diff --git a/bin/update.sh b/bin/update.sh index 9a0d4d5..68d6d73 100755 --- a/bin/update.sh +++ b/bin/update.sh @@ -6,6 +6,13 @@ rmdir generated echo -e '---\ncalico_files:' > vars/calico-files.yaml cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> vars/calico-files.yaml rm -f generated.log calico.yaml +curl https://docs.projectcalico.org/manifests/calicoctl.yaml -O +kubernetes-split-yaml calicoctl.yaml > generated.log +mv generated/*.yaml files/ +rmdir generated +cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> vars/calico-files.yaml +rm -f generated.log calicoctl.yaml + # Configure the pod IP range line_nb=$(grep -n CALICO_IPV4POOL_CIDR files/calico-node-DaemonSet.yaml | cut -d: -f1) diff --git a/files/calicoctl-ClusterRole.yaml b/files/calicoctl-ClusterRole.yaml new file mode 100644 index 0000000..71469d5 --- /dev/null +++ b/files/calicoctl-ClusterRole.yaml @@ -0,0 +1,61 @@ + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calicoctl +rules: + - apiGroups: [""] + resources: + - namespaces + - nodes + verbs: + - get + - list + - update + - apiGroups: [""] + resources: + - nodes/status + verbs: + - update + - apiGroups: [""] + resources: + - pods + - serviceaccounts + verbs: + - get + - list + - apiGroups: [""] + resources: + - pods/status + verbs: + - update + - apiGroups: ["crd.projectcalico.org"] + resources: + - bgppeers + - bgpconfigurations + - clusterinformations + - felixconfigurations + - globalnetworkpolicies + - globalnetworksets + - ippools + - kubecontrollersconfigurations + - networkpolicies + - networksets + - hostendpoints + - ipamblocks + - blockaffinities + - ipamhandles + - ipamconfigs + verbs: + - create + - get + - list + - update + - delete + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - get + - list + diff --git a/files/calicoctl-ClusterRoleBinding.yaml b/files/calicoctl-ClusterRoleBinding.yaml new file mode 100644 index 0000000..6953ecc --- /dev/null +++ b/files/calicoctl-ClusterRoleBinding.yaml @@ -0,0 +1,14 @@ + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calicoctl +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calicoctl +subjects: +- kind: ServiceAccount + name: calicoctl + namespace: kube-system + diff --git a/files/calicoctl-Pod.yaml b/files/calicoctl-Pod.yaml new file mode 100644 index 0000000..9a59df1 --- /dev/null +++ b/files/calicoctl-Pod.yaml @@ -0,0 +1,23 @@ + +apiVersion: v1 +kind: Pod +metadata: + name: calicoctl + namespace: kube-system +spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + serviceAccountName: calicoctl + containers: + - name: calicoctl + image: calico/ctl:v3.18.0 + command: + - /calicoctl + args: + - version + - --poll=1m + env: + - name: DATASTORE_TYPE + value: kubernetes + diff --git a/files/calicoctl-ServiceAccount.yaml b/files/calicoctl-ServiceAccount.yaml new file mode 100644 index 0000000..c6bb801 --- /dev/null +++ b/files/calicoctl-ServiceAccount.yaml @@ -0,0 +1,11 @@ +# Calico Version v3.18.0 +# https://docs.projectcalico.org/releases#v3.18.0 +# This manifest includes the following component versions: +# calico/ctl:v3.18.0 + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calicoctl + namespace: kube-system + diff --git a/vars/calico-files.yaml b/vars/calico-files.yaml index 1a6af22..cf96249 100644 --- a/vars/calico-files.yaml +++ b/vars/calico-files.yaml @@ -25,3 +25,7 @@ calico_files: - "calico-kube-controllers-Deployment.yaml" - "calico-kube-controllers-ServiceAccount.yaml" - "calico-kube-controllers-PodDisruptionBudget.yaml" + - "calicoctl-ServiceAccount.yaml" + - "calicoctl-Pod.yaml" + - "calicoctl-ClusterRole.yaml" + - "calicoctl-ClusterRoleBinding.yaml"