1bd3d3a080
According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
162 lines
5.4 KiB
Django/Jinja
162 lines
5.4 KiB
Django/Jinja
---
|
|
kind: DaemonSet
|
|
apiVersion: extensions/v1beta1
|
|
metadata:
|
|
name: canal-node
|
|
labels:
|
|
k8s-app: canal-node
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: canal-node
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
|
|
labels:
|
|
k8s-app: canal-node
|
|
spec:
|
|
hostNetwork: true
|
|
volumes:
|
|
# Used by calico/node.
|
|
- name: lib-modules
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: var-run-calico
|
|
hostPath:
|
|
path: /var/run/calico
|
|
# Used to install CNI.
|
|
- name: cni-bin-dir
|
|
hostPath:
|
|
path: /opt/cni/bin
|
|
- name: cni-net-dir
|
|
hostPath:
|
|
path: /etc/cni/net.d
|
|
# Used by flannel daemon.
|
|
- name: run-flannel
|
|
hostPath:
|
|
path: /run/flannel
|
|
- name: resolv
|
|
hostPath:
|
|
path: /etc/resolv.conf
|
|
- name: "canal-certs"
|
|
hostPath:
|
|
path: "{{ canal_cert_dir }}"
|
|
containers:
|
|
# Runs the flannel daemon to enable vxlan networking between
|
|
# container hosts.
|
|
- name: flannel
|
|
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
|
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
|
env:
|
|
# Cluster name
|
|
- name: CLUSTER_NAME
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: cluster_name
|
|
# The location of the etcd cluster.
|
|
- name: FLANNELD_ETCD_ENDPOINTS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_endpoints
|
|
# The interface flannel should run on.
|
|
- name: FLANNELD_IFACE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: flanneld_iface
|
|
# Perform masquerade on traffic leaving the pod cidr.
|
|
- name: FLANNELD_IP_MASQ
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: masquerade
|
|
# Set etcd-prefix
|
|
- name: DOCKER_OPT_ETCD_PREFIX
|
|
value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
|
|
# Write the subnet.env file to the mounted directory.
|
|
- name: FLANNELD_SUBNET_FILE
|
|
value: "/run/flannel/subnet.env"
|
|
# Etcd SSL vars
|
|
- name: ETCD_CA_CERT_FILE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_cafile
|
|
- name: ETCD_CERT_FILE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_certfile
|
|
- name: ETCD_KEY_FILE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_keyfile
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network -etcd-cafile $(ETCD_CA_CERT_FILE) -etcd-certfile $(ETCD_CERT_FILE) -etcd-keyfile $(ETCD_KEY_FILE)"
|
|
ports:
|
|
- hostPort: 10253
|
|
containerPort: 10253
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- name: "resolv"
|
|
mountPath: "/etc/resolv.conf"
|
|
- name: "run-flannel"
|
|
mountPath: "/run/flannel"
|
|
- name: "canal-certs"
|
|
mountPath: "{{ canal_cert_dir }}"
|
|
readOnly: true
|
|
# Runs calico/node container on each Kubernetes node. This
|
|
# container programs network policy and local routes on each
|
|
# host.
|
|
- name: calico-node
|
|
image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
|
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
|
env:
|
|
# The location of the etcd cluster.
|
|
- name: ETCD_ENDPOINTS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_endpoints
|
|
# Disable Calico BGP. Calico is simply enforcing policy.
|
|
- name: CALICO_NETWORKING
|
|
value: "false"
|
|
# Disable file logging so `kubectl logs` works.
|
|
- name: CALICO_DISABLE_FILE_LOGGING
|
|
value: "true"
|
|
# Etcd SSL vars
|
|
- name: ETCD_CA_CERT_FILE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_cafile
|
|
- name: ETCD_CERT_FILE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_certfile
|
|
- name: ETCD_KEY_FILE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: canal-config
|
|
key: etcd_keyfile
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- mountPath: /lib/modules
|
|
name: lib-modules
|
|
readOnly: true
|
|
- mountPath: /var/run/calico
|
|
name: var-run-calico
|
|
readOnly: false
|
|
- name: "canal-certs"
|
|
mountPath: "{{ canal_cert_dir }}"
|
|
readOnly: true
|