[stable/magic-ip-address] static IP addresses for node-local services (…

…helm#6048) This chart is manually verified to work with the steps described in the README. Signed-off-by: Yusuke KUOKA <[email protected]>
agolo · Oct 31, 2018 · 2c00ce1 · 2c00ce1
1 parent 13d1743
commit 2c00ce1
Show file tree

Hide file tree

Showing 12 changed files with 285 additions and 0 deletions.
diff --git a/stable/magic-ip-address/.helmignore b/stable/magic-ip-address/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/stable/magic-ip-address/Chart.yaml b/stable/magic-ip-address/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+description: A Helm chart to assign static IP addresses for node-local services
+name: magic-ip-address
+version: 0.1.0
+appVersion: 0.9.0
+home: https://github.com/mumoshu/kube-magic-ip-address
+sources:
+- https://github.com/mumoshu/kube-magic-ip-address
+maintainers:
+- name: mumoshu
+  email: [email protected]
diff --git a/stable/magic-ip-address/OWNERS b/stable/magic-ip-address/OWNERS
@@ -0,0 +1,4 @@
+approvers:
+- mumoshu
+reviewers:
+- mumoshu
diff --git a/stable/magic-ip-address/README.md b/stable/magic-ip-address/README.md
@@ -0,0 +1,39 @@
+# magic-ip-address
+
+[magic-ip-address](https://github.com/mumoshu/kube-magic-ip-address)  is a Kubernetes daemonset to implement [magic IP addresses](https://github.com/kubernetes/kubernetes/issues/15169#issuecomment-231267078), that are useful to serve [node-local services](https://github.com/kubernetes/kubernetes/issues/28610).
+
+Magic IP addresses are static IP addresses that are well-known in your cluster. They are typically assigned to daemonset pods, so that the pods are accessible from other consumer pods that are collocated on the same nodes.
+
+Under the hood, `magic-ip-address` periodically polls the Kubernetes API to find one of targeted daemonset pods that are collocated on the same node as the `magic-ip-address` pod, by matching the pod selector. The targeted daemonset pods are assigned the magic IP address like `169.254.210.210`, which can then be accessed by other pods.
+
+One of typical use-cases of this project is to connect your applicaton pod to a Datadog's dd-agent, dd-zipkin, Elastic's apm-server, [zipkin-gcp](https://github.com/openzipkin/zipkin-gcp)  agent pods. From your application, just point your tracer to the collector endpoint `169.254.210.210`. netfiler/iptables will redirect packets to the agent pod on the same node according to pod selector you've provided.
+
+A possible alternative to use `magic-ip-address` is to use the downward API to obtain the IP address of the node, while running the agent pod with `hostNetwork: true`. However, it has two downsides. One is that you have to open up your network to allow pods to directly access the nodes running them, which results in a extra attack surface. Another alternative would be to use a deployment, which means that you're giving up adding a meaningful node-related metadata(node's ip address, name, namespace, and labels that your application pod is running on) to the traces collected by the agents.
+
+In contrast to the two alternatives, `magic-ip-address` allows you add meaningful node metadata to your application traces, without exposing the agent pods via the host network.
+
+## Prerequisites
+
+- Kubernetes 1.9+
+
+## Usage
+
+For example, to make [`elastic/apm-server`](https://github.com/elastic/apm-server) pod running on the same node to be accessible via `169.254.210.210`, install this chart by:
+
+```
+$ helm upgrade 169-254-210-210 stable/magic-ip-address --set config.ipAddress=169.254.210.210 --set config.port=9200 --set config.selector=app=apm-server --namespace kube-system --install
+```
+
+It is recommended to name the helm release according to the magic IP address, while replacing every dot with hyphen, so that it is clear that which address the magic-ip-address pod is serving:
+
+```
+$ helm list
+NAME           	REVISION	UPDATED                 	STATUS  	CHART                 	NAMESPACE
+169-254-210-210	1       	Mon Jun 11 22:51:10 2018	DEPLOYED	magic-ip-address-0.1.0	kube-system
+```
+
+```
+$ kubectl get po -n kube-system
+NAME                                     READY     STATUS    RESTARTS   AGE
+169-254-210-210-magic-ip-address-25h47   1/1       Running   0          19s
+```
diff --git a/stable/magic-ip-address/templates/NOTES.txt b/stable/magic-ip-address/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that magic-ip-address has started, run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "magic-ip-address.name" . }},release={{ .Release.Name }}"
diff --git a/stable/magic-ip-address/templates/_helpers.tpl b/stable/magic-ip-address/templates/_helpers.tpl
