kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Run pods needing control-plane instance credentials on hostNetwork

This commit is contained in:
John Gardiner Myers 2022-12-30 11:18:41 -08:00
parent 0b8ccf2c9e
commit ad92d2760c
4 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/wellknownports/wellknownports.go
View File

@ -73,6 +73,9 @@ const (
// VxlanUDP is the port used by VXLAN tunneling over UDP // VxlanUDP is the port used by VXLAN tunneling over UDP
VxlanUDP = 8472 VxlanUDP = 8472
// AWSLBCMetricsPort is reserved for the AWS Load Balancer Controller's metrics.
AWSLBCMetricsPort = 9442
// KubeletAPI is the port where kubelet listens // KubeletAPI is the port where kubelet listens
KubeletAPI = 10250 KubeletAPI = 10250
) )

1
upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template
View File

@ -479,6 +479,7 @@ spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
nodeSelector: null nodeSelector: null
{{ if not UseServiceAccountExternalPermissions }} {{ if not UseServiceAccountExternalPermissions }}
hostNetwork: true
tolerations: tolerations:
- operator: Exists - operator: Exists
{{ end }} {{ end }}

8
upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template
View File

@ -723,6 +723,12 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/name: aws-load-balancer-controller app.kubernetes.io/name: aws-load-balancer-controller
{{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
{{ end }}
template: template:
metadata: metadata:
labels: labels:
@ -744,6 +750,7 @@ spec:
{{ end }} {{ end }}
containers: containers:
- args: - args:
- --metrics-bind-addr=:9442
- --cluster-name={{ ClusterName }} - --cluster-name={{ ClusterName }}
- --enable-waf={{ .EnableWAF }} - --enable-waf={{ .EnableWAF }}
- --enable-wafv2={{ .EnableWAFv2 }} - --enable-wafv2={{ .EnableWAFv2 }}
@ -789,6 +796,7 @@ spec:
serviceAccountName: aws-load-balancer-controller serviceAccountName: aws-load-balancer-controller
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
{{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }} {{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
hostNetwork: true
tolerations: tolerations:
- key: node-role.kubernetes.io/control-plane - key: node-role.kubernetes.io/control-plane
operator: Exists operator: Exists

7
upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template
View File

@ -273,6 +273,12 @@ spec:
selector: selector:
matchLabels: matchLabels:
app: cluster-autoscaler app: cluster-autoscaler
{{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
{{ end }}
template: template:
metadata: metadata:
annotations: annotations:
@ -360,6 +366,7 @@ spec:
memory: {{ or .MemoryRequest "300Mi"}} memory: {{ or .MemoryRequest "300Mi"}}
serviceAccountName: cluster-autoscaler serviceAccountName: cluster-autoscaler
{{ if not UseServiceAccountExternalPermissions }} {{ if not UseServiceAccountExternalPermissions }}
hostNetwork: true
tolerations: tolerations:
- operator: "Exists" - operator: "Exists"
key: node-role.kubernetes.io/control-plane key: node-role.kubernetes.io/control-plane