Tunnel-cloud
Tunnel-cloud 配置示例
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tunnel-cloud
namespace: edge-system
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "update"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tunnel-cloud
namespace: edge-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tunnel-cloud
subjects:
- kind: ServiceAccount
name: tunnel-cloud
namespace: edge-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tunnel-cloud
namespace: edge-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tunnel-cloud-conf
namespace: edge-system
data:
tunnel_cloud.toml: |
[mode]
[mode.cloud]
[mode.cloud.stream]
[mode.cloud.stream.server]
grpcport = 9000
logport = 51010
key = "/etc/superedge/tunnel/certs/tunnel-cloud-server.key"
cert = "/etc/superedge/tunnel/certs/tunnel-cloud-server.crt"
tokenfile = "/etc/superedge/tunnel/token/token"
[mode.cloud.stream.dns]
configmap="tunnel-nodes"
hosts = "/etc/superedge/tunnel/nodes/hosts"
service = "tunnel-cloud"
[mode.cloud.tcp]
"0.0.0.0:6443" = "127.0.0.1:6443"
[mode.cloud.https]
cert ="/etc/superedge/tunnel/certs/apiserver-kubelet-server.crt"
key = "/etc/superedge/tunnel/certs/apiserver-kubelet-server.key"
[mode.cloud.https.addr]
"10250" = "127.0.0.1:10250"
"10300" = "127.0.0.1:10250"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tunnel-cloud-token
namespace: edge-system
data:
token: |
default:{{.TunnelCloudEdgeToken}}
---
apiVersion: v1
data:
tunnel-cloud-server.crt: '{{.TunnelPersistentConnectionServerCrt}}'
tunnel-cloud-server.key: '{{.TunnelPersistentConnectionServerKey}}'
apiserver-kubelet-server.crt: '{{.TunnelProxyServerCrt}}'
apiserver-kubelet-server.key: '{{.TunnelProxyServerKey}}'
kind: Secret
metadata:
name: tunnel-cloud-cert
namespace: edge-system
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: tunnel-cloud
namespace: edge-system
spec:
ports:
- name: proxycloud
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: tunnel-cloud
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tunnel-cloud
name: tunnel-cloud
namespace: edge-system
spec:
selector:
matchLabels:
app: tunnel-cloud
template:
metadata:
labels:
app: tunnel-cloud
spec:
serviceAccount: tunnel-cloud
serviceAccountName: tunnel-cloud
containers:
- name: tunnel-cloud
image: superedge/tunnel:v0.3.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /cloud/healthz
port: 51010
initialDelaySeconds: 10
periodSeconds: 60
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 1
command:
- /usr/local/bin/tunnel
args:
- --m=cloud
- --c=/etc/superedge/tunnel/conf/tunnel_cloud.toml
- --log-dir=/var/log/tunnel
- --alsologtostderr
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
volumeMounts:
- name: token
mountPath: /etc/superedge/tunnel/token
- name: certs
mountPath: /etc/superedge/tunnel/certs
- name: hosts
mountPath: /etc/superedge/tunnel/nodes
- name: conf
mountPath: /etc/superedge/tunnel/conf
ports:
- containerPort: 9000
name: tunnel
protocol: TCP
- containerPort: 7000
name: gateway
protocol: TCP
- containerPort: 10250
name: kubelet
protocol: TCP
- containerPort: 6443
name: apiserver
protocol: TCP
resources:
limits:
cpu: 50m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
volumes:
- name: token
configMap:
name: tunnel-cloud-token
- name: certs
secret:
secretName: tunnel-cloud-cert
- name: hosts
configMap:
name: tunnel-nodes
- name: conf
configMap:
name: tunnel-cloud-conf
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
Feedback
Was this page helpful?
Glad to hear from you! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
最后修改
June 15, 2021
: Fixed error links and paths (fef537b)