--- apiVersion: v1 kind: List items: - apiVersion: v1 kind: ServiceAccount metadata: name: weave-net labels: name: weave-net namespace: {{ system_namespace }} - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: weave-net labels: name: weave-net namespace: {{ system_namespace }} rules: - apiGroups: - '' resources: - pods - namespaces - nodes verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - get - list - watch - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: weave-net labels: name: weave-net namespace: {{ system_namespace }} roleRef: kind: ClusterRole name: weave-net apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: weave-net namespace: {{ system_namespace }} - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: weave-net labels: name: weave-net namespace: {{ system_namespace }} rules: - apiGroups: - '' resourceNames: - weave-net resources: - configmaps verbs: - get - update - apiGroups: - '' resources: - configmaps verbs: - create - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: weave-net labels: name: weave-net namespace: {{ system_namespace }} roleRef: kind: Role name: weave-net apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: weave-net namespace: {{ system_namespace }} - apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: weave-net labels: name: weave-net version: v{{ weave_version }} namespace: {{ system_namespace }} spec: minReadySeconds: 5 template: metadata: labels: name: weave-net spec: containers: - name: weave command: {% if weave_mode_seed == true %} - /bin/sh - -c - export EXTRA_ARGS=--name=$(cat /sys/class/net/{{ ansible_default_ipv4['interface'] }}/address) && /home/weave/launch.sh {% else %} - /home/weave/launch.sh {% endif %} env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: WEAVE_MTU value: "{{ weave_mtu }}" - name: IPALLOC_RANGE value: {{ kube_pods_subnet }} {% if weave_mode_seed == true %} - name: KUBE_PEERS value: {{ peers }} - name: IPALLOC_INIT value: seed={{ seed }} {% endif %} - name: WEAVE_PASSWORD value: {{ weave_password }} image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} livenessProbe: httpGet: host: 127.0.0.1 path: /status port: 6784 initialDelaySeconds: 30 resources: requests: cpu: {{ weave_cpu_requests }} memory: {{ weave_memory_requests }} limits: cpu: {{ weave_cpu_limits }} memory: {{ weave_memory_limits }} securityContext: privileged: true volumeMounts: - name: weavedb mountPath: /weavedb - name: cni-bin mountPath: /host/opt - name: cni-bin2 mountPath: /host/home - name: cni-conf mountPath: /host/etc - name: dbus mountPath: /host/var/lib/dbus - name: lib-modules mountPath: /lib/modules - name: xtables-lock mountPath: /run/xtables.lock - name: weave-npc args: [] env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} resources: requests: cpu: {{ weave_cpu_requests }} memory: {{ weave_memory_requests }} limits: cpu: {{ weave_cpu_limits }} memory: {{ weave_memory_limits }} securityContext: privileged: true volumeMounts: - name: xtables-lock mountPath: /run/xtables.lock hostNetwork: true hostPID: true restartPolicy: Always securityContext: seLinuxOptions: {} serviceAccountName: weave-net tolerations: - effect: NoSchedule operator: Exists volumes: - name: weavedb hostPath: path: /var/lib/weave - name: cni-bin hostPath: path: /opt - name: cni-bin2 hostPath: path: /home - name: cni-conf hostPath: path: /etc - name: dbus hostPath: path: /var/lib/dbus - name: lib-modules hostPath: path: /lib/modules - name: xtables-lock hostPath: path: /run/xtables.lock updateStrategy: rollingUpdate: maxUnavailable: {{ serial | default('20%') }} type: RollingUpdate