forked from r-caamano/zfw
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9180ed8
commit 30458a5
Showing
16 changed files
with
912 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| .idea/ |
19 changes: 19 additions & 0 deletions
19
files/k8s/deployments/diverter-bytecode-deployment-dns.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| apiVersion: bpfd.dev/v1alpha1 | ||
| kind: XdpProgram | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: xdpprogram | ||
| name: zfw-xdp-dns | ||
| spec: | ||
| bpffunctionname: xdp_filter | ||
| # Select all nodes | ||
| nodeselector: {} | ||
| interfaceselector: | ||
| interfaces: | ||
| - vethbe56455e | ||
| priority: 1 | ||
| proceedon: [pass,dispatcher_return] | ||
| bytecode: | ||
| image: | ||
| url: docker.io/elblag91/zfw-tc-ingress-bytecode:dns | ||
| imagepullpolicy: Always |
141 changes: 141 additions & 0 deletions
141
files/k8s/deployments/diverter-bytecode-deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,141 @@ | ||
| apiVersion: bpfd.dev/v1alpha1 | ||
| kind: TcProgram | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tcprogram | ||
| name: zfw-tc-ingress-tproxy0 | ||
| spec: | ||
| bpffunctionname: tproxy0 | ||
| # Select all nodes | ||
| nodeselector: {} | ||
| interfaceselector: | ||
| interfaces: | ||
| - veth1b4ff726 | ||
| priority: 1 | ||
| direction: ingress | ||
| proceedon: [pipe,dispatcher_return] | ||
| bytecode: | ||
| image: | ||
| url: docker.io/elblag91/zfw-tc-ingress-bytecode:tproxy0 | ||
| imagepullpolicy: Always | ||
| mapownerselector: | ||
| matchLabels: | ||
| bpfd.dev/ownedByProgram: zfw-tc-ingress-tproxy5 | ||
| --- | ||
| apiVersion: bpfd.dev/v1alpha1 | ||
| kind: TcProgram | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tcprogram | ||
| name: zfw-tc-ingress-tproxy1 | ||
| spec: | ||
| bpffunctionname: tproxy1 | ||
| # Select all nodes | ||
| nodeselector: {} | ||
| interfaceselector: | ||
| interfaces: | ||
| - veth1b4ff726 | ||
| priority: 3 | ||
| direction: ingress | ||
| proceedon: [pipe,dispatcher_return] | ||
| bytecode: | ||
| image: | ||
| url: docker.io/elblag91/zfw-tc-ingress-bytecode:tproxy1 | ||
| imagepullpolicy: Always | ||
| mapownerselector: | ||
| matchLabels: | ||
| bpfd.dev/ownedByProgram: zfw-tc-ingress-tproxy5 | ||
| --- | ||
| apiVersion: bpfd.dev/v1alpha1 | ||
| kind: TcProgram | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tcprogram | ||
| name: zfw-tc-ingress-tproxy2 | ||
| spec: | ||
| bpffunctionname: tproxy2 | ||
| # Select all nodes | ||
| nodeselector: {} | ||
| interfaceselector: | ||
| interfaces: | ||
| - veth1b4ff726 | ||
| priority: 5 | ||
| direction: ingress | ||
| proceedon: [pipe,dispatcher_return] | ||
| bytecode: | ||
| image: | ||
| url: docker.io/elblag91/zfw-tc-ingress-bytecode:tproxy2 | ||
| imagepullpolicy: Always | ||
| mapownerselector: | ||
| matchLabels: | ||
| bpfd.dev/ownedByProgram: zfw-tc-ingress-tproxy5 | ||
| --- | ||
| apiVersion: bpfd.dev/v1alpha1 | ||
| kind: TcProgram | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tcprogram | ||
| name: zfw-tc-ingress-tproxy3 | ||
| spec: | ||
| bpffunctionname: tproxy3 | ||
| # Select all nodes | ||
| nodeselector: {} | ||
| interfaceselector: | ||
| interfaces: | ||
| - veth1b4ff726 | ||
| priority: 7 | ||
| direction: ingress | ||
| proceedon: [pipe,dispatcher_return] | ||
| bytecode: | ||
| image: | ||
| url: docker.io/elblag91/zfw-tc-ingress-bytecode:tproxy3 | ||
| imagepullpolicy: Always | ||
| mapownerselector: | ||
| matchLabels: | ||
| bpfd.dev/ownedByProgram: zfw-tc-ingress-tproxy5 | ||
| --- | ||
| apiVersion: bpfd.dev/v1alpha1 | ||
| kind: TcProgram | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tcprogram | ||
| name: zfw-tc-ingress-tproxy4 | ||
| spec: | ||
| bpffunctionname: tproxy4 | ||
| # Select all nodes | ||
| nodeselector: {} | ||
| interfaceselector: | ||
| interfaces: | ||
| - veth1b4ff726 | ||
| priority: 9 | ||
| direction: ingress | ||
| proceedon: [pipe,dispatcher_return] | ||
