github.com/mirantis/virtlet@v1.5.2-0.20191204181327-1659b8a48e9b/deploy/data/virtlet-ds.yaml (about) 1 --- 2 apiVersion: apps/v1 3 kind: DaemonSet 4 metadata: 5 name: virtlet 6 namespace: kube-system 7 spec: 8 selector: 9 matchLabels: 10 runtime: virtlet 11 template: 12 metadata: 13 name: virtlet 14 labels: 15 runtime: virtlet 16 spec: 17 hostNetwork: true 18 dnsPolicy: ClusterFirstWithHostNet 19 # hostPID is true to (1) enable VMs to survive virtlet container restart 20 # (to be checked) and (2) to enable the use of nsenter in init container 21 hostPID: true 22 # bootstrap procedure needs to create a configmap in kube-system namespace 23 serviceAccountName: virtlet 24 25 # only run Virtlet pods on the nodes with extraRuntime=virtlet label 26 affinity: 27 nodeAffinity: 28 requiredDuringSchedulingIgnoredDuringExecution: 29 nodeSelectorTerms: 30 - matchExpressions: 31 - key: extraRuntime 32 operator: In 33 values: 34 - virtlet 35 36 initContainers: 37 # The init container copies virtlet's flexvolume driver 38 # to the default kubelet plugin dir and ensures that 39 # the directories needed by libvirt & virtlet exist on the host 40 - name: prepare-node 41 image: mirantis/virtlet 42 imagePullPolicy: IfNotPresent 43 command: 44 - /prepare-node.sh 45 volumeMounts: 46 - name: k8s-flexvolume-plugins-dir 47 mountPath: /kubelet-volume-plugins 48 - name: run 49 # Don't add "mountPropagation: Bidirectional", it will lack mount entry 50 mountPath: /run 51 - name: dockersock 52 mountPath: /var/run/docker.sock 53 - name: log 54 mountPath: /hostlog 55 # for ensuring that /var/lib/libvirt/images exists on node 56 - name: var-lib 57 mountPath: /host-var-lib 58 - name: dev 59 mountPath: /dev 60 - mountPath: /var/lib/virtlet 61 name: virtlet 62 securityContext: 63 privileged: true 64 env: 65 - name: KUBE_NODE_NAME 66 valueFrom: 67 fieldRef: 68 apiVersion: v1 69 fieldPath: spec.nodeName 70 - name: VIRTLET_DISABLE_KVM 71 valueFrom: 72 configMapKeyRef: 73 name: virtlet-config 74 key: disable_kvm 75 optional: true 76 - name: VIRTLET_SRIOV_SUPPORT 77 valueFrom: 78 configMapKeyRef: 79 name: virtlet-config 80 key: sriov_support 81 optional: true 82 - name: VIRTLET_DOWNLOAD_PROTOCOL 83 valueFrom: 84 configMapKeyRef: 85 name: virtlet-config 86 key: download_protocol 87 optional: true 88 - name: VIRTLET_LOGLEVEL 89 valueFrom: 90 configMapKeyRef: 91 name: virtlet-config 92 key: loglevel 93 optional: true 94 - name: VIRTLET_CALICO_SUBNET 95 valueFrom: 96 configMapKeyRef: 97 name: virtlet-config 98 key: calico-subnet 99 optional: true 100 - name: IMAGE_REGEXP_TRANSLATION 101 valueFrom: 102 configMapKeyRef: 103 name: virtlet-config 104 key: image_regexp_translation 105 optional: true 106 - name: VIRTLET_RAW_DEVICES 107 valueFrom: 108 configMapKeyRef: 109 name: virtlet-config 110 key: raw_devices 111 optional: true 112 - name: VIRTLET_DISABLE_LOGGING 113 valueFrom: 114 configMapKeyRef: 115 name: virtlet-config 116 key: disable_logging 117 optional: true 118 - name: VIRTLET_CPU_MODEL 119 valueFrom: 120 configMapKeyRef: 121 name: virtlet-config 122 key: cpu-model 123 optional: true 124 - name: KUBELET_ROOT_DIR 125 valueFrom: 126 configMapKeyRef: 127 name: virtlet-config 128 key: kubelet_root_dir 129 optional: true 130 - name: VIRTLET_IMAGE_TRANSLATIONS_DIR 131 value: /etc/virtlet/images 132 133 containers: 134 - name: libvirt 135 image: mirantis/virtlet 136 # In case we inject local virtlet image we want to use it not officially available one 137 imagePullPolicy: