mirror of https://github.com/kubernetes/kops.git
hardcode ingress secrets namespace & lb mode
This commit is contained in:
zadjadr
parent
4807f2c0c6
commit
61d036933e
|
|
@ -5040,7 +5040,7 @@ spec:
|
||||||
defaultLoadBalancerMode:
|
defaultLoadBalancerMode:
|
||||||
description: 'DefaultLoadBalancerMode specifies the default
|
description: 'DefaultLoadBalancerMode specifies the default
|
||||||
load balancer mode. Possible values: ''shared'' or ''dedicated''
|
load balancer mode. Possible values: ''shared'' or ''dedicated''
|
||||||
Default: shared'
|
Default: dedicated'
|
||||||
type: string
|
type: string
|
||||||
enableSecretsSync:
|
enableSecretsSync:
|
||||||
description: 'EnableSecretsSync specifies whether synchronization
|
description: 'EnableSecretsSync specifies whether synchronization
|
||||||
|
|
@ -5060,10 +5060,6 @@ spec:
|
||||||
Default: "service.beta.kubernetes.io service.kubernetes.io
|
Default: "service.beta.kubernetes.io service.kubernetes.io
|
||||||
cloud.google.com"'
|
cloud.google.com"'
|
||||||
type: string
|
type: string
|
||||||
secretsNamespace:
|
|
||||||
description: 'SecretsNamespace specifies the namespace
|
|
||||||
where secrets are synchronized. Default: cilium-secrets'
|
|
||||||
type: string
|
|
||||||
sharedLoadBalancerServiceName:
|
sharedLoadBalancerServiceName:
|
||||||
description: 'SharedLoadBalancerServiceName specifies
|
description: 'SharedLoadBalancerServiceName specifies
|
||||||
the name of the shared load balancer service. Default:
|
the name of the shared load balancer service. Default:
|
||||||
|
|
|
||||||
|
|
@ -511,17 +511,13 @@ type CiliumIngressSpec struct {
|
||||||
// Default: true
|
// Default: true
|
||||||
EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
|
EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
|
||||||
|
|
||||||
// SecretsNamespace specifies the namespace where secrets are synchronized.
|
|
||||||
// Default: cilium-secrets
|
|
||||||
SecretsNamespace string `json:"secretsNamespace,omitempty"`
|
|
||||||
|
|
||||||
// LoadBalancerAnnotationPrefixes specifies annotation prefixes for Load Balancer configuration.
|
// LoadBalancerAnnotationPrefixes specifies annotation prefixes for Load Balancer configuration.
|
||||||
// Default: "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
// Default: "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
||||||
LoadBalancerAnnotationPrefixes string `json:"loadBalancerAnnotationPrefixes,omitempty"`
|
LoadBalancerAnnotationPrefixes string `json:"loadBalancerAnnotationPrefixes,omitempty"`
|
||||||
|
|
||||||
// DefaultLoadBalancerMode specifies the default load balancer mode.
|
// DefaultLoadBalancerMode specifies the default load balancer mode.
|
||||||
// Possible values: 'shared' or 'dedicated'
|
// Possible values: 'shared' or 'dedicated'
|
||||||
// Default: shared
|
// Default: dedicated
|
||||||
DefaultLoadBalancerMode string `json:"defaultLoadBalancerMode,omitempty"`
|
DefaultLoadBalancerMode string `json:"defaultLoadBalancerMode,omitempty"`
|
||||||
|
|
||||||
// SharedLoadBalancerServiceName specifies the name of the shared load balancer service.
|
// SharedLoadBalancerServiceName specifies the name of the shared load balancer service.
|
||||||
|
|
|
||||||
|
|
@ -632,17 +632,13 @@ type CiliumIngressSpec struct {
|
||||||
// Default: true
|
// Default: true
|
||||||
EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
|
EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
|
||||||
|
|
||||||
// SecretsNamespace specifies the namespace where secrets are synchronized.
|
|
||||||
// Default: cilium-secrets
|
|
||||||
SecretsNamespace string `json:"secretsNamespace,omitempty"`
|
|
||||||
|
|
||||||
// LoadBalancerAnnotationPrefixes specifies annotation prefixes for Load Balancer configuration.
|
// LoadBalancerAnnotationPrefixes specifies annotation prefixes for Load Balancer configuration.
