Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / eeed6fb6daa0b3a6d726a000677074e3260f1f59 / . / cluster / kube / cluster.jsonnet
blob: c79a827916b585354d2bbaabeba33141902f66aa [file] [log] [blame]
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]1# Top level cluster configuration.
2
3local kube = import "../../kube/kube.libsonnet";
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]4local coredns = import "lib/coredns.libsonnet";
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]5local metrics = import "lib/metrics.libsonnet";
6local calico = import "lib/calico.libsonnet";
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]7local metallb = import "lib/metallb.libsonnet";
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]8
9local Cluster(fqdn) = {
10 local cluster = self,
11
12 // These are required to let the API Server contact kubelets.
13 crAPIServerToKubelet: kube.ClusterRole("system:kube-apiserver-to-kubelet") {
14 metadata+: {
15 annotations+: {
16 "rbac.authorization.kubernetes.io/autoupdate": "true",
17 },
18 labels+: {
19 "kubernets.io/bootstrapping": "rbac-defaults",
20 },
21 },
22 rules: [
23 {
24 apiGroups: [""],
25 resources: ["nodes/%s" % r for r in [ "proxy", "stats", "log", "spec", "metrics" ]],
26 verbs: ["*"],
27 },
28 ],
29 },
Sergiusz Bazanski5bebbeb2019-01-13 22:08:05 +0100[diff] [blame]30 crbAPIServer: kube.ClusterRoleBinding("system:kube-apiserver") {
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]31 roleRef: {
32 apiGroup: "rbac.authorization.k8s.io",
33 kind: "ClusterRole",
34 name: cluster.crAPIServerToKubelet.metadata.name,
35 },
36 subjects: [
37 {
38 apiGroup: "rbac.authorization.k8s.io",
39 kind: "User",
40 # A cluster API Server authenticates with a certificate whose CN is == to the FQDN of the cluster.
41 name: fqdn,
42 },
43 ],
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]44 },
45
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]46 // Calico network fabric
47 calico: calico.Environment {},
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]48 // CoreDNS for this cluster.
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]49 dns: coredns.Environment {},
50 // Metrics Server
51 metrics: metrics.Environment {},
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]52 // Metal Load Balancer
53 metallb: metallb.Environment {},
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]54};
55
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]56
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]57{
58 k0: Cluster("k0.hswaw.net"),
59}