Add calicoctl

bin/update.sh

@@ -6,6 +6,13 @@ rmdir generated
 echo -e '---\ncalico_files:' > vars/calico-files.yaml
 cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)|  - "\2"|' >> vars/calico-files.yaml
 rm -f generated.log calico.yaml
+curl https://docs.projectcalico.org/manifests/calicoctl.yaml -O
+kubernetes-split-yaml calicoctl.yaml > generated.log
+mv generated/*.yaml files/
+rmdir generated
+cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)|  - "\2"|' >> vars/calico-files.yaml
+rm -f generated.log calicoctl.yaml
+
 
 # Configure the pod IP range
 line_nb=$(grep -n CALICO_IPV4POOL_CIDR files/calico-node-DaemonSet.yaml | cut -d: -f1)

files/calicoctl-ClusterRole.yaml

@@ -0,0 +1,61 @@
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: calicoctl
+rules:
+  - apiGroups: [""]
+    resources:
+      - namespaces
+      - nodes
+    verbs:
+      - get
+      - list
+      - update
+  - apiGroups: [""]
+    resources:
+      - nodes/status
+    verbs:
+      - update
+  - apiGroups: [""]
+    resources:
+      - pods
+      - serviceaccounts
+    verbs:
+      - get
+      - list
+  - apiGroups: [""]
+    resources:
+      - pods/status
+    verbs:
+      - update
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - bgppeers
+      - bgpconfigurations
+      - clusterinformations
+      - felixconfigurations
+      - globalnetworkpolicies
+      - globalnetworksets
+      - ippools
+      - kubecontrollersconfigurations
+      - networkpolicies
+      - networksets
+      - hostendpoints
+      - ipamblocks
+      - blockaffinities
+      - ipamhandles
+      - ipamconfigs
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+  - apiGroups: ["networking.k8s.io"]
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+

files/calicoctl-ClusterRoleBinding.yaml

@@ -0,0 +1,14 @@
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: calicoctl
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: calicoctl
+subjects:
+- kind: ServiceAccount
+  name: calicoctl
+  namespace: kube-system
+

files/calicoctl-Pod.yaml

@@ -0,0 +1,23 @@
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: calicoctl
+  namespace: kube-system
+spec:
+  nodeSelector:
+    kubernetes.io/os: linux
+  hostNetwork: true
+  serviceAccountName: calicoctl
+  containers:
+  - name: calicoctl
+    image: calico/ctl:v3.18.0
+    command:
+      - /calicoctl
+    args:
+      - version
+      - --poll=1m
+    env:
+    - name: DATASTORE_TYPE
+      value: kubernetes
+

files/calicoctl-ServiceAccount.yaml

@@ -0,0 +1,11 @@
+# Calico Version v3.18.0
+# https://docs.projectcalico.org/releases#v3.18.0
+# This manifest includes the following component versions:
+#   calico/ctl:v3.18.0
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: calicoctl
+  namespace: kube-system
+

vars/calico-files.yaml

@@ -25,3 +25,7 @@ calico_files:
   - "calico-kube-controllers-Deployment.yaml"
   - "calico-kube-controllers-ServiceAccount.yaml"
   - "calico-kube-controllers-PodDisruptionBudget.yaml"
+  - "calicoctl-ServiceAccount.yaml"
+  - "calicoctl-Pod.yaml"
+  - "calicoctl-ClusterRole.yaml"
+  - "calicoctl-ClusterRoleBinding.yaml"