|
||||||
// Default: "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
// Default: "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
||||||
LoadBalancerAnnotationPrefixes string `json:"loadBalancerAnnotationPrefixes,omitempty"`
|
LoadBalancerAnnotationPrefixes string `json:"loadBalancerAnnotationPrefixes,omitempty"`
|
||||||
|
|
||||||
// DefaultLoadBalancerMode specifies the default load balancer mode.
|
// DefaultLoadBalancerMode specifies the default load balancer mode.
|
||||||
// Possible values: 'shared' or 'dedicated'
|
// Possible values: 'shared' or 'dedicated'
|
||||||
// Default: shared
|
// Default: dedicated
|
||||||
DefaultLoadBalancerMode string `json:"defaultLoadBalancerMode,omitempty"`
|
DefaultLoadBalancerMode string `json:"defaultLoadBalancerMode,omitempty"`
|
||||||
|
|
||||||
// SharedLoadBalancerServiceName specifies the name of the shared load balancer service.
|
// SharedLoadBalancerServiceName specifies the name of the shared load balancer service.
|
||||||
|
|
|
||||||
|
|
@ -1921,7 +1921,6 @@ func autoConvert_v1alpha2_CiliumIngressSpec_To_kops_CiliumIngressSpec(in *Cilium
|
||||||
out.Enabled = in.Enabled
|
out.Enabled = in.Enabled
|
||||||
out.EnforceHttps = in.EnforceHttps
|
out.EnforceHttps = in.EnforceHttps
|
||||||
out.EnableSecretsSync = in.EnableSecretsSync
|
out.EnableSecretsSync = in.EnableSecretsSync
|
||||||
out.SecretsNamespace = in.SecretsNamespace
|
|
||||||
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
||||||
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
||||||
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
||||||
|
|
@ -1937,7 +1936,6 @@ func autoConvert_kops_CiliumIngressSpec_To_v1alpha2_CiliumIngressSpec(in *kops.C
|
||||||
out.Enabled = in.Enabled
|
out.Enabled = in.Enabled
|
||||||
out.EnforceHttps = in.EnforceHttps
|
out.EnforceHttps = in.EnforceHttps
|
||||||
out.EnableSecretsSync = in.EnableSecretsSync
|
out.EnableSecretsSync = in.EnableSecretsSync
|
||||||
out.SecretsNamespace = in.SecretsNamespace
|
|
||||||
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
||||||
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
||||||
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
||||||
|
|
|
||||||
|
|
@ -474,17 +474,13 @@ type CiliumIngressSpec struct {
|
||||||
// Default: true
|
// Default: true
|
||||||
EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
|
EnableSecretsSync *bool `json:"enableSecretsSync,omitempty"`
|
||||||
|
|
||||||
// SecretsNamespace specifies the namespace where secrets are synchronized.
|
|
||||||
// Default: cilium-secrets
|
|
||||||
SecretsNamespace string `json:"secretsNamespace,omitempty"`
|
|
||||||
|
|
||||||
// LoadBalancerAnnotationPrefixes specifies annotation prefixes for Load Balancer configuration.
|
// LoadBalancerAnnotationPrefixes specifies annotation prefixes for Load Balancer configuration.
|
||||||
// Default: "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
// Default: "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
||||||
LoadBalancerAnnotationPrefixes string `json:"loadBalancerAnnotationPrefixes,omitempty"`
|
LoadBalancerAnnotationPrefixes string `json:"loadBalancerAnnotationPrefixes,omitempty"`
|
||||||
|
|
||||||
// DefaultLoadBalancerMode specifies the default load balancer mode.
|
// DefaultLoadBalancerMode specifies the default load balancer mode.
|
||||||
// Possible values: 'shared' or 'dedicated'
|
// Possible values: 'shared' or 'dedicated'
|
||||||
// Default: shared
|
// Default: dedicated
|
||||||
DefaultLoadBalancerMode string `json:"defaultLoadBalancerMode,omitempty"`
|
DefaultLoadBalancerMode string `json:"defaultLoadBalancerMode,omitempty"`
|
||||||
|
|
||||||
// SharedLoadBalancerServiceName specifies the name of the shared load balancer service.
|
// SharedLoadBalancerServiceName specifies the name of the shared load balancer service.