IfNotPresent 138 command: 139 - /libvirt.sh 140 volumeMounts: 141 - mountPath: /etc/libvirt/qemu 142 name: qemu 143 - mountPath: /sys/fs/cgroup 144 name: cgroup 145 - mountPath: /lib/modules 146 name: modules 147 readOnly: true 148 - mountPath: /boot 149 name: boot 150 readOnly: true 151 - mountPath: /run 152 # Don't add "mountPropagation: Bidirectional", it will lack mount entry 153 name: run 154 - mountPath: /var/lib/virtlet 155 name: virtlet 156 - mountPath: /var/lib/libvirt 157 name: libvirt 158 - mountPath: /var/run/libvirt 159 name: libvirt-sockets 160 # the log dir is needed here because otherwise libvirt will produce errors 161 # like this: 162 # Unable to pre-create chardev file '/var/log/vms/afd75bbb-8e97-11e7-9561-02420ac00002/cirros-vm_0.log': No such file or directory 163 - name: vms-log 164 mountPath: /var/log/vms 165 - name: libvirt-log 166 mountPath: /var/log/libvirt 167 - name: dev 168 mountPath: /dev 169 securityContext: 170 privileged: true 171 readinessProbe: 172 exec: 173 command: 174 - /bin/sh 175 - -c 176 - socat - UNIX:/var/run/libvirt/libvirt-sock-ro </dev/null 177 - name: virtlet 178 image: mirantis/virtlet 179 # In case we inject local virtlet image we want to use it not officially available one 180 imagePullPolicy: IfNotPresent 181 volumeMounts: 182 - mountPath: /etc/libvirt/qemu 183 name: qemu 184 - mountPath: /run 185 # Don't add "mountPropagation: Bidirectional", it will lack mount entry 186 name: run 187 # /boot and /lib/modules are required by supermin 188 - mountPath: /lib/modules 189 name: modules 190 readOnly: true 191 - mountPath: /boot 192 name: boot 193 readOnly: true 194 - name: dev 195 mountPath: /dev 196 - mountPath: /var/lib/virtlet 197 name: virtlet 198 mountPropagation: Bidirectional 199 - mountPath: /var/lib/libvirt 200 name: libvirt 201 - mountPath: /var/run/libvirt 202 name: libvirt-sockets 203 - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec 204 name: k8s-flexvolume-plugins-dir 205 - mountPath: /var/lib/kubelet/pods 206 name: k8s-pods-dir 207 mountPropagation: Bidirectional 208 - name: vms-log 209 mountPath: /var/log/vms 210 - mountPath: /etc/virtlet/images 211 name: image-name-translations 212 - name: pods-log 213 mountPath: /var/log/pods 214 # needed for diagnostic purposes 215 - name: libvirt-log 216 mountPath: /var/log/libvirt 217 - name: netns-dir 218 mountPath: /var/run/netns 219 mountPropagation: Bidirectional 220 - name: cgroup 221 mountPath: /sys/fs/cgroup 222 securityContext: 223 privileged: true 224 readinessProbe: 225 exec: 226 command: 227 - /bin/sh 228 - -c 229 - grpc_health_probe -addr UNIX:/run/virtlet.sock 230 - name: vms 231 image: mirantis/virtlet 232 imagePullPolicy: IfNotPresent 233 command: 234 - /vms.sh 235 volumeMounts: 236 - mountPath: /var/lib/virtlet 237 name: virtlet 238 mountPropagation: HostToContainer 239 - mountPath: /var/lib/libvirt 240 name: libvirt 241 - name: vms-log 242 mountPath: /var/log/vms 243 - mountPath: /var/lib/kubelet/pods 244 name: k8s-pods-dir 245 mountPropagation: HostToContainer 246 - name: dev 247 mountPath: /dev 248 - name: modules 249 mountPath: /lib/modules 250 volumes: 251 # /dev is needed for host raw device access 252 - hostPath: 253 path: /dev 254 name: dev 255 - hostPath: 256 path: /sys/fs/cgroup 257 name: cgroup 258 - hostPath: 259 path: /lib/modules 260 name: modules 261 - hostPath: 262 path: /boot 263 name: boot 264 - hostPath: 265 path: /run 266 name: run 267 # TODO: don't hardcode docker socket location here 268 # This will require CRI proxy installation to run 269 # in host mount namespace. 