我的书签
添加书签
移除书签Tunnel-cloud
Tunnel-cloud 配置示例
---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: tunnel-cloudnamespace: edge-systemrules:- apiGroups: [""]resources: ["configmaps"]verbs: ["get", "update"]- apiGroups: [""]resources: ["endpoints"]verbs: ["get"]- apiGroups: [""]resources: ["services"]verbs: ["get"]---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:name: tunnel-cloudnamespace: edge-systemroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: tunnel-cloudsubjects:- kind: ServiceAccountname: tunnel-cloudnamespace: edge-system---apiVersion: v1kind: ServiceAccountmetadata:name: tunnel-cloudnamespace: edge-system---apiVersion: v1kind: ConfigMapmetadata:name: tunnel-cloud-confnamespace: edge-systemdata:tunnel_cloud.toml: |[mode][mode.cloud][mode.cloud.stream][mode.cloud.stream.server]grpcport = 9000logport = 51010key = "/etc/superedge/tunnel/certs/tunnel-cloud-server.key"cert = "/etc/superedge/tunnel/certs/tunnel-cloud-server.crt"tokenfile = "/etc/superedge/tunnel/token/token"[mode.cloud.stream.dns]configmap="tunnel-nodes"hosts = "/etc/superedge/tunnel/nodes/hosts"service = "tunnel-cloud"[mode.cloud.tcp]"0.0.0.0:6443" = "127.0.0.1:6443"[mode.cloud.https]cert ="/etc/superedge/tunnel/certs/apiserver-kubelet-server.crt"key = "/etc/superedge/tunnel/certs/apiserver-kubelet-server.key"[mode.cloud.https.addr]"10250" = "127.0.0.1:10250""10300" = "127.0.0.1:10250"---apiVersion: v1kind: ConfigMapmetadata:name: tunnel-cloud-tokennamespace: edge-systemdata:token: |default:{{.TunnelCloudEdgeToken}}---apiVersion: v1data:tunnel-cloud-server.crt: '{{.TunnelPersistentConnectionServerCrt}}'tunnel-cloud-server.key: '{{.TunnelPersistentConnectionServerKey}}'apiserver-kubelet-server.crt: '{{.TunnelProxyServerCrt}}'apiserver-kubelet-server.key: '{{.TunnelProxyServerKey}}'kind: Secretmetadata:name: tunnel-cloud-certnamespace: edge-systemtype: Opaque---apiVersion: v1kind: Servicemetadata:name: tunnel-cloudnamespace: edge-systemspec:ports:- name: proxycloudport: 9000protocol: TCPtargetPort: 9000selector:app: tunnel-cloudtype: NodePort---apiVersion: apps/v1kind: Deploymentmetadata:labels:app: tunnel-cloudname: tunnel-cloudnamespace: edge-systemspec:selector:matchLabels:app: tunnel-cloudtemplate:metadata:labels:app: tunnel-cloudspec:serviceAccount: tunnel-cloudserviceAccountName: tunnel-cloudcontainers:- name: tunnel-cloudimage: superedge/tunnel:v0.3.0imagePullPolicy: IfNotPresentlivenessProbe:httpGet:path: /cloud/healthzport: 51010initialDelaySeconds: 10periodSeconds: 60timeoutSeconds: 3successThreshold: 1failureThreshold: 1command:- /usr/local/bin/tunnelargs:- --m=cloud- --c=/etc/superedge/tunnel/conf/tunnel_cloud.toml- --log-dir=/var/log/tunnel- --alsologtostderrenv:- name: POD_IPvalueFrom:fieldRef:apiVersion: v1fieldPath: status.podIP- name: POD_NAMESPACEvalueFrom:fieldRef:apiVersion: v1fieldPath: metadata.namespacevolumeMounts:- name: tokenmountPath: /etc/superedge/tunnel/token- name: certsmountPath: /etc/superedge/tunnel/certs- name: hostsmountPath: /etc/superedge/tunnel/nodes- name: confmountPath: /etc/superedge/tunnel/confports:- containerPort: 9000name: tunnelprotocol: TCP- containerPort: 7000name: gatewayprotocol: TCP- containerPort: 10250name: kubeletprotocol: TCP- containerPort: 6443name: apiserverprotocol: TCPresources:limits:cpu: 50mmemory: 100Mirequests:cpu: 10mmemory: 20Mivolumes:- name: tokenconfigMap:name: tunnel-cloud-token- name: certssecret:secretName: tunnel-cloud-cert- name: hostsconfigMap:name: tunnel-nodes- name: confconfigMap:name: tunnel-cloud-confnodeSelector:node-role.kubernetes.io/master: ""tolerations:- key: "node-role.kubernetes.io/master"operator: "Exists"effect: "NoSchedule"
最后修改 June 15, 2021 : Fixed error links and paths (fef537b)