|
||||||
|
|
|
||||||
|
|
@ -2103,7 +2103,6 @@ func autoConvert_v1alpha3_CiliumIngressSpec_To_kops_CiliumIngressSpec(in *Cilium
|
||||||
out.Enabled = in.Enabled
|
out.Enabled = in.Enabled
|
||||||
out.EnforceHttps = in.EnforceHttps
|
out.EnforceHttps = in.EnforceHttps
|
||||||
out.EnableSecretsSync = in.EnableSecretsSync
|
out.EnableSecretsSync = in.EnableSecretsSync
|
||||||
out.SecretsNamespace = in.SecretsNamespace
|
|
||||||
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
||||||
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
||||||
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
||||||
|
|
@ -2119,7 +2118,6 @@ func autoConvert_kops_CiliumIngressSpec_To_v1alpha3_CiliumIngressSpec(in *kops.C
|
||||||
out.Enabled = in.Enabled
|
out.Enabled = in.Enabled
|
||||||
out.EnforceHttps = in.EnforceHttps
|
out.EnforceHttps = in.EnforceHttps
|
||||||
out.EnableSecretsSync = in.EnableSecretsSync
|
out.EnableSecretsSync = in.EnableSecretsSync
|
||||||
out.SecretsNamespace = in.SecretsNamespace
|
|
||||||
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
out.LoadBalancerAnnotationPrefixes = in.LoadBalancerAnnotationPrefixes
|
||||||
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
out.DefaultLoadBalancerMode = in.DefaultLoadBalancerMode
|
||||||
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
out.SharedLoadBalancerServiceName = in.SharedLoadBalancerServiceName
|
||||||
|
|
|
||||||
|
|
@ -179,14 +179,11 @@ func (b *CiliumOptionsBuilder) BuildOptions(o interface{}) error {
|
||||||
if ingress.EnableSecretsSync == nil {
|
if ingress.EnableSecretsSync == nil {
|
||||||
ingress.EnableSecretsSync = fi.PtrTo(true)
|
ingress.EnableSecretsSync = fi.PtrTo(true)
|
||||||
}
|
}
|
||||||
if ingress.SecretsNamespace == "" {
|
|
||||||
ingress.SecretsNamespace = "cilium-secrets"
|
|
||||||
}
|
|
||||||
if ingress.LoadBalancerAnnotationPrefixes == "" {
|
if ingress.LoadBalancerAnnotationPrefixes == "" {
|
||||||
ingress.LoadBalancerAnnotationPrefixes = "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
ingress.LoadBalancerAnnotationPrefixes = "service.beta.kubernetes.io service.kubernetes.io cloud.google.com"
|
||||||
}
|
}
|
||||||
if ingress.DefaultLoadBalancerMode == "" {
|
if ingress.DefaultLoadBalancerMode == "" {
|
||||||
ingress.DefaultLoadBalancerMode = "shared"
|
ingress.DefaultLoadBalancerMode = "dedicated"
|
||||||
}
|
}
|
||||||
if ingress.SharedLoadBalancerServiceName == "" {
|
if ingress.SharedLoadBalancerServiceName == "" {
|
||||||
ingress.SharedLoadBalancerServiceName = "cilium-ingress"
|
ingress.SharedLoadBalancerServiceName = "cilium-ingress"
|
||||||
|
|
|
||||||
|
|
@ -219,13 +219,12 @@ spec:
|
||||||
identityAllocationMode: crd
|
identityAllocationMode: crd
|
||||||
identityChangeGracePeriod: 5s
|
identityChangeGracePeriod: 5s
|
||||||
ingress:
|
ingress:
|
||||||
defaultLoadBalancerMode: shared
|
defaultLoadBalancerMode: dedicated
|
||||||
enableSecretsSync: true
|
enableSecretsSync: true
|
||||||
enabled: false
|
enabled: false
|
||||||
enforceHttps: true
|
enforceHttps: true
|
||||||
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
||||||
cloud.google.com
|
cloud.google.com
|
||||||
secretsNamespace: cilium-secrets
|
|
||||||
sharedLoadBalancerServiceName: cilium-ingress
|
sharedLoadBalancerServiceName: cilium-ingress
|
||||||
ipam: kubernetes
|
ipam: kubernetes
|
||||||
memoryRequest: 128Mi
|
memoryRequest: 128Mi
|
||||||
|
|
|
||||||
|
|
@ -211,13 +211,12 @@ spec:
|
||||||
identityAllocationMode: crd
|
identityAllocationMode: crd
