c12s-kubespray/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
Robert Neumann 586ad89d50 Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels (#4320)
* Fix the file path for all.yml and k8s-cluster.yml

* Fix --node-labels namespace error "unknown labels specified"

* Update templates and configs kubelet node-labels
2019-04-10 04:14:12 -07:00

63 lines
2.1 KiB
Django/Jinja

# This manifest deploys the Contiv API Proxy Server on Kubernetes.
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contiv-api-proxy
namespace: kube-system
labels:
k8s-app: contiv-api-proxy
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
name: contiv-api-proxy
namespace: kube-system
labels:
k8s-app: contiv-api-proxy
spec:
{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-node-critical
{% endif %}
# The API proxy must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
hostPID: true
nodeSelector:
node.kubernetes.io/master: ""
tolerations:
- operator: Exists
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
- key: CriticalAddonsOnly
operator: "Exists"
serviceAccountName: contiv-netmaster
containers:
- name: contiv-api-proxy
image: {{ contiv_auth_proxy_image_repo }}:{{ contiv_auth_proxy_image_tag }}
args:
- --listen-address=0.0.0.0:{{ contiv_api_proxy_port }}
- --tls-key-file=/var/contiv/auth_proxy_key.pem
- --tls-certificate=/var/contiv/auth_proxy_cert.pem
- --data-store-driver=$(STORE_DRIVER)
- --data-store-address=$(CONTIV_ETCD)
- --netmaster-address=127.0.0.1:{{ contiv_netmaster_port }}
env:
- name: NO_NETMASTER_STARTUP_CHECK
value: "0"
- name: STORE_DRIVER
value: etcd
- name: CONTIV_ETCD
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_etcd
securityContext:
privileged: false
volumeMounts:
- mountPath: /var/contiv
name: var-contiv
readOnly: false
volumes:
- name: var-contiv
hostPath:
path: /var/contiv