Kubernetes-collocated
First ensure the pre-requisites are met
Install SDC Components#
Once the cluster is deployed we install the sdc components. These manifests deploy sdc as a deployment where the pod contains 2 containers:
- the config-server container with the various controllers
- the data-server/schema-server/cache collocated in a single container
To install SDCIO, copy the following snippet into a shell and execute it.
Artifact Content
---
apiVersion: v1
kind: Namespace
metadata:
name: network-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: targetconnectionprofiles.inv.sdcio.dev
spec:
group: inv.sdcio.dev
names:
categories:
- sdc
- inv
kind: TargetConnectionProfile
listKind: TargetConnectionProfileList
plural: targetconnectionprofiles
singular: targetconnectionprofile
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TargetConnectionProfile is the Schema for the TargetConnectionProfile
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TargetConnectionProfileSpec defines the desired state of
TargetConnectionProfile
properties:
commitCandidate:
default: candidate
enum:
- candidate
- running
type: string
x-kubernetes-validations:
- message: UseOperationRemove is immutable
rule: self == oldSelf
connectRetry:
default: 10s
type: string
x-kubernetes-validations:
- message: connectRetry is immutable
rule: self == oldSelf
encoding:
default: JSON_IETF
enum:
- UNKNOWN
- JSON
- JSON_IETF
- PROTO
type: string
x-kubernetes-validations:
- message: encoding is immutable
rule: self == oldSelf
includeNS:
default: false
type: boolean
x-kubernetes-validations:
- message: includeNS is immutable
rule: self == oldSelf
insecure:
default: false
type: boolean
x-kubernetes-validations:
- message: insecure is immutable
rule: self == oldSelf
operationWithNS:
default: false
type: boolean
x-kubernetes-validations:
- message: operationWithNS is immutable
rule: self == oldSelf
port:
default: 57400
description: Port defines the port on which the scan runs
type: integer
x-kubernetes-validations:
- message: port is immutable
rule: self == oldSelf
preferredNetconfVersion:
default: "1.0"
enum:
- "1.0"
- "1.1"
type: string
x-kubernetes-validations:
- message: preferredNetconfVersion is immutable
rule: self == oldSelf
protocol:
default: gnmi
enum:
- unknown
- gnmi
- netconf
- noop
type: string
x-kubernetes-validations:
- message: protocol is immutable
rule: self == oldSelf
skipVerify:
default: true
type: boolean
x-kubernetes-validations:
- message: skipVerify is immutable
rule: self == oldSelf
timeout:
default: 10s
type: string
x-kubernetes-validations:
- message: timeout is immutable
rule: self == oldSelf
useOperationRemove:
default: false
type: boolean
x-kubernetes-validations:
- message: UseOperationRemove is immutable
rule: self == oldSelf
required:
- port
- protocol
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: targets.inv.sdcio.dev
spec:
group: inv.sdcio.dev
names:
categories:
- sdc
- inv
kind: Target
listKind: TargetList
plural: targets
singular: target
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=='Ready')].status
name: READY
type: string
- jsonPath: .status.conditions[?(@.type=='Ready')].message
name: REASON
type: string
- jsonPath: .spec.provider
name: PROVIDER
type: string
- jsonPath: .spec.address
name: ADDRESS
type: string
- jsonPath: .status.discoveryInfo.platform
name: PLATFORM
type: string
- jsonPath: .status.discoveryInfo.serialNumber
name: SERIALNUMBER
type: string
- jsonPath: .status.discoveryInfo.macAddress
name: MACADDRESS
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Target is the Schema for the Target API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TargetSpec defines the desired state of Target
properties:
address:
description: Address defines the address to connect to the target
type: string
connectionProfile:
description: ConnectionProfile define the profile used to connect
to the target once discovered
type: string
credentials:
description: Credentials defines the name of the secret that holds
the credentials to connect to the target
type: string
provider:
description: Provider specifies the provider using this target.
