter-romana-plugin:1.1.17
imagePullPolicy: Always
resources:
requests:
cpu: 45m
memory: 128Mi
limits:
memory: 128Mi
args:
- --etcd_use_v2
- --etcd_addr={{ .Networking.Romana.EtcdServiceIP }}
- --etcd_port=12379
`)
func cloudupResourcesAddonsNetworkingRomanaK8s17YamlTemplateBytes() ([]byte, error) {
return _cloudupResourcesAddonsNetworkingRomanaK8s17YamlTemplate, nil
}
func cloudupResourcesAddonsNetworkingRomanaK8s17YamlTemplate() (*asset, error) {
bytes, err := cloudupResourcesAddonsNetworkingRomanaK8s17YamlTemplateBytes()
if err != nil {
return nil, err
}
info := bindataFileInfo{name: "cloudup/resources/addons/networking.romana/k8s-1.7.yaml.template", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
var _cloudupResourcesAddonsNetworkingWeaveK8s112YamlTemplate = []byte(`{{- if WeaveSecret }} var _cloudupResourcesAddonsNetworkingWeaveK8s112YamlTemplate = []byte(`{{- if WeaveSecret }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@ -16981,8 +16217,6 @@ var _bindata = map[string]func() (*asset, error){
"cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template": cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s115YamlTemplate, "cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template": cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s115YamlTemplate,
"cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template": cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s116YamlTemplate, "cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template": cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s116YamlTemplate,
"cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.9.yaml.template": cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s19YamlTemplate, "cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.9.yaml.template": cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s19YamlTemplate,
"cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template": cloudupResourcesAddonsNetworkingRomanaK8s112YamlTemplate,
"cloudup/resources/addons/networking.romana/k8s-1.7.yaml.template": cloudupResourcesAddonsNetworkingRomanaK8s17YamlTemplate,
"cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template": cloudupResourcesAddonsNetworkingWeaveK8s112YamlTemplate, "cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template": cloudupResourcesAddonsNetworkingWeaveK8s112YamlTemplate,
"cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template": cloudupResourcesAddonsNetworkingWeaveK8s18YamlTemplate, "cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template": cloudupResourcesAddonsNetworkingWeaveK8s18YamlTemplate,
"cloudup/resources/addons/node-authorizer.addons.k8s.io/k8s-1.10.yaml.template": cloudupResourcesAddonsNodeAuthorizerAddonsK8sIoK8s110YamlTemplate, "cloudup/resources/addons/node-authorizer.addons.k8s.io/k8s-1.10.yaml.template": cloudupResourcesAddonsNodeAuthorizerAddonsK8sIoK8s110YamlTemplate,
@ -17132,10 +16366,6 @@ var _bintree = &bintree{nil, map[string]*bintree{
"k8s-1.16.yaml.template": {cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s116YamlTemplate, map[string]*bintree{}}, "k8s-1.16.yaml.template": {cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s116YamlTemplate, map[string]*bintree{}},
"k8s-1.9.yaml.template": {cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s19YamlTemplate, map[string]*bintree{}}, "k8s-1.9.yaml.template": {cloudupResourcesAddonsNetworkingProjectcalicoOrgCanalK8s19YamlTemplate, map[string]*bintree{}},
}}, }},
"networking.romana": {nil, map[string]*bintree{
"k8s-1.12.yaml.template": {cloudupResourcesAddonsNetworkingRomanaK8s112YamlTemplate, map[string]*bintree{}},
"k8s-1.7.yaml.template": {cloudupResourcesAddonsNetworkingRomanaK8s17YamlTemplate, map[string]*bintree{}},
}},
"networking.weave": {nil, map[string]*bintree{ "networking.weave": {nil, map[string]*bintree{
"k8s-1.12.yaml.template": {cloudupResourcesAddonsNetworkingWeaveK8s112YamlTemplate, map[string]*bintree{}}, "k8s-1.12.yaml.template": {cloudupResourcesAddonsNetworkingWeaveK8s112YamlTemplate, map[string]*bintree{}},
"k8s-1.8.yaml.template": {cloudupResourcesAddonsNetworkingWeaveK8s18YamlTemplate, map[string]*bintree{}}, "k8s-1.8.yaml.template": {cloudupResourcesAddonsNetworkingWeaveK8s18YamlTemplate, map[string]*bintree{}},

378
upup/models/cloudup/resources/addons/networking.romana/k8s-1.12.yaml.template
View File

