### Namespace ### kind: Namespace apiVersion: v1 metadata: name: Namespace ### Service Account Controller ### --- kind: ServiceAccount apiVersion: v1 metadata: name: conduit-controller namespace: Namespace ### RBAC ### --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: conduit-controller rules: - apiGroups: ["extensions"] resources: ["deployments", "replicasets"] verbs: ["list", "get", "watch"] - apiGroups: [""] resources: ["pods", "endpoints", "services"] verbs: ["list", "get", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: conduit-controller namespace: Namespace roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: conduit-controller subjects: - kind: ServiceAccount name: conduit-controller namespace: Namespace ### Service Account Prometheus ### --- kind: ServiceAccount apiVersion: v1 metadata: name: conduit-prometheus namespace: Namespace ### RBAC ### --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: conduit-prometheus rules: - apiGroups: [""] resources: ["pods"] verbs: ["list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: conduit-prometheus namespace: Namespace roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: conduit-prometheus subjects: - kind: ServiceAccount name: conduit-prometheus namespace: Namespace ### Controller ### --- kind: Service apiVersion: v1 metadata: name: api namespace: Namespace labels: ControllerComponentLabel: controller annotations: CreatedByAnnotation: CliVersion spec: type: ClusterIP selector: ControllerComponentLabel: controller ports: - name: http port: 8085 targetPort: 8085 --- kind: Service apiVersion: v1 metadata: name: proxy-api namespace: Namespace labels: ControllerComponentLabel: controller annotations: CreatedByAnnotation: CliVersion spec: type: ClusterIP selector: ControllerComponentLabel: controller ports: - name: grpc port: 8086 targetPort: 8086 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: CreatedByAnnotation: CliVersion creationTimestamp: null labels: ControllerComponentLabel: controller name: controller namespace: Namespace spec: replicas: 1 strategy: {} template: metadata: annotations: CreatedByAnnotation: CliVersion conduit.io/created-by: conduit/cli undefined conduit.io/proxy-version: undefined creationTimestamp: null labels: ControllerComponentLabel: controller conduit.io/control-plane-ns: Namespace spec: containers: - args: - public-api - -addr=:8085 - -metrics-addr=:9995 - -telemetry-addr=127.0.0.1:8087 - -tap-addr=127.0.0.1:8088 - -log-level=ControllerLogLevel image: ControllerImage imagePullPolicy: ImagePullPolicy name: public-api ports: - containerPort: 8085 name: http - containerPort: 9995 name: admin-http resources: {} - args: - destination - -addr=:8089 - -metrics-addr=:9999 - -log-level=ControllerLogLevel image: ControllerImage imagePullPolicy: ImagePullPolicy name: destination ports: - containerPort: 8089 name: grpc - containerPort: 9999 name: admin-http resources: {} - args: - proxy-api - -addr=:8086 - -metrics-addr=:9996 - -destination-addr=:8089 - -telemetry-addr=:8087 - -log-level=ControllerLogLevel image: ControllerImage imagePullPolicy: ImagePullPolicy name: proxy-api ports: - containerPort: 8086 name: grpc - containerPort: 9996 name: admin-http resources: {} - args: - tap - -addr=:8088 - -metrics-addr=:9998 - -log-level=ControllerLogLevel image: ControllerImage imagePullPolicy: ImagePullPolicy name: tap ports: - containerPort: 8088 name: grpc - containerPort: 9998 name: admin-http resources: {} - args: - telemetry - -addr=:8087 - -metrics-addr=:9997 - -ignore-namespaces=kube-system - -prometheus-url=http://prometheus.Namespace.svc.cluster.local:9090 - -log-level=ControllerLogLevel image: ControllerImage imagePullPolicy: ImagePullPolicy name: telemetry ports: - containerPort: 8087 name: grpc - containerPort: 9997 name: admin-http resources: {} - env: - name: CONDUIT_PROXY_LOG value: warn,conduit_proxy=info - name: CONDUIT_PROXY_CONTROL_URL value: tcp://localhost:8086 - name: CONDUIT_PROXY_CONTROL_LISTENER value: tcp://0.0.0.0:4190 - name: CONDUIT_PROXY_PRIVATE_LISTENER value: tcp://127.0.0.1:4140 - name: CONDUIT_PROXY_PUBLIC_LISTENER value: tcp://0.0.0.0:4143 - name: CONDUIT_PROXY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: CONDUIT_PROXY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: CONDUIT_PROXY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONDUIT_PROXY_DESTINATIONS_AUTOCOMPLETE_FQDN value: Kubernetes image: gcr.io/runconduit/proxy:undefined imagePullPolicy: IfNotPresent name: conduit-proxy ports: - containerPort: 4143 name: conduit-proxy resources: {} securityContext: runAsUser: 2102 initContainers: - args: - --incoming-proxy-port - "4143" - --outgoing-proxy-port - "4140" - --proxy-uid - "2102" - --inbound-ports-to-ignore - "4190" image: gcr.io/runconduit/proxy-init:undefined imagePullPolicy: IfNotPresent name: conduit-init resources: {} securityContext: capabilities: add: - NET_ADMIN privileged: false serviceAccount: conduit-controller status: {} --- kind: Service apiVersion: v1 metadata: name: web namespace: Namespace labels: ControllerComponentLabel: web annotations: CreatedByAnnotation: CliVersion spec: type: ClusterIP