type: string
syncProfile:
description: SyncProfile define the profile used to sync to the target
config once discovered
type: string
tlsSecret:
description: TLSSecret defines the name of the TLS secret to connect
to the target if mtls is used
type: string
required:
- address
- connectionProfile
- credentials
- provider
type: object
status:
description: TargetStatus defines the observed state of Target
properties:
conditions:
description: Conditions of the resource.
items:
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
discoveryInfo:
description: Discovery info defines the information retrieved during
discovery
properties:
hostname:
description: HostName associated with the target
type: string
lastSeen:
description: Last discovery time
format: date-time
type: string
macAddress:
description: MacAddress associated with the target
type: string
platform:
description: Platform associated with the target
type: string
protocol:
description: Protocol used for discovery
type: string
provider:
description: Type associated with the target
type: string
serialNumber:
description: SerialNumber associated with the target
type: string
supportedEncodings:
description: Supported Encodings of the target
items:
type: string
type: array
version:
description: Version associated with the target
type: string
type: object
usedReferences:
description: UsedReferences track the resource used to reconcile the
cr
properties:
connectionProfileResourceVersion:
type: string
secretResourceVersion:
type: string
syncProfileResourceVersion:
type: string
tlsSecretResourceVersion:
type: string
required:
- connectionProfileResourceVersion
- syncProfileResourceVersion
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: discoveryrules.inv.sdcio.dev
spec:
group: inv.sdcio.dev
names:
categories:
- sdc
- inv
kind: DiscoveryRule
listKind: DiscoveryRuleList
plural: discoveryrules
singular: discoveryrule
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=='Ready')].status
name: READY
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: DiscoveryRule is the Schema for the DiscoveryRule API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DiscoveryRuleSpec defines the desired state of DiscoveryRule
properties:
addresses:
description: IP Prefixes for which this discovery rule applies
items:
properties:
address:
description: Address (specified as IP or DNS name) of the target/target(s)
type: string
hostName:
description: HostName of the ip prefix; used for /32 or /128
addresses with discovery disabled
type: string
required:
- address
type: object
type: array
concurrentScans:
description: number of concurrent IP scan
format: int64
type: integer
defaultSchema:
description: DefaultSchema define the default schema used to connect
to a target Indicates that discovery is disable; cannot be used
for prefix based discovery rules
properties:
provider:
description: Provider specifies the provider of the schema.
type: string
version:
description: Version defines the version of the schema
type: string
required:
- provider
- version
type: object
discoveryProfile:
description: DiscoveryProfile define the profiles the discovery controller
uses to discover targets
properties:
connectionProfiles:
description: ConnectionProfiles define the list of profiles the
discovery controller uses to discover the target. The order
in which they are specified is the order in which discovery
is executed.
items:
type: string
type: array
credentials:
description: Credentials defines the name of the secret that holds
the credentials to connect to the target
type: string
tlsSecret:
description: TLSSecret defines the name of the TLS secret to connect
to the target if mtls is used
type: string
required:
- connectionProfiles
- credentials
type: object
period:
description: Period defines the wait period between discovery rule
runs
type: string
podSelector:
description: PodSelector defines the pod selector for which this discovery
rule applies
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
prefixes:
description: IP Prefixes for which this discovery rule applies
items:
properties:
excludes:
description: IP Prefixes to be excluded
items:
type: string
type: array
prefix:
description: Prefix of the target/target(s)
type: string
required:
- prefix
type: object
type: array
serviceDomain:
description: ServiceDomain defines the service domain of the cluster,
used by svc discovery to identify the domain name in the k8s cluster
where the service reside.
type: string
serviceSelector:
description: ServiceSelector defines the service selector for which
this discovery rule applies
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
targetConnectionProfiles:
description: TargetConnectionProfiles define the profile the discovery
controller uses to create targets once discovered
items:
properties:
connectionProfile:
description: ConnectionProfile define the profile used to connect
to the target once discovered
type: string
credentials:
description: Credentials defines the name of the secret that
holds the credentials to connect to the target
type: string
syncProfile:
description: SyncProfile define the profile used to sync to
the target config once discovered
type: string
tlsSecret:
description: TLSSecret defines the name of the TLS secret to
connect to the target if mtls is used
type: string
required:
- connectionProfile
- credentials
type: object
type: array
targetTemplate:
description: TargetTemplate defines the template the discovery controller
uses to create the targets as a result of the discovery
properties:
annotations:
additionalProperties:
type: string
description: Annotations is a key value map to be copied to the
target CR.