@ -1,378 +0,0 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-listener
rules:
- apiGroups:
- "*"
resources:
- pods
- namespaces
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- "*"
resources:
- services
verbs:
- update
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-listener
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-listener
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-listener
subjects:
- kind: ServiceAccount
name: romana-listener
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-agent
rules:
- apiGroups:
- "*"
resources:
- pods
- nodes
verbs:
- get
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-agent
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-agent
subjects:
- kind: ServiceAccount
name: romana-agent
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
name: romana-etcd
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.EtcdServiceIP }}
ports:
- name: etcd
port: 12379
protocol: TCP
targetPort: 4001
selector:
k8s-app: etcd-server
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: romana
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.DaemonServiceIP }}
ports:
- name: daemon
port: 9600
protocol: TCP
targetPort: 9600
selector:
romana-app: daemon
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-daemon
namespace: kube-system
labels:
romana-app: daemon
spec:
replicas: 1
selector:
matchLabels:
romana-app: daemon
template:
metadata:
labels:
romana-app: daemon
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-daemon
image: quay.io/romana/daemon:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
args:
- --cloud=aws
- --network-cidr-overrides=romana-network={{ .KubeControllerManager.ClusterCIDR }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-listener
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
romana-app: listener
template:
metadata:
labels:
romana-app: listener
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
serviceAccountName: romana-listener
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-listener
image: quay.io/romana/listener:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: romana-agent
namespace: kube-system
labels:
romana-app: agent
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
romana-app: agent
template:
metadata:
labels:
romana-app: agent
spec:
hostNetwork: true
priorityClassName: system-node-critical
securityContext:
seLinuxOptions:
type: spc_t
serviceAccountName: romana-agent
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- name: romana-agent
image: quay.io/romana/agent:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
memory: 128Mi
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODEIP
valueFrom:
fieldRef:
fieldPath: status.hostIP
args:
- --service-cluster-ip-range={{ .ServiceClusterIPRange }}
securityContext:
privileged: true
volumeMounts:
- name: host-usr-local-bin
mountPath: /host/usr/local/bin
- name: host-etc-romana
mountPath: /host/etc/romana
- name: host-cni-bin
mountPath: /host/opt/cni/bin
- name: host-cni-net-d
mountPath: /host/etc/cni/net.d
- name: run-path
mountPath: /var/run/romana
volumes:
- name: host-usr-local-bin
hostPath:
path: /usr/local/bin
- name: host-etc-romana
hostPath:
path: /etc/romana
- name: host-cni-bin
hostPath:
path: /opt/cni/bin
- name: host-cni-net-d
hostPath:
path: /etc/cni/net.d
- name: run-path
hostPath:
path: /var/run/romana
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-aws
rules:
- apiGroups:
- "*"
resources:
- nodes
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-aws
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: romana-aws
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-aws
subjects:
- kind: ServiceAccount
name: romana-aws
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-aws
namespace: kube-system
labels:
romana-app: aws
spec:
replicas: 1
selector:
matchLabels:
romana-app: aws
template:
metadata:
labels:
romana-app: aws
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
serviceAccountName: romana-aws
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-aws
image: quay.io/romana/aws:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: romana-vpcrouter
namespace: kube-system
labels:
romana-app: vpcrouter
spec:
replicas: 1
selector:
matchLabels:
romana-app: vpcrouter
template:
metadata:
labels:
romana-app: vpcrouter
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
priorityClassName: system-cluster-critical
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-vpcrouter
image: quay.io/romana/vpcrouter-romana-plugin:1.1.17
imagePullPolicy: Always
resources:
requests:
cpu: 45m
memory: 128Mi
limits:
memory: 128Mi
args:
- --etcd_use_v2
- --etcd_addr={{ .Networking.Romana.EtcdServiceIP }}
- --etcd_port=12379

350
upup/models/cloudup/resources/addons/networking.romana/k8s-1.7.yaml.template
View File

