Updating the README with proper instructions related to configuring t…

…he CNI.
nokia · May 27, 2019 · 0614dcd · 0614dcd
1 parent 0d8c8cb
commit 0614dcd
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -157,10 +157,19 @@ The method of deploying the whole DANM suite into a Kubernetes cluster is the fo
 kubectl create -f integration/crds/
 ```
 **2. Put a valid CNI config file into the CNI configuration directory of all your kubelet nodes' (by default it is /etc/cni/net.d/) based on:**
-[cniconfig](https://github.com/nokia/danm/tree/master/integration/cni_config/00-danm.conf)
-The parameter "kubeconfig" is mandatory, and shall point to a valid kubeconfig file.
+
+[Example CNI config file](https://github.com/nokia/danm/tree/master/integration/cni_config/00-danm.conf)
+
 As kubelet considers the first .conf file in the configured directory as the valid CNI config of the cluster, it is generally a good idea to prefix the .conf file of any CNI metaplugin with "00".
-Make sure to configure the optional DANM configuration parameters to match your environment! 
+Make sure to configure the optional DANM configuration parameters to match your environment!
+The parameter "kubeconfig" is mandatory, and shall point to a valid kubeconfig file.
+You can find an example file here:
+
+[Example kubeconf file](https://github.com/nokia/danm/tree/master/integration/cni_config/example_kubeconfig.yaml)
+
+Don't forget to also provision the necessary RBAC rules so DANM can do its job:
+
+[RBAC rules](https://github.com/nokia/danm/tree/master/integration/cni_config/danm_rbac.yaml)
 
 **3. Copy the "danm" binary into the configured CNI plugin directory of all your kubelet nodes' (by default it is /opt/cni/bin/):**
 ```

diff --git a/integration/cni_config/danm_rbac.yaml b/integration/cni_config/danm_rbac.yaml
@@ -0,0 +1,28 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: caas:danm
+rules:
+  - apiGroups:
+    - danm.k8s.io
+    resources:
+    - danmnets
+    - danmeps
+    verbs: [ "*" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get","watch","list"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: caas:danm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: caas:danm
+subjects:
+  - kind: User
+    apiGroup: rbac.authorization.k8s.io
+    name: danm
diff --git a/integration/cni_config/example_kubeconfig.yaml b/integration/cni_config/example_kubeconfig.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: <BASE64_ENCODED_CA_CERT>
+    server: https://10.254.0.1:443
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: danm
+  name: default
+current-context: default
+kind: Config
+preferences: {}
+users:
+- name: danm
+  user:
+    client-certificate-data: <BASE64_ENCODED_CLIENT_CERT>
+    client-key-data: <BASE64_ENCODED_CLIENT_KEY>