type: object
labels:
additionalProperties:
type: string
description: Labels is a key value map to be copied to the target
CR.
type: object
nameTemplate:
description: target name template
type: string
x-kubernetes-validations:
- message: nameTemplate is immutable
rule: self == oldSelf
type: object
required:
- targetConnectionProfiles
type: object
status:
description: DiscoveryRuleStatus defines the observed state of DiscoveryRule
properties:
conditions:
description: Conditions of the resource.
items:
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
startTime:
description: StartTime identifies when the dr got started
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: schemas.inv.sdcio.dev
spec:
group: inv.sdcio.dev
names:
categories:
- sdc
- inv
kind: Schema
listKind: SchemaList
plural: schemas
singular: schema
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=='Ready')].status
name: READY
type: string
- jsonPath: .spec.provider
name: PROVIDER
type: string
- jsonPath: .spec.version
name: VERSION
type: string
- jsonPath: .spec.repositories[0].repoURL
name: URL
type: string
- jsonPath: .spec.repositories[0].ref
name: REF
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Schema is the Schema for the Schema API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SchemaSpec defines the desired state of Schema
properties:
provider:
description: Provider specifies the provider of the schema.
type: string
x-kubernetes-validations:
- message: provider is immutable
rule: self == oldSelf
repositories:
description: Repositories define the repositories used for building
the provider schema
items:
properties:
credentials:
description: Credentials defines the name of the secret that
holds the credentials to connect to the repo
type: string
dirs:
description: Dirs defines the list of directories that identified
the provider schema in src/dst pairs relative within the repository
items:
description: SrcDstPath provide a src/dst pair for the loader
to download the schema from a specific src in the repository
to a given destination in the schema server
properties:
dst:
description: Dst is the relative directory in the schema
server
type: string
src:
description: Src is the relative directory in the repository
URL
type: string
required:
- dst
- src
type: object
maxItems: 10
type: array
kind:
default: tag
description: Kind defines the that the BranchOrTag string is
a repository branch or a tag
enum:
- branch
- tag
type: string
proxy:
description: Proxy defines the HTTP/HTTPS proxy to be used to
download the models.
properties:
URL:
description: URL specifies the base URL of the HTTP/HTTPS
proxy server.
type: string
credentials:
description: Credentials defines the name of the secret
that holds the credentials to connect to the proxy server
type: string
type: object
ref:
description: Ref defines the branch or tag of the repository
corresponding to the provider schema version
type: string
repoURL:
description: RepositoryURL specifies the base URL for a given
repository
type: string
schema:
description: Schema provides the details of which files must
be used for the models and which files/directories cana be
excludes
properties:
excludes:
description: Excludes defines the list of files/directories
to be excluded
items:
type: string
maxItems: 64
type: array
includes:
description: Excludes defines the list of files/directories
to be excluded
items:
type: string
maxItems: 64
type: array
models:
description: Models defines the list of files/directories
to be used as a model
items:
type: string
maxItems: 64
type: array
type: object
required:
- kind
- ref
- repoURL
- schema
type: object
maxItems: 10
minItems: 1
type: array
version:
description: Version defines the version of the schema
type: string
x-kubernetes-validations:
- message: version is immutable
rule: self == oldSelf
required:
- provider
- repositories
- version
type: object
status:
description: SchemaStatus defines the observed state of Schema
properties:
conditions:
description: Conditions of the resource.