270 - hostPath: 271 path: /var/run/docker.sock 272 name: dockersock 273 - hostPath: 274 path: /var/lib/virtlet 275 name: virtlet 276 - hostPath: 277 path: /var/lib/libvirt 278 name: libvirt 279 - hostPath: 280 path: /var/log 281 name: log 282 - hostPath: 283 path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec 284 name: k8s-flexvolume-plugins-dir 285 - hostPath: 286 path: /var/lib/kubelet/pods 287 name: k8s-pods-dir 288 - hostPath: 289 path: /var/lib 290 name: var-lib 291 - hostPath: 292 path: /var/log/virtlet/vms 293 name: vms-log 294 - hostPath: 295 path: /var/log/libvirt 296 name: libvirt-log 297 - hostPath: 298 path: /var/run/libvirt 299 name: libvirt-sockets 300 - hostPath: 301 path: /var/log/pods 302 name: pods-log 303 - hostPath: 304 path: /var/run/netns 305 name: netns-dir 306 - hostPath: 307 path: /etc/libvirt/qemu 308 name: qemu 309 - configMap: 310 name: virtlet-image-translations 311 name: image-name-translations 312 --- 313 apiVersion: rbac.authorization.k8s.io/v1beta1 314 kind: ClusterRoleBinding 315 metadata: 316 name: virtlet 317 roleRef: 318 apiGroup: rbac.authorization.k8s.io 319 kind: ClusterRole 320 name: virtlet 321 subjects: 322 - kind: ServiceAccount 323 name: virtlet 324 namespace: kube-system 325 --- 326 kind: ClusterRole 327 apiVersion: rbac.authorization.k8s.io/v1beta1 328 metadata: 329 name: virtlet 330 namespace: kube-system 331 rules: 332 - apiGroups: 333 - "" 334 resources: 335 - configmaps 336 - nodes 337 verbs: 338 - create 339 - get 340 --- 341 apiVersion: rbac.authorization.k8s.io/v1beta1 342 kind: ClusterRole 343 metadata: 344 name: configmap-reader 345 rules: 346 - apiGroups: 347 - "" 348 resources: 349 - configmaps 350 verbs: 351 - get 352 - list 353 - watch 354 --- 355 apiVersion: rbac.authorization.k8s.io/v1beta1 356 kind: ClusterRole 357 metadata: 358 name: virtlet-userdata-reader 359 rules: 360 - apiGroups: 361 - "" 362 resources: 363 - configmaps 364 - secrets 365 verbs: 366 - get 367 --- 368 apiVersion: rbac.authorization.k8s.io/v1beta1 369 kind: ClusterRoleBinding 370 metadata: 371 name: kubelet-node-binding 372 roleRef: 373 apiGroup: rbac.authorization.k8s.io 374 kind: ClusterRole 375 name: configmap-reader 376 subjects: 377 - apiGroup: rbac.authorization.k8s.io 378 kind: Group 379 name: system:nodes 380 --- 381 apiVersion: rbac.authorization.k8s.io/v1beta1 382 kind: ClusterRoleBinding 383 metadata: 384 name: vm-userdata-binding 385 roleRef: 386 apiGroup: rbac.authorization.k8s.io 387 kind: ClusterRole 388 name: virtlet-userdata-reader 389 subjects: 390 - kind: ServiceAccount 391 name: virtlet 392 namespace: kube-system 393 --- 394 kind: ClusterRole 395 apiVersion: rbac.authorization.k8s.io/v1beta1 396 metadata: 397 name: virtlet-crd 398 rules: 399 - apiGroups: 400 - "apiextensions.k8s.io" 401 resources: 402 - customresourcedefinitions 403 verbs: 404 - create 405 - apiGroups: 406 - "virtlet.k8s" 407 resources: 408 - virtletimagemappings 409 - virtletconfigmappings 410 verbs: 411 - list 412 - get 413 --- 414 apiVersion: rbac.authorization.k8s.io/v1beta1 415 kind: ClusterRoleBinding 416 metadata: 417 name: virtlet-crd 418 roleRef: 419 apiGroup: rbac.authorization.k8s.io 420 kind: ClusterRole 421 name: virtlet-crd 422 subjects: 423 - kind: ServiceAccount 424 name: virtlet 425 namespace: kube-system 426 --- 427 apiVersion: v1 428 kind: ServiceAccount 429 metadata: 430 name: virtlet 431 namespace: kube-system