adapt k8s 1.8

k8s-daemonset/README.md

@@ -51,6 +51,14 @@ one is best for your use case.
 
 #### Daemonsets
 
+If cluster enable RBAC please setting up the permission:
+
+```bash
+kubectl apply -f k8s/linkerd-rbac-beta.yml
+```
+
+* [Using Linkerd with Kubernetes RBAC](https://buoyant.io/2017/07/24/using-linkerd-kubernetes-rbac/)
+
 For the most basic linkerd DaemonSets configuration, you can run:
 
 ```bash
@@ -86,7 +94,15 @@ To deploy this configuration, you can run:
 ```bash
 kubectl apply -f k8s/certificates.yml
 kubectl apply -f k8s/namerd.yml
-kubectl apply -f k8s/linkerd-namerd-cni.yml
+kubectl apply -f k8s/linkerd-namerd-cni-tls.yml
+```
+
+If Kubernets version < 1.8, you can run:
+
+```bash
+kubectl apply -f k8s/certificates.yml
+kubectl apply -f k8s/namerd-legacy.yml
+kubectl apply -f k8s/linkerd-namerd-cni-tls.yml
 ```
 
 This configuration enables routing via io.l5d.namerd on port 4140, and

k8s-daemonset/k8s/namerd-legacy.yml

@@ -0,0 +1,198 @@
+---
+kind: ThirdPartyResource
+apiVersion: extensions/v1beta1
+metadata:
+  name: d-tab.l5d.io
+description: stores dtabs used by namerd
+versions:
+- name: v1alpha1
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: namerd-config
+data:
+  config.yml: |-
+    admin:
+      ip: 0.0.0.0
+      port: 9991
+
+    namers:
+    - kind: io.l5d.k8s
+      experimental: true
+      host: localhost
+      port: 8001
+
+    storage:
+      kind: io.l5d.k8s
+      host: localhost
+      port: 8001
+      namespace: default
+
+    interfaces:
+    - kind: io.l5d.thriftNameInterpreter
+      ip: 0.0.0.0
+      port: 4100
+    - kind: io.l5d.thriftNameInterpreter
+      ip: 0.0.0.0
+      port: 4101
+      tls:
+        certPath: /io.buoyant/namerd/certs/certificate.pem
+        keyPath: /io.buoyant/namerd/certs/key.pk8
+    - kind: io.l5d.httpController
+      ip: 0.0.0.0
+      port: 4180
+    - kind: io.l5d.httpController
+      ip: 0.0.0.0
+      port: 4181
+      tls:
+        certPath: /io.buoyant/namerd/certs/certificate.pem
+        keyPath: /io.buoyant/namerd/certs/key.pk8
+    - kind: io.l5d.mesh
+      ip: 0.0.0.0
+      port: 4321
+    - kind: io.l5d.mesh
+      ip: 0.0.0.0
+      port: 4322
+      tls:
+        certPath: /io.buoyant/namerd/certs/certificate.pem
+        keyPath: /io.buoyant/namerd/certs/key.pk8
+
+---
+kind: ReplicationController
+apiVersion: v1
+metadata:
+  name: namerd
+spec:
+  replicas: 1
+  selector:
+    app: namerd
+  template:
+    metadata:
+      labels:
+        app: namerd
+    spec:
+      dnsPolicy: ClusterFirst
+      volumes:
+      - name: namerd-config
+        configMap:
+          name: namerd-config
+      - name: certificates
+        secret:
+          secretName: certificates
+      containers:
+      - name: namerd
+        image: buoyantio/namerd:1.3.2
+        args:
+        - /io.buoyant/namerd/config/config.yml
+        ports:
+        - name: thrift
+          containerPort: 4100
+        - name: thrift-tls
+          containerPort: 4101
+        - name: http
+          containerPort: 4180
+        - name: http-tls
+          containerPort: 4181
+        - name: mesh
+          containerPort: 4321
+        - name: mesh-tls
+          containerPort: 4322
+        - name: admin
+          containerPort: 9991
+        volumeMounts:
+        - name: "namerd-config"
+          mountPath: "/io.buoyant/namerd/config"
+          readOnly: true
+        - name: "certificates"
+          mountPath: "/io.buoyant/namerd/certs"
+          readOnly: true
+      - name: kubectl
+        image: buoyantio/kubectl:v1.8.5
+        args:
+        - "proxy"
+        - "-p"
+        - "8001"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: namerd
+spec:
+  selector:
+    app: namerd
+  type: LoadBalancer
+  ports:
+  - name: thrift
+    port: 4100
+  - name: thrift-tls
+    port: 4101
+  - name: http
+    port: 4180
+  - name: http-tls
+    port: 4181
+  - name: mesh
+    port: 4321
+  - name: mesh-tls
+    port: 4322
+  - name: admin
+    port: 9991
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: namerctl-script
+data:
+  createNs.sh: |-
+    #!/bin/sh
+
+    set -e
+
+    if namerctl dtab get external > /dev/null 2>&1; then
+      echo "external namespace already exists"
+    else
+      echo "
+      /host       => /#/io.l5d.k8s/default/http/hello;
+      /svc/*      => /host;
+      " | namerctl dtab create external -
+    fi
+
+    if namerctl dtab get internal > /dev/null 2>&1; then
+      echo "internal namespace already exists"
+    else
+      echo "
+      /srv        => /#/io.l5d.k8s/default/http;
+      /host       => /srv;
+      /tmp        => /srv;
+      /svc        => /host;
+      /host/world => /srv/world-v1;
+      " | namerctl dtab create internal -
+    fi
+---
+kind: Job
+apiVersion: batch/v1
+metadata:
+  name: namerctl
+spec:
+  template:
+    metadata:
+      name: namerctl
+    spec:
+      volumes:
+      - name: namerctl-script
+        configMap:
+          name: namerctl-script
+          defaultMode: 0755
+      containers:
+      - name: namerctl
+        image: linkerd/namerctl:0.8.6
+        env:
+        - name: NAMERCTL_BASE_URL
+          value: http://namerd.default.svc.cluster.local:4180
+        command:
+        - "/namerctl/createNs.sh"
+        volumeMounts:
+        - name: "namerctl-script"
+          mountPath: "/namerctl"
+          readOnly: true
+      restartPolicy: OnFailure

k8s-daemonset/k8s/namerd.yml

@@ -1,11 +1,16 @@
 ---
-kind: ThirdPartyResource
-apiVersion: extensions/v1beta1
+kind: CustomResourceDefinition
+apiVersion: apiextensions.k8s.io/v1beta1
 metadata:
-  name: d-tab.l5d.io
-description: stores dtabs used by namerd
-versions:
-- name: v1alpha1
+  name: dtabs.l5d.io
+spec:
+  scope: Namespaced
+  group: l5d.io
+  version: v1alpha1
+  names:
+    kind: DTab
+    plural: dtabs
+    singular: dtab
 ---
 kind: ConfigMap
 apiVersion: v1