c12s-kubespray/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
Cédric de Saint Martin 53d87e53c5 All CNIs: support ANY toleration. (#3391)
Before, Nodes tainted with NoExecute policy did not have calico/weave Pod.
Network pod should run on all nodes whatever happens on a specific node.

Also always set the Pods to be critical.
Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
2018-09-27 05:28:54 -07:00

135 lines
4.4 KiB
Django/Jinja

---
# This manifest installs contiv-netplugin container, as well
# as the Contiv CNI plugins and network config on
# each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-netplugin
namespace: kube-system
labels:
k8s-app: contiv-netplugin
spec:
selector:
matchLabels:
k8s-app: contiv-netplugin
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
k8s-app: contiv-netplugin
annotations:
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
{% if kube_version|version_compare('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
hostNetwork: true
hostPID: true
tolerations:
- operator: Exists
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
- key: CriticalAddonsOnly
operator: "Exists"
serviceAccountName: contiv-netplugin
initContainers:
- name: contiv-netplugin-init
image: {{ contiv_init_image_repo }}:{{ contiv_init_image_tag }}
env:
- name: CONTIV_ROLE
value: netplugin
- name: CONTIV_MODE
value: kubernetes
- name: CONTIV_K8S_CONFIG
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_k8s_config
- name: CONTIV_CNI_CONFIG
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_cni_config
volumeMounts:
- mountPath: /var/contiv
name: var-contiv
readOnly: false
- mountPath: /etc/cni/net.d/
name: etc-cni-dir
readOnly: false
- name: contiv-cni
image: {{ contiv_image_repo }}:{{ contiv_version }}
command: ["cp", "/contiv/bin/contivk8s", "/opt/cni/bin/contivk8s"]
volumeMounts:
- mountPath: /opt/cni/bin
name: cni-bin-dir
readOnly: false
containers:
# Runs netplugin container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: contiv-netplugin
image: {{ contiv_image_repo }}:{{ contiv_image_tag }}
env:
- name: VLAN_IF
value: {{ contiv_vlan_interface }}
- name: CONTIV_NETPLUGIN_VLAN_UPLINKS
value: {{ contiv_vlan_interface }}
- name: CONTIV_NETPLUGIN_VXLAN_PORT
value: "{{ contiv_vxlan_port }}"
- name: CONTIV_ROLE
value: netplugin
- name: CONTIV_NETPLUGIN_MODE
value: kubernetes
- name: CONTIV_NETPLUGIN_VTEP_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CONTIV_NETPLUGIN_ETCD_ENDPOINTS
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_etcd
- name: CONTIV_NETPLUGIN_FORWARD_MODE
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_fwdmode
- name: CONTIV_NETPLUGIN_NET_MODE
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_netmode
- name: CONTIV_NETPLUGIN_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_netplugin_loglevel
resources:
requests:
cpu: 250m
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/run
name: var-run
readOnly: false
- mountPath: /var/contiv
name: var-contiv
readOnly: false
volumes:
# Used by contiv-netplugin
- name: var-run
hostPath:
path: /var/run
- name: var-contiv
hostPath:
path: /var/contiv
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: etc-cni-dir
hostPath:
path: /etc/cni/net.d/