Tunnel-edge
Tunnel-edge 配置示例
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tunnel-edge
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tunnel-edge
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tunnel-edge
subjects:
- kind: ServiceAccount
name: tunnel-edge
namespace: edge-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tunnel-edge
namespace: edge-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tunnel-edge-conf
namespace: edge-system
data:
tunnel_edge.toml: |
[mode]
[mode.edge]
[mode.edge.stream]
[mode.edge.stream.client]
token = "{{.TunnelCloudEdgeToken}}"
cert = "/etc/superedge/tunnel/certs/cluster-ca.crt"
dns = "tunnel.cloud.io"
servername = "{{.MasterIP}}:{{.TunnelPersistentConnectionPort}}"
logport = 51010
[mode.edge.https]
cert= "/etc/superedge/tunnel/certs/apiserver-kubelet-client.crt"
key= "/etc/superedge/tunnel/certs/apiserver-kubelet-client.key"
---
apiVersion: v1
data:
cluster-ca.crt: '{{.KubernetesCaCert}}'
apiserver-kubelet-client.crt: '{{.KubeletClientCrt}}'
apiserver-kubelet-client.key: '{{.KubeletClientKey}}'
kind: Secret
metadata:
name: tunnel-edge-cert
namespace: edge-system
type: Opaque
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: tunnel-edge
namespace: edge-system
spec:
selector:
matchLabels:
app: tunnel-edge
template:
metadata:
labels:
app: tunnel-edge
spec:
hostNetwork: true
containers:
- name: tunnel-edge
image: superedge/tunnel:v0.3.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /edge/healthz
port: 51010
initialDelaySeconds: 10
periodSeconds: 180
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
resources:
limits:
cpu: 20m
memory: 40Mi
requests:
cpu: 10m
memory: 10Mi
command:
- /usr/local/bin/tunnel
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
args:
- --m=edge
- --c=/etc/superedge/tunnel/conf/tunnel_edge.toml
- --log-dir=/var/log/tunnel
- --alsologtostderr
volumeMounts:
- name: certs
mountPath: /etc/superedge/tunnel/certs
- name: conf
mountPath: /etc/superedge/tunnel/conf
volumes:
- secret:
secretName: tunnel-edge-cert
name: certs
- configMap:
name: tunnel-edge-conf
name: conf
Feedback
Was this page helpful?
Glad to hear from you! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
最后修改
June 15, 2021
: Fixed error links and paths (fef537b)