225f765b56
* Upgrade kubernetes to v1.13.0 * Remove all precense of scheduler.alpha.kubernetes.io/critical-pod in templates * Fix cert dir * Use kubespray v2.8 as baseline for gitlab
64 lines
2.1 KiB
Django/Jinja
64 lines
2.1 KiB
Django/Jinja
# This manifest deploys the Contiv API Proxy Server on Kubernetes.
|
|
apiVersion: extensions/v1beta1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: contiv-api-proxy
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: contiv-api-proxy
|
|
spec:
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
name: contiv-api-proxy
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: contiv-api-proxy
|
|
spec:
|
|
{% if kube_version is version('v1.11.1', '>=') %}
|
|
priorityClassName: system-node-critical
|
|
{% endif %}
|
|
# The API proxy must run in the host network namespace so that
|
|
# it isn't governed by policy that would prevent it from working.
|
|
hostNetwork: true
|
|
hostPID: true
|
|
nodeSelector:
|
|
node-role.kubernetes.io/master: ""
|
|
tolerations:
|
|
- operator: Exists
|
|
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
|
|
- key: CriticalAddonsOnly
|
|
operator: "Exists"
|
|
serviceAccountName: contiv-netmaster
|
|
containers:
|
|
- name: contiv-api-proxy
|
|
image: {{ contiv_auth_proxy_image_repo }}:{{ contiv_auth_proxy_image_tag }}
|
|
args:
|
|
- --listen-address=0.0.0.0:{{ contiv_api_proxy_port }}
|
|
- --tls-key-file=/var/contiv/auth_proxy_key.pem
|
|
- --tls-certificate=/var/contiv/auth_proxy_cert.pem
|
|
- --data-store-driver=$(STORE_DRIVER)
|
|
- --data-store-address=$(CONTIV_ETCD)
|
|
- --netmaster-address=127.0.0.1:{{ contiv_netmaster_port }}
|
|
env:
|
|
- name: NO_NETMASTER_STARTUP_CHECK
|
|
value: "0"
|
|
- name: STORE_DRIVER
|
|
value: etcd
|
|
- name: CONTIV_ETCD
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: contiv-config
|
|
key: contiv_etcd
|
|
securityContext:
|
|
privileged: false
|
|
volumeMounts:
|
|
- mountPath: /var/contiv
|
|
name: var-contiv
|
|
readOnly: false
|
|
volumes:
|
|
- name: var-contiv
|
|
hostPath:
|
|
path: /var/contiv
|