c12s-kubespray/roles/network_plugin/weave/templates/weave-net.yml.j2
Matthew Mosesohn 6bb3463e7c Enable scheduling of critical pods and network plugins on master
Added toleration to DNS, netchecker, fluentd, canal, and
calico policy.

Also small fixes to make yamllint pass.
2017-08-24 10:41:17 +01:00

156 lines
4.3 KiB
Django/Jinja

---
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
labels:
name: weave-net
namespace: {{ system_namespace }}
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- pods
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-net
labels:
name: weave-net
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
version: {{ weave_version }}
namespace: {{ system_namespace }}
spec:
template:
metadata:
labels:
name: weave-net
spec:
containers:
- name: weave
command:
{% if weave_mode_seed == true %}
- /bin/sh
- -c
- export EXTRA_ARGS=--name=$(cat /sys/class/net/{{ ansible_default_ipv4['interface'] }}/address) && /home/weave/launch.sh
{% else %}
- /home/weave/launch.sh
{% endif %}
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: IPALLOC_RANGE
value: {{ kube_pods_subnet }}
{% if weave_mode_seed == true %}
- name: KUBE_PEERS
value: {{ peers }}
- name: IPALLOC_INIT
value: seed={{ seed }}
{% endif %}
- name: WEAVE_PASSWORD
value: {{ weave_password }}
image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
imagePullPolicy: Always
livenessProbe:
httpGet:
host: 127.0.0.1
path: /status
port: 6784
initialDelaySeconds: 30
resources:
requests:
cpu: 10m
securityContext:
privileged: true
volumeMounts:
- name: weavedb
mountPath: /weavedb
- name: cni-bin
mountPath: /host/opt
- name: cni-bin2
mountPath: /host/home
- name: cni-conf
mountPath: /host/etc
- name: dbus
mountPath: /host/var/lib/dbus
- name: lib-modules
mountPath: /lib/modules
- name: weave-npc
image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
imagePullPolicy: Always
resources:
requests:
cpu: {{ weave_cpu_requests }}
memory: {{ weave_memory_requests }}
limits:
cpu: {{ weave_cpu_limit }}
memory: {{ weave_memory_limit }}
securityContext:
privileged: true
hostNetwork: true
hostPID: true
restartPolicy: Always
securityContext:
seLinuxOptions: {}
serviceAccountName: weave-net
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: weavedb
hostPath:
path: /var/lib/weave
- name: cni-bin
hostPath:
path: /opt
- name: cni-bin2
hostPath:
path: /home
- name: cni-conf
hostPath:
path: /etc
- name: dbus
hostPath:
path: /var/lib/dbus
- name: lib-modules
hostPath:
path: /lib/modules