@@ -0,0 +1,43 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "magic-ip-address.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "magic-ip-address.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "magic-ip-address.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "magic-ip-address.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "magic-ip-address.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/stable/magic-ip-address/templates/clusterrole.yaml b/stable/magic-ip-address/templates/clusterrole.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "magic-ip-address.fullname" . }}
+  labels:
+    app: {{ template "magic-ip-address.name" . }}
+    chart: {{ template "magic-ip-address.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources:
+  - namespaces
+  - pods
+  verbs: ["get", "list"]
+{{- end -}}
diff --git a/stable/magic-ip-address/templates/clusterrolebinding.yaml b/stable/magic-ip-address/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "magic-ip-address.fullname" . }}
+  labels:
+    app: {{ template "magic-ip-address.name" . }}
+    chart: {{ template "magic-ip-address.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "magic-ip-address.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "magic-ip-address.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/stable/magic-ip-address/templates/daemonset.yaml b/stable/magic-ip-address/templates/daemonset.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1beta2
+kind: DaemonSet
+metadata:
+  name: {{ template "magic-ip-address.fullname" . }}
+  labels:
+    app: {{ template "magic-ip-address.name" . }}
+    chart: {{ template "magic-ip-address.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "magic-ip-address.name" . }}
+      release: {{ .Release.Name }}
+  minReadySeconds: 10
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+        app: {{ template "magic-ip-address.name" . }}
+        release: {{ .Release.Name }}
+      annotations:
+        checksum/secret: {{ toYaml .Values.config | sha256sum }}
+    spec:
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        envFrom:
+        - secretRef:
+            name: {{ template "magic-ip-address.fullname" . }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        securityContext:
+          runAsUser: 0
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+      terminationGracePeriodSeconds: 60
+      serviceAccountName: {{ template "magic-ip-address.serviceAccountName" . }}
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
diff --git a/stable/magic-ip-address/templates/secret.yaml b/stable/magic-ip-address/templates/secret.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "magic-ip-address.fullname" . }}
+  labels:
+    app: {{ template "magic-ip-address.name" . }}
+    chart: {{ template "magic-ip-address.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+  PORT: {{ printf "%d" .Values.config.port | b64enc }}
+  SELECTOR: {{ .Values.config.selector | b64enc }}
+  PROTOCOL: {{ .Values.config.protocol | b64enc }}
+  MAGIC_IP: {{ .Values.config.ipAddress | b64enc }}
+  HOST_INTERFACE: {{ .Values.config.hostInterface | b64enc }}
+  verbose: {{ printf "%v" .Values.config.verbose | b64enc }}
+{{- range $key, $value := .Values.extraVars }}
+  {{ $key }}: {{ $value | quote }}
+{{- end }}
diff --git a/stable/magic-ip-address/templates/serviceaccount.yaml b/stable/magic-ip-address/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "magic-ip-address.serviceAccountName" . }}
+  labels:
+    app: {{ template "magic-ip-address.name" . }}
+    chart: {{ template "magic-ip-address.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- end -}}
diff --git a/stable/magic-ip-address/values.yaml b/stable/magic-ip-address/values.yaml
@@ -0,0 +1,40 @@
+image:
+  repository: mumoshu/kube-magic-ip-assigner
+  tag: 0.9.0-1.9.8
+  pullPolicy: IfNotPresent
+
+config:
+  ipAddress: 169.254.210.210
+  selector: app=myapp
+  hostInterface: cni0
+  port: 9200
+  protocol: tcp
+  verbose:
+  pollInterval: 5
+
+# A map of additional environment variables
+extraVars: {}
+  # test1: "test2"
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 200Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 100Mi
+
+rbac:
+  # Specifies whether RBAC resources should be created
+  create: true
+
+serviceAccount:
+  # Specifies whether a ServiceAccount should be created
+  create: true
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		To verify that magic-ip-address has started, run:

		kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "magic-ip-address.name" . }},release={{ .Release.Name }}"