|
||||||
identityChangeGracePeriod: 5s
|
identityChangeGracePeriod: 5s
|
||||||
ingress:
|
ingress:
|
||||||
defaultLoadBalancerMode: shared
|
defaultLoadBalancerMode: dedicated
|
||||||
enableSecretsSync: true
|
enableSecretsSync: true
|
||||||
enabled: false
|
enabled: false
|
||||||
enforceHttps: true
|
enforceHttps: true
|
||||||
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
||||||
cloud.google.com
|
cloud.google.com
|
||||||
secretsNamespace: cilium-secrets
|
|
||||||
sharedLoadBalancerServiceName: cilium-ingress
|
sharedLoadBalancerServiceName: cilium-ingress
|
||||||
ipam: kubernetes
|
ipam: kubernetes
|
||||||
memoryRequest: 128Mi
|
memoryRequest: 128Mi
|
||||||
|
|
|
||||||
|
|
@ -192,13 +192,12 @@ spec:
|
||||||
identityAllocationMode: crd
|
identityAllocationMode: crd
|
||||||
identityChangeGracePeriod: 5s
|
identityChangeGracePeriod: 5s
|
||||||
ingress:
|
ingress:
|
||||||
defaultLoadBalancerMode: shared
|
defaultLoadBalancerMode: dedicated
|
||||||
enableSecretsSync: true
|
enableSecretsSync: true
|
||||||
enabled: false
|
enabled: false
|
||||||
enforceHttps: true
|
enforceHttps: true
|
||||||
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
||||||
cloud.google.com
|
cloud.google.com
|
||||||
secretsNamespace: cilium-secrets
|
|
||||||
sharedLoadBalancerServiceName: cilium-ingress
|
sharedLoadBalancerServiceName: cilium-ingress
|
||||||
ipam: kubernetes
|
ipam: kubernetes
|
||||||
memoryRequest: 128Mi
|
memoryRequest: 128Mi
|
||||||
|
|
|
||||||
|
|
@ -213,13 +213,12 @@ spec:
|
||||||
identityAllocationMode: crd
|
identityAllocationMode: crd
|
||||||
identityChangeGracePeriod: 5s
|
identityChangeGracePeriod: 5s
|
||||||
ingress:
|
ingress:
|
||||||
defaultLoadBalancerMode: shared
|
defaultLoadBalancerMode: dedicated
|
||||||
enableSecretsSync: true
|
enableSecretsSync: true
|
||||||
enabled: false
|
enabled: false
|
||||||
enforceHttps: true
|
enforceHttps: true
|
||||||
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
||||||
cloud.google.com
|
cloud.google.com
|
||||||
secretsNamespace: cilium-secrets
|
|
||||||
sharedLoadBalancerServiceName: cilium-ingress
|
sharedLoadBalancerServiceName: cilium-ingress
|
||||||
ipam: eni
|
ipam: eni
|
||||||
memoryRequest: 128Mi
|
memoryRequest: 128Mi
|
||||||
|
|
|
||||||
|
|
@ -217,13 +217,12 @@ spec:
|
||||||
identityAllocationMode: crd
|
identityAllocationMode: crd
|
||||||
identityChangeGracePeriod: 5s
|
identityChangeGracePeriod: 5s
|
||||||
ingress:
|
ingress:
|
||||||
defaultLoadBalancerMode: shared
|
defaultLoadBalancerMode: dedicated
|
||||||
enableSecretsSync: true
|
enableSecretsSync: true
|
||||||
enabled: false
|
enabled: false
|
||||||
enforceHttps: true
|
enforceHttps: true
|
||||||
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
||||||
cloud.google.com
|
cloud.google.com
|
||||||
secretsNamespace: cilium-secrets
|
|
||||||
sharedLoadBalancerServiceName: cilium-ingress
|
sharedLoadBalancerServiceName: cilium-ingress
|
||||||
ipam: kubernetes
|
ipam: kubernetes
|
||||||
memoryRequest: 128Mi
|
memoryRequest: 128Mi
|
||||||
|
|
|
||||||
|
|
@ -222,7 +222,6 @@ spec:
|
||||||
enabled: true
|
enabled: true
|
||||||
enforceHttps: false
|
enforceHttps: false
|
||||||
loadBalancerAnnotationPrefixes: service.alpha.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.alpha.kubernetes.io
|
||||||
secretsNamespace: private-secrets
|
|
||||||
sharedLoadBalancerServiceName: private-ingress
|
sharedLoadBalancerServiceName: private-ingress
|
||||||
ipam: kubernetes
|
ipam: kubernetes
|
