https://github.com/yankeguo-deprecated/enforce-qcloud-internal-lb

自动强制为 腾讯云 TKE 集群 Loadbalancer 类型的 Service 切换为内网类型的负载均衡
https://github.com/yankeguo-deprecated/enforce-qcloud-internal-lb

Last synced: about 2 months ago
JSON representation

自动强制为 腾讯云 TKE 集群 Loadbalancer 类型的 Service 切换为内网类型的负载均衡

• Host: GitHub
• URL: https://github.com/yankeguo-deprecated/enforce-qcloud-internal-lb
• Owner: yankeguo-deprecated
• License: mit
• Created: 2020-10-30T09:15:08.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2020-11-03T06:52:51.000Z (over 4 years ago)
• Last Synced: 2025-02-14T16:58:28.002Z (3 months ago)
• Language: Go
• Homepage:
• Size: 3.32 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# enforce-qcloud-internal-lb

自动强制为 腾讯云 TKE 集群 Loadbalancer 类型的 Service 切换为内网类型的负载均衡

## 使用方式

* 初始化 `admission-bootstrapper` 

  参照此文档 https://github.com/k8s-autoops/admission-bootstrapper ，完成 `admission-bootstrapper` 的初始化步骤

* 部署以下 YAML

```yaml

# create serviceaccount

apiVersion: v1

kind: ServiceAccount

metadata:

  name: enforce-qcloud-internal-lb

  namespace: autoops

---

# create clusterrole

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

  name: enforce-qcloud-internal-lb

rules:

  - apiGroups: [""]

    resources: ["namespaces"]

    verbs: ["get"]

---

# create clusterrolebinding

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: enforce-qcloud-internal-lb

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: enforce-qcloud-internal-lb

subjects:

  - kind: ServiceAccount

    name: enforce-qcloud-internal-lb

    namespace: autoops

---

# create job

apiVersion: batch/v1

kind: Job

metadata:

  name: install-enforce-qcloud-internal-lb

  namespace: autoops

spec:

  template:

    spec:

      serviceAccount: admission-bootstrapper

      containers:

        - name: admission-bootstrapper

          image: autoops/admission-bootstrapper

          env:

            - name: ADMISSION_NAME

              value: enforce-qcloud-internal-lb

            - name: ADMISSION_IMAGE

              value: autoops/enforce-qcloud-internal-lb

            - name: ADMISSION_ENVS

              value: ""

            - name: ADMISSION_SERVICE_ACCOUNT

              value: "enforce-qcloud-internal-lb"

            - name: ADMISSION_MUTATING

              value: "true"

            - name: ADMISSION_IGNORE_FAILURE

              value: "false"

            - name: ADMISSION_SIDE_EFFECT

              value: "None"

            - name: ADMISSION_RULES

              value: '[{"operations":["CREATE"],"apiGroups":[""], "apiVersions":["*"], "resources":["services"]}]'

      restartPolicy: OnFailure

```

* 为需要启用的命名空间，添加注解，指明要使用的内网

  * 指定子网 `autoops.enforce-qcloud-internal-lb/subnet=subnet-xxxxxx`

  * 开启直连 `autoops.enforce-qcloud-internal-lb/direct=true`

  

  **可以配合 `enforce-ns-annotations` 自动为新命名空间启用此注解**

## Credits

Guo Y.K., MIT License