diff --git a/contrib/bootkube/kube-router.yaml b/contrib/bootkube/kube-router.yaml index 58139387..c26a46c8 100644 --- a/contrib/bootkube/kube-router.yaml +++ b/contrib/bootkube/kube-router.yaml @@ -12,9 +12,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical containers: - name: kube-router image: cloudnativelabs/kube-router diff --git a/daemonset/generic-kuberouter-all-features-advertise-routes.yaml b/daemonset/generic-kuberouter-all-features-advertise-routes.yaml index e6fbde28..495b29ba 100644 --- a/daemonset/generic-kuberouter-all-features-advertise-routes.yaml +++ b/daemonset/generic-kuberouter-all-features-advertise-routes.yaml @@ -62,9 +62,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router containers: - name: kube-router diff --git a/daemonset/generic-kuberouter-all-features.yaml b/daemonset/generic-kuberouter-all-features.yaml index 05986b21..9e9757e4 100644 --- a/daemonset/generic-kuberouter-all-features.yaml +++ b/daemonset/generic-kuberouter-all-features.yaml @@ -62,9 +62,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router containers: - name: kube-router diff --git a/daemonset/generic-kuberouter-only-advertise-routes.yaml b/daemonset/generic-kuberouter-only-advertise-routes.yaml index e4661cd0..8e20ae0b 100644 --- a/daemonset/generic-kuberouter-only-advertise-routes.yaml +++ b/daemonset/generic-kuberouter-only-advertise-routes.yaml @@ -17,9 +17,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router containers: - name: kube-router diff --git a/daemonset/generic-kuberouter.yaml b/daemonset/generic-kuberouter.yaml index cc7ebf19..36080c16 100644 --- a/daemonset/generic-kuberouter.yaml +++ b/daemonset/generic-kuberouter.yaml @@ -43,9 +43,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router containers: - name: kube-router diff --git a/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml b/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml index c584d3a3..e5077427 100644 --- a/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml +++ b/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml @@ -39,9 +39,8 @@ spec: metadata: labels: k8s-app: kube-router - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical containers: - name: kube-router image: docker.io/cloudnativelabs/kube-router diff --git a/daemonset/kube-router-all-service-daemonset.yaml b/daemonset/kube-router-all-service-daemonset.yaml index c4295f86..4d4f4b44 100644 --- a/daemonset/kube-router-all-service-daemonset.yaml +++ b/daemonset/kube-router-all-service-daemonset.yaml @@ -39,9 +39,8 @@ spec: metadata: labels: k8s-app: kube-router - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical containers: - name: kube-router image: docker.io/cloudnativelabs/kube-router diff --git a/daemonset/kube-router-firewall-daemonset.yaml b/daemonset/kube-router-firewall-daemonset.yaml index 1166ca28..d0a577fa 100644 --- a/daemonset/kube-router-firewall-daemonset.yaml +++ b/daemonset/kube-router-firewall-daemonset.yaml @@ -39,9 +39,8 @@ spec: metadata: labels: k8s-app: kube-router - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical containers: - name: kube-router image: docker.io/cloudnativelabs/kube-router diff --git a/daemonset/kube-router-proxy-daemonset.yaml b/daemonset/kube-router-proxy-daemonset.yaml index ea37a107..249e6688 100644 --- a/daemonset/kube-router-proxy-daemonset.yaml +++ b/daemonset/kube-router-proxy-daemonset.yaml @@ -39,9 +39,8 @@ spec: metadata: labels: k8s-app: kube-router - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical containers: - name: kube-router image: docker.io/cloudnativelabs/kube-router diff --git a/daemonset/kubeadm-kuberouter-all-features-dsr.yaml b/daemonset/kubeadm-kuberouter-all-features-dsr.yaml index 687e86d6..60820592 100644 --- a/daemonset/kubeadm-kuberouter-all-features-dsr.yaml +++ b/daemonset/kubeadm-kuberouter-all-features-dsr.yaml @@ -42,9 +42,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router serviceAccount: kube-router containers: diff --git a/daemonset/kubeadm-kuberouter-all-features-hostport.yaml b/daemonset/kubeadm-kuberouter-all-features-hostport.yaml index 1f4e157e..cff9d6ea 100644 --- a/daemonset/kubeadm-kuberouter-all-features-hostport.yaml +++ b/daemonset/kubeadm-kuberouter-all-features-hostport.yaml @@ -49,9 +49,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router serviceAccount: kube-router containers: diff --git a/daemonset/kubeadm-kuberouter-all-features.yaml b/daemonset/kubeadm-kuberouter-all-features.yaml index 934556ce..9749f142 100644 --- a/daemonset/kubeadm-kuberouter-all-features.yaml +++ b/daemonset/kubeadm-kuberouter-all-features.yaml @@ -42,9 +42,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router