Home Explore Help
Sign In
wigust
/
dotfiles
Watch 2
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5fc73fc919
Branches Tags
dotfiles
/
infrastructure
/
base
/
openwrt
/
pod.yaml

pod.yaml 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. apiVersion: v1
    2. 

  2. kind: Pod
    3. 

  3. metadata:
    4. 

  4.   name: openwrt
    5. 

  5.   annotations:
    6. 

  6.     # Setting spec.force to true will make Flux recreate the Pod when any
    7. 

  7.     # immutable field is changed, forcing the Pod to run every time the
    8. 

  8.     # container image tag changes.
    9. 

  9.     kustomize.toolkit.fluxcd.io/force: enabled
    10. 

  10. spec:
    11. 

  11.   restartPolicy: Never
    12. 

  12.   automountServiceAccountToken: false
    13. 

  13.   containers:
    14. 

  14.   - image: harbor.home.wugi.info/openwrt/rootfs:latest
    15. 

  15.     name: openwrt
    16. 

  16.     command:
    17. 

  17.     - /bin/sleep
    18. 

  18.     - infinity
    19. 

  19. 

  20.     # - /bin/sh
    21. 

  21.     # - -c
    22. 

  22.     # - |
    23. 

  23.     #   set -o nounset -o errexit -o pipefail -o xtrace
    24. 

  24.     #   while [ -e /continue ]
    25. 

  25.     #   do
    26. 

  26.     #       sleep 5
    27. 

  27.     #   done
    28. 

  28.     #   network_namespace=$(printf ip-netns-%s $(tr -dc A-Za-z0-9 </dev/urandom | head -c 12))
    29. 

  29.     #   ip netns add $network_namespace
    30. 

  30.     #   network_interface=$(printf macvlan%s $(tr -dc A-Za-z0-9 </dev/urandom | head -c 8))
    31. 

  31.     #   ip link add $network_interface link $SOURCE_NETWORK_INTERFACE_NAME type macvlan mode bridge
    32. 

  32.     #   ip link set $network_interface netns $network_namespace
    33. 

  33.     #   ip netns exec $network_namespace ip link set dev $network_interface name eth0
    34. 

  34.     #   ip netns exec $network_namespace ip link set eth0 up
    35. 

  35.     #   ip netns exec $network_namespace ip addr add $TARGET_NETWORK_INTERFACE_IP_ADDRESS dev eth0
    36. 

  36.     #   ip netns exec $network_namespace ip route add default via $TARGET_NETWORK_INTERFACE_GATEWAY dev eth0
    37. 

  37.     #   # XXX: Delete ping after fixing network availability without egress traffic from pod.
    38. 

  38.     #   ip netns exec $network_namespace ping -c1 $TARGET_NETWORK_INTERFACE_GATEWAY || true
    39. 

  39.     #   exec ip netns exec $network_namespace /sbin/init
    40. 

  40.     env:
    41. 

  41.     - name: SOURCE_NETWORK_INTERFACE_NAME
    42. 

  42.       value: eth0
    43. 

  43.     - name: TARGET_NETWORK_INTERFACE_IP_ADDRESS
    44. 

  44.       value: 192.168.0.148/24
    45. 

  45.     - name: TARGET_NETWORK_INTERFACE_GATEWAY
    46. 

  46.       value: 192.168.0.1
    47. 

  47.     ports:
    48. 

  48.     - containerPort: 80
    49. 

  49.       name: http
    50. 

  50.       protocol: TCP
    51. 

  51.     resources:
    52. 

  52.       limits:
    53. 

  53.         cpu: 2000m
    54. 

  54.         memory: 4096Mi
    55. 

  55.       requests:
    56. 

  56.         cpu: 100m
    57. 

  57.         memory: 512Mi
    58. 

  58.     securityContext:
    59. 

  59.       capabilities:
    60. 

  60.         add:
    61. 

  61.         - NET_ADMIN
    62. 

  62.         - NET_BIND_SERVICE
    63. 

  63.         - NET_RAW
    64. 

  64.         - SYS_ADMIN
    65. 

  65.     tty: true
    66. 

  66.     volumeMounts:
    67. 

  67.     - mountPath: /run
    68. 

  68.       name: run
    69. 

  69.     - mountPath: /tmp
    70. 

  70.       name: tmp
    71. 

  71.   volumes:
    72. 

  72.   - emptyDir:
    73. 

  73.       medium: Memory
    74. 

  74.       sizeLimit: 512M
    75. 

  75.     name: run
    76. 

  76.   - emptyDir:
    77. 

  77.       medium: Memory
    78. 

  78.       sizeLimit: 2G
    79. 

  79.     name: tmp
    80. 

  80.