C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update weave template to match source for 2.8.1 (#8013)

Browse source
This commit is contained in:
Frank Filippone 2021-09-29 02:16:43 +10:00 committed by GitHub
parent 8d3961edbe
commit eee2eb11d8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
roles/network_plugin/weave/templates/weave-net.yml.j2
View file

@ -27,7 +27,7 @@ items:
- list - list
- watch - watch
- apiGroups: - apiGroups:
- networking.k8s.io - extensions
resources: resources:
- networkpolicies - networkpolicies
verbs: verbs:
@ -35,20 +35,20 @@ items:
- list - list
- watch - watch
- apiGroups: - apiGroups:
- '' - 'networking.k8s.io'
resources: resources:
- nodes/status - networkpolicies
verbs: verbs:
- patch - get
- update - list
- watch
- apiGroups: - apiGroups:
- policy - ''
resourceNames:
- privileged
resources: resources:
- podsecuritypolicies - nodes/status
verbs: verbs:
- use - patch
- update
- apiVersion: rbac.authorization.k8s.io/v1 - apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@ -67,16 +67,16 @@ items:
kind: Role kind: Role
metadata: metadata:
name: weave-net name: weave-net
namespace: kube-system
labels: labels:
name: weave-net name: weave-net
namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- '' - ''
resourceNames:
- weave-net
resources: resources:
- configmaps - configmaps
resourceNames:
- weave-net
verbs: verbs:
- get - get
- update - update
@ -90,9 +90,9 @@ items:
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: weave-net name: weave-net
namespace: kube-system
labels: labels:
name: weave-net name: weave-net
namespace: kube-system
roleRef: roleRef:
kind: Role kind: Role
name: weave-net name: weave-net
@ -109,16 +109,16 @@ items:
name: weave-net name: weave-net
namespace: kube-system namespace: kube-system
spec: spec:
minReadySeconds: 5 # Wait 5 seconds to let pod connect before rolling next pod
selector: selector:
matchLabels: matchLabels:
name: weave-net name: weave-net
minReadySeconds: 5
template: template:
metadata: metadata:
labels: labels:
name: weave-net name: weave-net
spec: spec:
priorityClassName: system-node-critical
initContainers: initContainers:
- name: weave-init - name: weave-init
image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
@ -217,6 +217,9 @@ items:
- name: dbus - name: dbus
mountPath: /host/var/lib/dbus mountPath: /host/var/lib/dbus
readOnly: true readOnly: true
- mountPath: /host/etc/machine-id
name: cni-machine-id
readOnly: true
- name: xtables-lock - name: xtables-lock
mountPath: /run/xtables.lock mountPath: /run/xtables.lock
readOnly: false readOnly: false
@ -246,7 +249,10 @@ items:
seLinuxOptions: {} seLinuxOptions: {}
serviceAccountName: weave-net serviceAccountName: weave-net
tolerations: tolerations:
- operator: Exists - effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
volumes: volumes:
- name: weavedb - name: weavedb
hostPath: hostPath:
@ -260,6 +266,9 @@ items:
- name: cni-conf - name: cni-conf
hostPath: hostPath:
path: /etc path: /etc
- name: cni-machine-id
hostPath:
path: /etc/machine-id
- name: dbus - name: dbus
hostPath: hostPath:
path: /var/lib/dbus path: /var/lib/dbus
@ -270,6 +279,7 @@ items:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
priorityClassName: system-node-critical
updateStrategy: updateStrategy:
rollingUpdate: rollingUpdate:
maxUnavailable: {{ serial | default('20%') }} maxUnavailable: {{ serial | default('20%') }}