serviceAccount: kube-router containers: diff --git a/daemonset/kubeadm-kuberouter.yaml b/daemonset/kubeadm-kuberouter.yaml index 485b2c7b..07918ea9 100644 --- a/daemonset/kubeadm-kuberouter.yaml +++ b/daemonset/kubeadm-kuberouter.yaml @@ -42,9 +42,8 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical serviceAccountName: kube-router serviceAccount: kube-router containers: diff --git a/docs/generic.md b/docs/generic.md index 6f8819eb..317b7fd9 100644 --- a/docs/generic.md +++ b/docs/generic.md @@ -31,7 +31,7 @@ For example: ## Running kube-router with everything -This runs kube-router with pod/service networking, the network policy firewall, and service proxy to replace kube-proxy. The example command uses `10.32.0.0/12` as the pod CIDR address range and `https://cluster01.int.domain.com:6443` as the [apiserver](https://kubernetes.io/docs/reference/generated/kube-apiserver/) address. Please change these to suit your cluster. +This runs kube-router in Kubernetes v1.8+ with pod/service networking, the network policy firewall, and service proxy to replace kube-proxy. The example command uses `10.32.0.0/12` as the pod CIDR address range and `https://cluster01.int.domain.com:6443` as the [apiserver](https://kubernetes.io/docs/reference/generated/kube-apiserver/) address. Please change these to suit your cluster. CLUSTERCIDR=10.32.0.0/12 \ APISERVER=https://cluster01.int.domain.com:6443 \ @@ -53,7 +53,7 @@ Any iptables rules kube-proxy left around will also need to be cleaned up. This ## Running kube-router without the service proxy -This runs kube-router with pod/service networking and the network policy firewall. The Services proxy is disabled. +This runs kube-router in Kubernetes v1.8+ with pod/service networking and the network policy firewall. The Services proxy is disabled. kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/generic-kuberouter.yaml diff --git a/docs/kubeadm.md b/docs/kubeadm.md index 500cae14..1b65faeb 100644 --- a/docs/kubeadm.md +++ b/docs/kubeadm.md @@ -8,7 +8,7 @@ Kube-router provides pod networking, network policy and high perfoming IPVS/LVS ## kube-router providing pod networking and network policy -For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command: +For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command (Kubernetes version should be at least 1.8): ```sh KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml @@ -16,7 +16,7 @@ KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://raw.githubusercon ## kube-router providing service proxy, firewall and pod networking. -For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command: +For the step #3 **Installing a pod network** install a kube-router pod network and network policy add-on with the following command (Kubernetes version should be at least 1.8): ```sh KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter-all-features.yaml diff --git a/docs/user-guide.md b/docs/user-guide.md index 714ed93d..d90bc528 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -93,13 +93,13 @@ Usage of kube-router: - If you choose to use kube-router for pod-to-pod network connectivity then Kubernetes controller manager need to be configured to allocate pod CIDRs by passing `--allocate-node-cidrs=true` flag and providing a `cluster-cidr` (i.e. by passing --cluster-cidr=10.1.0.0/16 for e.g.) -- If you choose to run kube-router as daemonset, then both kube-apiserver and kubelet must be run with `--allow-privileged=true` option +- If you choose to run kube-router as daemonset in Kubernetes version below v1.15, both kube-apiserver and kubelet must be run with `--allow-privileged=true` option. In later Kubernetes versions, only kube-apiserver must be run with `--allow-privileged=true` option and if PodSecurityPolicy admission controller is enabled, you should create PodSecurityPolicy, allowing privileged kube-router pods. - If you choose to use kube-router for pod-to-pod network connecitvity then Kubernetes cluster must be configured to use CNI network plugins. On each node CNI conf file is expected to be present as /etc/cni/net.d/10-kuberouter.conf .`bridge` CNI plugin and `host-local` for IPAM should be used. A sample conf file that can be downloaded as `wget -O /etc/cni/net.d/10-kuberouter.conf https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/cni/10-kuberouter.conf` ## running as daemonset -This is quickest way to deploy kube-router (**dont forget to ensure the requirements**). Just run +This is quickest way to deploy kube-router in Kubernetes v1.8+ (**dont forget to ensure the requirements**). Just run ``` kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kube-router-all-service-daemonset.yaml