--- kind: DaemonSet apiVersion: apps/v1 metadata: name: contiv-netmaster namespace: kube-system labels: k8s-app: contiv-netmaster spec: updateStrategy: type: RollingUpdate selector: matchLabels: k8s-app: contiv-netmaster template: metadata: name: contiv-netmaster namespace: kube-system labels: k8s-app: contiv-netmaster spec: priorityClassName: system-node-critical # The netmaster must run in the host network namespace so that # it isn't governed by policy that would prevent it from working. hostNetwork: true dnsPolicy: ClusterFirstWithHostNet hostPID: true nodeSelector: node-role.kubernetes.io/master: "" tolerations: - operator: Exists serviceAccountName: contiv-netmaster containers: - name: contiv-netmaster image: {{ contiv_image_repo }}:{{ contiv_image_tag }} env: - name: CONTIV_ROLE value: netmaster - name: CONTIV_NETMASTER_MODE value: kubernetes - name: CONTIV_NETMASTER_ETCD_ENDPOINTS valueFrom: configMapKeyRef: name: contiv-config key: contiv_etcd - name: CONTIV_NETMASTER_FORWARD_MODE valueFrom: configMapKeyRef: name: contiv-config key: contiv_fwdmode - name: CONTIV_NETMASTER_NET_MODE valueFrom: configMapKeyRef: name: contiv-config key: contiv_netmode - name: CONTIV_NETMASTER_LOG_LEVEL valueFrom: configMapKeyRef: name: contiv-config key: contiv_netmaster_loglevel securityContext: privileged: true volumeMounts: - mountPath: /var/contiv name: var-contiv readOnly: false volumes: # Used by contiv-netmaster - name: var-contiv hostPath: path: /var/contiv