@ -1,350 +0,0 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-listener
rules:
- apiGroups:
- "*"
resources:
- pods
- namespaces
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- "*"
resources:
- services
verbs:
- update
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-listener
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-listener
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-listener
subjects:
- kind: ServiceAccount
name: romana-listener
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-agent
rules:
- apiGroups:
- "*"
resources:
- pods
- nodes
verbs:
- get
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-agent
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-agent
subjects:
- kind: ServiceAccount
name: romana-agent
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
name: romana-etcd
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.EtcdServiceIP }}
ports:
- name: etcd
port: 12379
protocol: TCP
targetPort: 4001
selector:
k8s-app: etcd-server
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: romana
namespace: kube-system
spec:
clusterIP: {{ .Networking.Romana.DaemonServiceIP }}
ports:
- name: daemon
port: 9600
protocol: TCP
targetPort: 9600
selector:
romana-app: daemon
sessionAffinity: None
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-daemon
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: daemon
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-daemon
image: quay.io/romana/daemon:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
args:
- --cloud=aws
- --network-cidr-overrides=romana-network={{ .KubeControllerManager.ClusterCIDR }}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-listener
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: listener
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
serviceAccountName: romana-listener
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-listener
image: quay.io/romana/listener:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: romana-agent
namespace: kube-system
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
romana-app: agent
spec:
hostNetwork: true
securityContext:
seLinuxOptions:
type: spc_t
serviceAccountName: romana-agent
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- name: romana-agent
image: quay.io/romana/agent:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
memory: 128Mi
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODEIP
valueFrom:
fieldRef:
fieldPath: status.hostIP
args:
- --service-cluster-ip-range={{ .ServiceClusterIPRange }}
securityContext:
privileged: true
volumeMounts:
- name: host-usr-local-bin
mountPath: /host/usr/local/bin
- name: host-etc-romana
mountPath: /host/etc/romana
- name: host-cni-bin
mountPath: /host/opt/cni/bin
- name: host-cni-net-d
mountPath: /host/etc/cni/net.d
- name: run-path
mountPath: /var/run/romana
volumes:
- name: host-usr-local-bin
hostPath:
path: /usr/local/bin
- name: host-etc-romana
hostPath:
path: /etc/romana
- name: host-cni-bin
hostPath:
path: /opt/cni/bin
- name: host-cni-net-d
hostPath:
path: /etc/cni/net.d
- name: run-path
hostPath:
path: /var/run/romana
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-aws
rules:
- apiGroups:
- "*"
resources:
- nodes
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: romana-aws
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: romana-aws
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: romana-aws
subjects:
- kind: ServiceAccount
name: romana-aws
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-aws
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: aws
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
serviceAccountName: romana-aws
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-aws
image: quay.io/romana/aws:v2.0.2
imagePullPolicy: Always
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: romana-vpcrouter
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
romana-app: vpcrouter
spec:
nodeSelector:
node-role.kubernetes.io/master: ""
hostNetwork: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: romana-vpcrouter
image: quay.io/romana/vpcrouter-romana-plugin:1.1.17
imagePullPolicy: Always
resources:
requests:
cpu: 45m
memory: 128Mi
limits:
memory: 128Mi
args:
- --etcd_use_v2
- --etcd_addr={{ .Networking.Romana.EtcdServiceIP }}
- --etcd_port=12379

33
upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
View File

@ -886,39 +886,6 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
} }
} }
if b.cluster.Spec.Networking.Romana != nil {
key := "networking.romana"
version := "v2.0.2-kops.3"
{
location := key + "/k8s-1.7.yaml"
id := "k8s-1.7"
addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
Name: fi.String(key),
Version: fi.String(version),
Selector: networkingSelector,
Manifest: fi.String(location),
KubernetesVersion: "<1.12.0",
Id: id,
})
}
{
location := key + "/k8s-1.12.yaml"
id := "k8s-1.12"
addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
Name: fi.String(key),
Version: fi.String(version),
Selector: networkingSelector,
Manifest: fi.String(location),
KubernetesVersion: ">=1.12.0",
Id: id,
})
}
}
if b.cluster.Spec.Networking.AmazonVPC != nil { if b.cluster.Spec.Networking.AmazonVPC != nil {
key := "networking.amazon-vpc-routed-eni" key := "networking.amazon-vpc-routed-eni"

26
upup/pkg/fi/cloudup/tagbuilder_test.go
View File

@ -167,32 +167,6 @@ func TestBuildTags_CloudProvider_AWS_Canal(t *testing.T) {
} }
} }
func TestBuildTags_CloudProvider_AWS_Romana(t *testing.T) {
c := buildCluster(nil)
networking := &api.NetworkingSpec{Romana: &api.RomanaNetworkingSpec{}}
c.Spec.Networking = networking
tags, err := buildCloudupTags(c)
if err != nil {
t.Fatalf("buildCloudupTags error: %v", err)
}
if !tags.Has("_aws") {
t.Fatal("tag _aws not found")
}
nodeUpTags, err := buildNodeupTags(api.InstanceGroupRoleNode, c, tags)
if err != nil {
t.Fatalf("buildNodeupTags error: %v", err)
}
if !nodeUpTags.Has("_aws") {
t.Fatal("nodeUpTag _aws not found")
}
}
func TestBuildTags_CloudProvider_AWS(t *testing.T) { func TestBuildTags_CloudProvider_AWS(t *testing.T) {
c := buildCluster(nil) c := buildCluster(nil)