apiVersion: apps/v1 kind: Deployment metadata: name: calico-kube-controllers namespace: kube-system labels: k8s-app: calico-kube-controllers spec: replicas: 1 strategy: type: Recreate selector: matchLabels: k8s-app: calico-kube-controllers template: metadata: name: calico-kube-controllers namespace: kube-system labels: k8s-app: calico-kube-controllers spec: nodeSelector: {{ calico_policy_controller_deployment_nodeselector }} hostNetwork: true serviceAccountName: calico-kube-controllers tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: node-role.kubernetes.io/control-plane effect: NoSchedule {% if policy_controller_extra_tolerations is defined %} {{ policy_controller_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }} {% endif %} priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} resources: limits: cpu: {{ calico_policy_controller_cpu_limit }} memory: {{ calico_policy_controller_memory_limit }} requests: cpu: {{ calico_policy_controller_cpu_requests }} memory: {{ calico_policy_controller_memory_requests }} {% if calico_version is version('v3.19.0', '>=') %} livenessProbe: exec: command: - /usr/bin/check-status - -l periodSeconds: 10 initialDelaySeconds: 10 failureThreshold: 6 {% endif %} readinessProbe: exec: command: - /usr/bin/check-status - -r periodSeconds: 10 env: {% if calico_datastore == "kdd" %} - name: ENABLED_CONTROLLERS value: node - name: DATASTORE_TYPE value: kubernetes {% else %} - name: ETCD_ENDPOINTS value: "{{ etcd_access_addresses }}" - name: ETCD_CA_CERT_FILE value: "{{ calico_cert_dir }}/ca_cert.crt" - name: ETCD_CERT_FILE value: "{{ calico_cert_dir }}/cert.crt" - name: ETCD_KEY_FILE value: "{{ calico_cert_dir }}/key.pem" volumeMounts: - mountPath: {{ calico_cert_dir }} name: etcd-certs readOnly: true volumes: - hostPath: path: {{ calico_cert_dir }} name: etcd-certs {% endif %}