||||||
memoryRequest: 128Mi
|
memoryRequest: 128Mi
|
||||||
|
|
|
||||||
|
|
@ -162,7 +162,7 @@ spec:
|
||||||
version: 9.99.0
|
version: 9.99.0
|
||||||
- id: k8s-1.16
|
- id: k8s-1.16
|
||||||
manifest: networking.cilium.io/k8s-1.16-v1.13.yaml
|
manifest: networking.cilium.io/k8s-1.16-v1.13.yaml
|
||||||
manifestHash: 307c72c9cb2732c4a2fcd0a9044ad5809539ac129a9c7793a00557bb5babc384
|
manifestHash: cfa1382b52e49d9df2eac473b74a29641ebf9d52766d7d149e280e7f9f9ae29d
|
||||||
name: networking.cilium.io
|
name: networking.cilium.io
|
||||||
needsPKI: true
|
needsPKI: true
|
||||||
needsRollingUpdate: all
|
needsRollingUpdate: all
|
||||||
|
|
|
||||||
|
|
@ -83,7 +83,7 @@ data:
|
||||||
identity-change-grace-period: 5s
|
identity-change-grace-period: 5s
|
||||||
ingress-default-lb-mode: dedicated
|
ingress-default-lb-mode: dedicated
|
||||||
ingress-lb-annotation-prefixes: service.alpha.kubernetes.io
|
ingress-lb-annotation-prefixes: service.alpha.kubernetes.io
|
||||||
ingress-secrets-namespace: private-secrets
|
ingress-secrets-namespace: kube-system
|
||||||
ingress-shared-lb-service-name: private-ingress
|
ingress-shared-lb-service-name: private-ingress
|
||||||
install-iptables-rules: "true"
|
install-iptables-rules: "true"
|
||||||
ipam: kubernetes
|
ipam: kubernetes
|
||||||
|
|
@ -455,18 +455,6 @@ subjects:
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
addon.kops.k8s.io/name: networking.cilium.io
|
|
||||||
app.kubernetes.io/managed-by: kops
|
|
||||||
role.kubernetes.io/networking: "1"
|
|
||||||
name: private-secrets
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -477,7 +465,7 @@ metadata:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
role.kubernetes.io/networking: "1"
|
role.kubernetes.io/networking: "1"
|
||||||
name: cilium-ingress-secrets
|
name: cilium-ingress-secrets
|
||||||
namespace: private-secrets
|
namespace: kube-system
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
|
|
@ -500,7 +488,7 @@ metadata:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
role.kubernetes.io/networking: "1"
|
role.kubernetes.io/networking: "1"
|
||||||
name: cilium-secrets
|
name: cilium-secrets
|
||||||
namespace: private-secrets
|
namespace: kube-system
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: Role
|
kind: Role
|
||||||
|
|
@ -522,7 +510,7 @@ metadata:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
role.kubernetes.io/networking: "1"
|
role.kubernetes.io/networking: "1"
|
||||||
name: cilium-operator-ingress-secrets
|
name: cilium-operator-ingress-secrets
|
||||||
namespace: private-secrets
|
namespace: kube-system
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
|
|
@ -546,7 +534,7 @@ metadata:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
role.kubernetes.io/networking: "1"
|
role.kubernetes.io/networking: "1"
|
||||||
name: cilium-operator-ingress-secrets
|
name: cilium-operator-ingress-secrets
|
||||||
namespace: private-secrets
|
namespace: kube-system
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: Role
|
kind: Role
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,6 @@ spec:
|
||||||
enableSecretsSync: false
|
enableSecretsSync: false
|
||||||
enforceHttps: false
|
enforceHttps: false
|
||||||
loadBalancerAnnotationPrefixes: service.alpha.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.alpha.kubernetes.io
|
||||||
secretsNamespace: private-secrets
|
|
||||||
sharedLoadBalancerServiceName: private-ingress
|
sharedLoadBalancerServiceName: private-ingress
|
||||||
hubble:
|