items:
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
name: targetsyncprofiles.inv.sdcio.dev
spec:
group: inv.sdcio.dev
names:
categories:
- sdc
- inv
kind: TargetSyncProfile
listKind: TargetSyncProfileList
plural: targetsyncprofiles
singular: targetsyncprofile
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TargetSyncProfile is the Schema for the TargetSyncProfile API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TargetSyncProfileSpec defines the desired state of TargetSyncProfile
properties:
buffer:
default: 0
format: int64
type: integer
x-kubernetes-validations:
- message: buffer is immutable
rule: self == oldSelf
sync:
items:
description: TargetSyncProfileSync defines the desired state of
TargetSyncProfileSync
properties:
encoding:
default: JSON_IETF
enum:
- UNKNOWN
- JSON
- JSON_IETF
- PROTO
- CONFIG
type: string
interval:
default: 60s
format: duration
type: string
mode:
default: get
enum:
- unknown
- onChange
- sample
- once
- get
type: string
name:
type: string
paths:
items:
type: string
maxItems: 10
type: array
port:
default: 57400
description: Port defines the port on which the scan runs
type: integer
protocol:
default: gnmi
enum:
- unknown
- gnmi
- netconf
- noop
type: string
required:
- mode
- name
- paths
- port
- protocol
type: object
maxItems: 10
type: array
x-kubernetes-validations:
- message: sync may only be added
rule: oldSelf.all(x, x in self)
validate:
default: true
type: boolean
x-kubernetes-validations:
- message: validate is immutable
rule: self == oldSelf
workers:
default: 10
format: int64
type: integer
x-kubernetes-validations:
- message: workers is immutable
rule: self == oldSelf
type: object
x-kubernetes-validations:
- message: sync is required once set
rule: '!has(oldSelf.sync) || has(self.sync)'
type: object
served: true
storage: true
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1alpha1.config.sdcio.dev
spec:
group: config.sdcio.dev
groupPriorityMinimum: 1000
insecureSkipTLSVerify: true
service:
name: config-server
namespace: network-system
port: 6443
version: v1alpha1
versionPriority: 15
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
sdcio.dev/config-server: "true"
name: config-server
namespace: network-system
spec:
replicas: 1
selector:
matchLabels:
sdcio.dev/config-server: "true"
strategy:
type: Recreate
template:
metadata:
labels:
sdcio.dev/config-server: "true"
sdcio.dev/data-server: "true"
spec:
containers:
- args:
- --tls-cert-file=/apiserver.local.config/certificates/tls.crt
- --tls-private-key-file=/apiserver.local.config/certificates/tls.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
- --secure-port=6443
command:
- /app/config-server
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: ENABLE_TARGETDATASTORE
value: "true"
- name: ENABLE_TARGETCONFIGSERVER
value: "true"
- name: ENABLE_DISCOVERYRULE
value: "true"
- name: ENABLE_SCHEMA
value: "true"
- name: ENABLE_CONFIG
value: "true"
- name: ENABLE_CONFIGSET
value: "true"
image: ghcr.io/sdcio/config-server:v0.0.41
imagePullPolicy: Always
name: config-server
ports:
- containerPort: 6443
name: api-service
volumeMounts:
- mountPath: /apiserver.local.config/certificates
name: apiserver-certs
readOnly: true
- mountPath: /config
name: config-store
- mountPath: /schemas
name: schema-store
- args:
- --config=/config/data-server.yaml
command:
- /app/data-server
image: ghcr.io/sdcio/data-server:v0.0.44
imagePullPolicy: Always
name: data-server
volumeMounts:
- mountPath: /config
name: data-server-config
- mountPath: /cached/caches
name: cache
- mountPath: /schemas
name: schema-store
- mountPath: /schemadb
name: schema-db
securityContext:
fsGroup: 10000
runAsGroup: 10000
runAsUser: 10000
serviceAccountName: config-server
volumes:
- configMap:
name: data-server
name: data-server-config
- name: apiserver-certs
secret:
secretName: config-server-cert
- emptyDir:
sizeLimit: 10Gi
name: cache
- name: config-store
persistentVolumeClaim:
claimName: pvc-config-store
- name: schema-store
persistentVolumeClaim:
claimName: pvc-schema-store
- name: schema-db
persistentVolumeClaim:
claimName: pvc-schema-db
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: config-server-clusterrole
rules:
- apiGroups:
- ""
resources:
- namespaces
- secrets
- services
- pods
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
- validatingadmissionpolicies
- validatingadmissionpolicybindings
verbs:
- get
- watch
- list
- apiGroups:
- flowcontrol.apiserver.k8s.io
resources:
- flowschemas
- prioritylevelconfigurations
verbs:
- get
- watch
- list
- apiGroups:
- config.sdcio.dev
resources:
- configs
- configs/status
verbs:
- get
- watch
- list
- create
- update
- patch
- delete
- apiGroups:
- config.sdcio.dev
resources:
- configsets
- configsets/status
verbs:
- get
- watch
- list
- create
- update
- patch
- delete
- apiGroups:
- config.sdcio.dev
resources:
- unmanagedconfigs
- unmanagedconfigs/status
verbs:
- get
- watch
- list
- create
- update
- patch
- delete
- apiGroups:
- inv.sdcio.dev
resources:
- targets
- targets/status
verbs:
- get
- watch
- list
- create
- update
- patch
- delete
- apiGroups:
- inv.sdcio.dev
resources:
- targetconnectionprofiles
- targetsyncprofiles
verbs:
- get
- watch
- list
- apiGroups:
- inv.sdcio.dev
resources:
- discoveryrules
- discoveryrules/status
verbs:
- get
- watch
- list
- create
- update
- patch
- delete
- apiGroups:
- inv.sdcio.dev
resources:
- schemas
- schemas/status
verbs:
- get
- watch
- list
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- watch
- list
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: config-server-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: config-server-clusterrole
subjects:
- kind: ServiceAccount
name: config-server
namespace: network-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: config:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: config-server
namespace: network-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: aggregated-apiserver-role
namespace: network-system
rules:
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: config-server-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: config-server-clusterrole
subjects:
- kind: ServiceAccount
name: config-server
namespace: network-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: config-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: config-server
namespace: network-system
---
apiVersion: v1
data:
data-server.yaml: "grpc-server:\n schema-server:\n enabled: true\n schemas-directory:
./schemas\n\n data-server:\n max-candidates: 16\n\n max-recv-msg-size: 25165824
# 24 * 1024 * 1024 (24MB)\n\ndatastores: # this specifies MAIN datastores\n\nschema-store:\n
\ # type is either memory or persistent (default)\n type: persistent\n path:
\"/schemadb\"\n\ncache: \n type: local\n store-type: badgerdb\n dir: \"/cached/caches\"\n\nprometheus:\n
\ address: \":56090\""
kind: ConfigMap
metadata:
name: data-server
namespace: network-system
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-config-store
namespace: network-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-schema-db
namespace: network-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-schema-store
namespace: network-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZekNDQWt1Z0F3SUJBZ0lJSC9mSFZHenZ3cnN3RFFZSktvWklodmNOQVFFTEJRQXdaVEVMTUFrR0ExVUUKQmhNQ2RXNHhDekFKQmdOVkJBZ01Bbk4wTVFvd0NBWURWUVFIREFGc01Rb3dDQVlEVlFRS0RBRnZNUXN3Q1FZRApWUVFMREFKdmRURWtNQ0lHQTFVRUF3d2JZbUZ6YVdNdFkyVnlkR2xtYVdOaGRHVXRZWFYwYUc5eWFYUjVNQjRYCkRUSXlNRE16TVRBNU1UYzFNMW9YRFRNeU1ETXlPREE1TVRjMU5Gb3dIREVhTUJnR0ExVUVBeE1SWW1GemFXTXUKWkdWbVlYVnNkQzV6ZG1Nd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUN0TUt0eApjc3Rjdk8rdDVMazZRQkRBZ3g1akZCL2F1dStVb3BDR2Z6VitaRW5obldpaC8xMVZ2ek44cjhmdGZuUkZGTVZ6CmJqYlVhSXNDOFc1eGJDNXNpc2VrdnVBWDlpanUzMlFybEU0RTR1UzNYREdVZkhGSFhMcWxBRU9RclUvRzQ0RGgKa0I3ajJOcDRzbk9IckF0aDA3TStvbXBmVklhSTlkQmdYY3hsUE5QRkNNamlOb1VweVM4eXNha3RQRXFjZTBpawpmNDBYVERmN1YwekFFelI0QkE4Yzh0b05UMVNnSXFIV0xueERKcnZRempDaTVFN2NMNkpmTmhlZDQ5MUVNWlEwCmVnbkV5bXd6d1Jya3BYTkZ4RHJzSXpOZmhHelB6RGJLdmFIUHh5NUwvM3h3clZ3VHllbklaOVExK0tjemtCSksKRXZIaVVKL1BML0VYZkloakFnTUJBQUdqWURCZU1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVQpCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3TFFZRFZSMFJCQ1l3SklJSmJHOWpZV3hvYjNOMGdoRmlZWE5wCll5NWtaV1poZFd4MExuTjJZNGNFZndBQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFEa1hsbGZMTlpzWDEKYmp1b0h4RXVUWitaODlMWUxPUDBMM0dHMFgwdVdkZzJFcXY1bmZNRHVRVmJIRmt5dVo3ZDlDY01QYk12MTdDWgoxZGwwQk1GQTJkTkJzK3V1UXFIUFh3RkI4SFdPSDhBc1pMMnYvbG91T3g2dU1QQk9uWUhuQ3pFY21FQXZoR2dLCkpXMDNkd2QwNlJPeUdLT29qSklFTlRnd0xnQ1dZSytPWmIzQklyMUJqS012Q2dHN3pJVDFUUVNna3hGN1NGNzUKYk5BaEdOa0NWMGVrSnNXQWk1UGhzVS9IdWthdGVHUGNMS3hia0RGdHpSV2tRNmdKUXhkZmVuOVBKTjVJVCt4RQpFci8wYUkrOFM5Y1FPUnk0VTNDSFRodmlnOGFyZ3FucmFWMU92OXZNTWxzZ3pnYXc3SjdaeGtkWWwrSkMyWUcvCjJrUThVd1IzQnc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBclRDcmNYTExYTHp2cmVTNU9rQVF3SU1lWXhRZjJycnZsS0tRaG44MWZtUko0WjFvCm9mOWRWYjh6ZksvSDdYNTBSUlRGYzI0MjFHaUxBdkZ1Y1d3dWJJckhwTDdnRi9Zbzd0OWtLNVJPQk9Ma3Qxd3gKbEh4eFIxeTZwUUJEa0sxUHh1T0E0WkFlNDlqYWVMSnpoNndMWWRPelBxSnFYMVNHaVBYUVlGM01aVHpUeFFqSQo0amFGS2Nrdk1yR3BMVHhLbkh0SXBIK05GMHczKzFkTXdCTTBlQVFQSFBMYURVOVVvQ0toMWk1OFF5YTcwTTR3Cm91Uk8zQytpWHpZWG5lUGRSREdVTkhvSnhNcHNNOEVhNUtWelJjUTY3Q016WDRSc3o4dzJ5cjJoejhjdVMvOTgKY0sxY0U4bnB5R2ZVTmZpbk01QVNTaEx4NGxDZnp5L3hGM3lJWXdJREFRQUJBb0lCQUJWWU16ajNLZU1URWdMLwpkbWljYnJRYk5NcUhOMm5Rc2loQ1pNZCt0QXdRdGg1Tk5SRUtGT20xZDlYOUlBbkFGUHBTbGdjazVUTUdjMk40CmQrRVlzUndGZXBkdVF0WVJLM2hOSmQ1TkY5UjRWakhXOWZGVDZPNGZtbzB0WENaZmhiNkFXV2p6Unl0VGxaRmMKaE9xS3BKaDQ2OVZqVlBMTXl3dmtKN3RJdENFaHl4b0t0VVhwcm45SXBLNnNUa051OTFmMVA4czJNbDd1RlVqYwpJdGhMb3JnMEYyU3RaeEJmVDJGaFRYaFZxRlRJS1pmazFGbnRpbUwyWlQrRXZzQlpnZHYwa2Z1Q2hFdE5jRW1PCnRZc2dKT3ExTWF5M2d0dlk3VDB6WkRtTTIrOVpKQ0JLcm8yV2IxdGw0RHNnaWNkR0I2SlhnTi81aklSMTNmbDUKMTRJd1hza0NnWUVBemtQb1MrTko0QkJkR3RYem5tZWVhRFFQVVU0dkF1R3YyU2VtajR3RG1KRXB6aDdoMWlQZAprVWxmYjcxZ1VMbmk0SDVkVFlyVFpwOElUaXZvM3A1bUNrV3lFV09wMmx4VUZoM3JnVWN6NWt0RUhkejl1bjNoCnFYNVJpTWlkM0Y3dWRIODdqYTdJVi9mUEFGSnlremQrWHNaZGFuT0tPK1UvV0t2ek0rSFEzUThDZ1lFQTF2TWoKdml3dnFxM0FBa0VpN2RlOUxLUE1uS1N5VE9BdHQzS2dqV1RLNU5aQUdqeWpoSGxEbjRCempSS25DWk8xY0lJZwo0Wnl1VzQrUlB5aGQreEFubzVoMVh0Ny9LYzNFaW1ucjBLU0ZmRWVza2NORFIyVHNTdCtjYTl6aFFPTFJ0TWRCCnE5OWZDeFprK1pmcEhpSzJCK0pHVExNdVJRY0tDYU43RldKTkIyMENnWUJhc2k5bGx3WjMySm9uMzZYa3BDbGEKSm5JSnpUZ01xMUlZU1VBSzVJVDhRL0ErNndOZ2xwcXBkTHJiTmtrd2xkdjEzSHFJU3gvVGd1QXpCMG01QWF0YQpudlRDZ3JGQUM5TUplcFNBWHQrcVJyUW44WEU3M0hncWdCbTM3SWJGVEpUTGN0cXIzUXZJNm5VQjdqN2xEc1NwClJjM3pyZVE5bS9yenNZQVo4eFJVN3dLQmdRQ0JYTjg4Q3JlOVRzaHFFdTJFbXZ4ZEswOXZUcWVJSUxzaTFyZk4Kb01XREozWjQwOW5OVm5YZVBwNU1YdGRzcWhyZVZWS1l0WVV4MFp1bW1STEdrSmhxbXN5NGhoaW0vaEcxQTc1SwpXVm1FekZZTmU2aTRCUU00cEk4dFUwZTFsMHlDTWhGUjhTTHdOMUFaN3RUN3NBUkJobXFzcW9IRVJWSkRMc0phCndraDltUUtCZ0NYR2xoZzY4aVMzMldmSWVtYUFRMTJpNFRUUk1FNWppTFl0ZlkyREJTMDBWV3NxY0l1OEFUWm0KVHVoZHBRVG9mKzE3LzFyU0cyYnFaWFA2L0h3ak14OTVIdWlXbjVKSjA3RTduOUVCUDlkQTY0K0lHdWlvd0h5RAo2a3g3VVhuTUtTYXdiV2JxZ1JGZTFOZEdLbkh0ZE5GOGxndEdjdytxUTk3YkIreXFreXMxCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
kind: Secret
metadata:
labels:
sdcio.dev/config-server: "true"
name: config-server-cert
namespace: network-system
type: kubernetes.io/tls
---
apiVersion: v1
kind: Service
metadata:
labels:
sdcio.dev/config-server: "true"
name: config-server
namespace: network-system
spec:
ports:
- name: api-service
port: 6443
targetPort: api-service
selector:
sdcio.dev/config-server: "true"
---
apiVersion: v1
kind: Service
metadata:
labels:
sdcio.dev/config-server: "true"
name: data-server
namespace: network-system
spec:
ports:
- port: 56000
protocol: TCP
targetPort: 56000
selector:
sdcio.dev/data-server: "true"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: config-server
namespace: network-system
if successfull you should see a running container similar to this
output