selector: ControllerComponentLabel: web ports: - name: http port: 8084 targetPort: 8084 - name: admin-http port: 9994 targetPort: 9994 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: CreatedByAnnotation: CliVersion creationTimestamp: null labels: ControllerComponentLabel: web name: web namespace: Namespace spec: replicas: 2 strategy: {} template: metadata: annotations: CreatedByAnnotation: CliVersion conduit.io/created-by: conduit/cli undefined conduit.io/proxy-version: undefined creationTimestamp: null labels: ControllerComponentLabel: web conduit.io/control-plane-ns: Namespace spec: containers: - args: - -addr=:8084 - -metrics-addr=:9994 - -api-addr=api:8085 - -static-dir=/dist - -template-dir=/templates - -uuid=UUID - -controller-namespace=Namespace - -log-level=ControllerLogLevel image: WebImage imagePullPolicy: ImagePullPolicy name: web ports: - containerPort: 8084 name: http - containerPort: 9994 name: admin-http resources: {} - env: - name: CONDUIT_PROXY_LOG value: warn,conduit_proxy=info - name: CONDUIT_PROXY_CONTROL_URL value: tcp://proxy-api.Namespace.svc.cluster.local:8086 - name: CONDUIT_PROXY_CONTROL_LISTENER value: tcp://0.0.0.0:4190 - name: CONDUIT_PROXY_PRIVATE_LISTENER value: tcp://127.0.0.1:4140 - name: CONDUIT_PROXY_PUBLIC_LISTENER value: tcp://0.0.0.0:4143 - name: CONDUIT_PROXY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: CONDUIT_PROXY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: CONDUIT_PROXY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONDUIT_PROXY_DESTINATIONS_AUTOCOMPLETE_FQDN value: Kubernetes image: gcr.io/runconduit/proxy:undefined imagePullPolicy: IfNotPresent name: conduit-proxy ports: - containerPort: 4143 name: conduit-proxy resources: {} securityContext: runAsUser: 2102 initContainers: - args: - --incoming-proxy-port - "4143" - --outgoing-proxy-port - "4140" - --proxy-uid - "2102" - --inbound-ports-to-ignore - "4190" image: gcr.io/runconduit/proxy-init:undefined imagePullPolicy: IfNotPresent name: conduit-init resources: {} securityContext: capabilities: add: - NET_ADMIN privileged: false status: {} --- kind: Service apiVersion: v1 metadata: name: prometheus namespace: Namespace labels: ControllerComponentLabel: prometheus annotations: CreatedByAnnotation: CliVersion spec: type: ClusterIP selector: ControllerComponentLabel: prometheus ports: - name: http port: 9090 targetPort: 9090 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: CreatedByAnnotation: CliVersion creationTimestamp: null labels: ControllerComponentLabel: prometheus name: prometheus namespace: Namespace spec: replicas: 3 strategy: {} template: metadata: annotations: CreatedByAnnotation: CliVersion conduit.io/created-by: conduit/cli undefined conduit.io/proxy-version: undefined creationTimestamp: null labels: ControllerComponentLabel: prometheus conduit.io/control-plane-ns: Namespace spec: containers: - args: - --storage.tsdb.retention=6h - --config.file=/etc/prometheus/prometheus.yml image: PrometheusImage imagePullPolicy: ImagePullPolicy name: prometheus ports: - containerPort: 9090 name: http resources: {} volumeMounts: - mountPath: /etc/prometheus name: prometheus-config readOnly: true - args: - proxy - -p - "8001" image: buoyantio/kubectl:v1.6.2 name: kubectl resources: {} - env: - name: CONDUIT_PROXY_LOG value: warn,conduit_proxy=info - name: CONDUIT_PROXY_CONTROL_URL value: tcp://proxy-api.Namespace.svc.cluster.local:8086 - name: CONDUIT_PROXY_CONTROL_LISTENER value: tcp://0.0.0.0:4190 - name: CONDUIT_PROXY_PRIVATE_LISTENER value: tcp://127.0.0.1:4140 - name: CONDUIT_PROXY_PUBLIC_LISTENER value: tcp://0.0.0.0:4143 - name: CONDUIT_PROXY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: CONDUIT_PROXY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: CONDUIT_PROXY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONDUIT_PROXY_DESTINATIONS_AUTOCOMPLETE_FQDN value: Kubernetes image: gcr.io/runconduit/proxy:undefined imagePullPolicy: IfNotPresent name: conduit-proxy ports: - containerPort: 4143 name: conduit-proxy resources: {} securityContext: runAsUser: 2102 initContainers: - args: - --incoming-proxy-port - "4143" - --outgoing-proxy-port - "4140" - --proxy-uid - "2102" - --inbound-ports-to-ignore - "4190" image: gcr.io/runconduit/proxy-init:undefined imagePullPolicy: IfNotPresent name: conduit-init resources: {} securityContext: capabilities: add: - NET_ADMIN privileged: false serviceAccount: conduit-prometheus volumes: - configMap: name: prometheus-config name: prometheus-config status: {} --- kind: ConfigMap apiVersion: v1 metadata: name: prometheus-config namespace: Namespace labels: ControllerComponentLabel: prometheus annotations: CreatedByAnnotation: CliVersion data: prometheus.yml: |- global: scrape_interval: 10s evaluation_interval: 10s scrape_configs: - job_name: 'prometheus' static_configs: - targets: ['localhost:9090'] - job_name: 'controller' kubernetes_sd_configs: - role: pod namespaces: names: ['Namespace'] relabel_configs: - source_labels: [__meta_kubernetes_pod_container_port_name] action: keep regex: ^admin-http$ - source_labels: [__meta_kubernetes_pod_container_name] action: replace target_label: job ---