| bytecode: | ||
| image: | ||
| url: docker.io/elblag91/zfw-tc-ingress-bytecode:tproxy4 | ||
| imagepullpolicy: Always | ||
| mapownerselector: | ||
| matchLabels: | ||
| bpfd.dev/ownedByProgram: zfw-tc-ingress-tproxy5 | ||
| --- | ||
| apiVersion: bpfd.dev/v1alpha1 | ||
| kind: TcProgram | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tcprogram | ||
| name: zfw-tc-ingress-tproxy5 | ||
| spec: | ||
| bpffunctionname: tproxy5 | ||
| # Select all nodes | ||
| nodeselector: {} | ||
| interfaceselector: | ||
| interfaces: | ||
| - veth1b4ff726 | ||
| priority: 11 | ||
| direction: ingress | ||
| proceedon: [pipe,dispatcher_return] | ||
| bytecode: | ||
| image: | ||
| url: docker.io/elblag91/zfw-tc-ingress-bytecode:tproxy5 | ||
| imagepullpolicy: Always | ||
|
|
119 changes: 119 additions & 0 deletions
119
files/k8s/deployments/diverter-user-deployment copy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,119 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: ziti | ||
| --- | ||
| # apiVersion: v1 | ||
| # kind: ConfigMap | ||
| # metadata: | ||
| # name: zfw-bin | ||
| # namespace: ziti | ||
| # binaryData: | ||
| # #kubectl create configmap zfw-bin -n ziti --from-file=./zfw | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: kind-router01-sa | ||
| namespace: ziti | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRoleBinding | ||
| metadata: | ||
| name: privileged-scc-tc | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: system:openshift:scc:privileged | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: kind-router01 | ||
| namespace: ziti | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRoleBinding | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: clusterrolebinding | ||
| app.kubernetes.io/component: rbac | ||
| app.kubernetes.io/created-by: kind-router01 | ||
| app.kubernetes.io/part-of: kind-router01 | ||
| app.kubernetes.io/managed-by: kind-router01 | ||
| name: bpfd-app-rolebinding-go-tc-counter | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: bpfd-bpfprogram-viewer-role | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: kind-router01-sa | ||
| namespace: ziti | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: StatefulSet | ||
| metadata: | ||
| name: kind-router01-ds | ||
| namespace: ziti | ||
| labels: | ||
| k8s-app: kind-router01 | ||
| spec: | ||
| selector: | ||
| matchLabels: | ||
| name: kind-router01 | ||
| replicas: 1 | ||
| template: | ||
| metadata: | ||
| labels: | ||
| name: kind-router01 | ||
| spec: | ||
| nodeSelector: {} | ||
| hostNetwork: true | ||
| # hostNetwork: true | ||
| dnsPolicy: None | ||
| dnsConfig: | ||
| nameservers: | ||
| - 127.0.0.1 | ||
| - 1.1.1.1 | ||
| serviceAccountName: kind-router01-sa | ||
| tolerations: | ||
| # these tolerations are to have the daemonset runnable on control plane nodes | ||
| # remove them if your control plane nodes should not run pods | ||
| - key: node-role.kubernetes.io/control-plane | ||
| operator: Exists | ||
| effect: NoSchedule | ||
| - key: node-role.kubernetes.io/master | ||
| operator: Exists | ||
| effect: NoSchedule | ||
| containers: | ||
| - name: kind-router01 | ||
| image: elblag91/openziti-router | ||
| imagePullPolicy: Always | ||
| command: ["/bin/sh"] | ||
| args: ["-c", "while true; do echo hello; sleep 10;done"] | ||
| securityContext: | ||
| capabilities: | ||
| add: | ||
| - NET_ADMIN | ||
| env: | ||
| - name: NODENAME | ||
| valueFrom: | ||
| fieldRef: | ||
| fieldPath: spec.nodeName | ||
| volumeMounts: | ||
| - name: kind-router01-maps | ||
| mountPath: /run/tc/maps | ||
| - name: kind-router01-zfw | ||
| mountPath: /usr/local/bin/zfw | ||
| readOnly: true | ||
| volumes: | ||
| - name: kind-router01-maps | ||
| csi: | ||
| driver: csi.bpfd.dev | ||
| volumeAttributes: | ||
| csi.bpfd.dev/program: zfw-tc-ingress-tproxy5 | ||
| csi.bpfd.dev/maps: tc_stats_map | ||
| - name: kind-router01-zfw | ||
| configMap: | ||
| name: zfw-bin | ||
| defaultMode: 493 |
Oops, something went wrong.