hubble:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
||||||
|
|
@ -225,13 +225,12 @@ spec:
|
||||||
identityAllocationMode: crd
|
identityAllocationMode: crd
|
||||||
identityChangeGracePeriod: 5s
|
identityChangeGracePeriod: 5s
|
||||||
ingress:
|
ingress:
|
||||||
defaultLoadBalancerMode: shared
|
defaultLoadBalancerMode: dedicated
|
||||||
enableSecretsSync: true
|
enableSecretsSync: true
|
||||||
enabled: false
|
enabled: false
|
||||||
enforceHttps: true
|
enforceHttps: true
|
||||||
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
loadBalancerAnnotationPrefixes: service.beta.kubernetes.io service.kubernetes.io
|
||||||
cloud.google.com
|
cloud.google.com
|
||||||
secretsNamespace: cilium-secrets
|
|
||||||
sharedLoadBalancerServiceName: cilium-ingress
|
sharedLoadBalancerServiceName: cilium-ingress
|
||||||
ipam: eni
|
ipam: eni
|
||||||
memoryRequest: 128Mi
|
memoryRequest: 128Mi
|
||||||
|
|
|
||||||
|
|
@ -284,7 +284,7 @@ data:
|
||||||
enable-ingress-controller: "true"
|
enable-ingress-controller: "true"
|
||||||
enforce-ingress-https: "{{ .Ingress.EnforceHttps }}"
|
enforce-ingress-https: "{{ .Ingress.EnforceHttps }}"
|
||||||
enable-ingress-secrets-sync: "{{ .Ingress.EnableSecretsSync }}"
|
enable-ingress-secrets-sync: "{{ .Ingress.EnableSecretsSync }}"
|
||||||
ingress-secrets-namespace: {{ .Ingress.SecretsNamespace }}
|
ingress-secrets-namespace: kube-system
|
||||||
ingress-lb-annotation-prefixes: "{{ .Ingress.LoadBalancerAnnotationPrefixes }}"
|
ingress-lb-annotation-prefixes: "{{ .Ingress.LoadBalancerAnnotationPrefixes }}"
|
||||||
ingress-default-lb-mode: {{ .Ingress.DefaultLoadBalancerMode }}
|
ingress-default-lb-mode: {{ .Ingress.DefaultLoadBalancerMode }}
|
||||||
ingress-shared-lb-service-name: {{ .Ingress.SharedLoadBalancerServiceName }}
|
ingress-shared-lb-service-name: {{ .Ingress.SharedLoadBalancerServiceName }}
|
||||||
|
|
@ -640,17 +640,12 @@ subjects:
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
{{ if WithDefaultBool .Ingress.Enabled false }}
|
{{ if WithDefaultBool .Ingress.Enabled false }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: {{ .Ingress.SecretsNamespace }}
|
|
||||||
---
|
|
||||||
# Source: cilium/templates/cilium-agent/role.yaml
|
# Source: cilium/templates/cilium-agent/role.yaml
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
name: cilium-ingress-secrets
|
name: cilium-ingress-secrets
|
||||||
namespace: {{ .Ingress.SecretsNamespace }}
|
namespace: kube-system
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
rules:
|
rules:
|
||||||
|
|
@ -668,7 +663,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: cilium-secrets
|
name: cilium-secrets
|
||||||
namespace: {{ .Ingress.SecretsNamespace }}
|
namespace: kube-system
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
roleRef:
|
roleRef:
|
||||||
|
|
@ -685,7 +680,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
name: cilium-operator-ingress-secrets
|
name: cilium-operator-ingress-secrets
|
||||||
namespace: {{ .Ingress.SecretsNamespace }}
|
namespace: kube-system
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
rules:
|
rules:
|
||||||
|
|
@ -704,7 +699,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: cilium-operator-ingress-secrets
|
name: cilium-operator-ingress-secrets
|
||||||
namespace: {{ .Ingress.SecretsNamespace }}
|
namespace: kube-system
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/part-of: cilium
|
app.kubernetes.io/part-of: cilium
|
||||||
roleRef:
|
roleRef:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue