2 # This is a modified Calico daemonset.
3 # it is based on: https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
11 typha_service_name: "none"
12 calico_backend: "bird"
14 cni_network_config: |-
16 "name": "k8s-pod-network",
17 "cniVersion": "0.3.0",
22 "datastore_type": "kubernetes",
23 "nodename": "__KUBERNETES_NODE_NAME__",
32 "kubeconfig": "__KUBECONFIG_FILEPATH__"
38 "capabilities": {"portMappings": true}
43 apiVersion: apiextensions.k8s.io/v1beta1
44 kind: CustomResourceDefinition
46 name: felixconfigurations.crd.projectcalico.org
49 group: crd.projectcalico.org
52 kind: FelixConfiguration
53 plural: felixconfigurations
54 singular: felixconfiguration
56 apiVersion: apiextensions.k8s.io/v1beta1
57 kind: CustomResourceDefinition
59 name: ipamblocks.crd.projectcalico.org
62 group: crd.projectcalico.org
69 apiVersion: apiextensions.k8s.io/v1beta1
70 kind: CustomResourceDefinition
72 name: blockaffinities.crd.projectcalico.org
75 group: crd.projectcalico.org
79 plural: blockaffinities
80 singular: blockaffinity
82 apiVersion: apiextensions.k8s.io/v1beta1
83 kind: CustomResourceDefinition
85 name: ipamhandles.crd.projectcalico.org
88 group: crd.projectcalico.org
95 apiVersion: apiextensions.k8s.io/v1beta1
96 kind: CustomResourceDefinition
98 name: ipamconfigs.crd.projectcalico.org
101 group: crd.projectcalico.org
108 apiVersion: apiextensions.k8s.io/v1beta1
109 kind: CustomResourceDefinition
111 name: bgppeers.crd.projectcalico.org
114 group: crd.projectcalico.org
121 apiVersion: apiextensions.k8s.io/v1beta1
122 kind: CustomResourceDefinition
124 name: bgpconfigurations.crd.projectcalico.org
127 group: crd.projectcalico.org
130 kind: BGPConfiguration
131 plural: bgpconfigurations
132 singular: bgpconfiguration
134 apiVersion: apiextensions.k8s.io/v1beta1
135 kind: CustomResourceDefinition
137 name: ippools.crd.projectcalico.org
140 group: crd.projectcalico.org
147 apiVersion: apiextensions.k8s.io/v1beta1
148 kind: CustomResourceDefinition
150 name: hostendpoints.crd.projectcalico.org
153 group: crd.projectcalico.org
157 plural: hostendpoints
158 singular: hostendpoint
160 apiVersion: apiextensions.k8s.io/v1beta1
161 kind: CustomResourceDefinition
163 name: clusterinformations.crd.projectcalico.org
166 group: crd.projectcalico.org
169 kind: ClusterInformation
170 plural: clusterinformations
171 singular: clusterinformation
173 apiVersion: apiextensions.k8s.io/v1beta1
174 kind: CustomResourceDefinition
176 name: globalnetworkpolicies.crd.projectcalico.org
179 group: crd.projectcalico.org
182 kind: GlobalNetworkPolicy
183 plural: globalnetworkpolicies
184 singular: globalnetworkpolicy
186 apiVersion: apiextensions.k8s.io/v1beta1
187 kind: CustomResourceDefinition
189 name: globalnetworksets.crd.projectcalico.org
192 group: crd.projectcalico.org
195 kind: GlobalNetworkSet
196 plural: globalnetworksets
197 singular: globalnetworkset
199 apiVersion: apiextensions.k8s.io/v1beta1
200 kind: CustomResourceDefinition
202 name: networkpolicies.crd.projectcalico.org
205 group: crd.projectcalico.org
209 plural: networkpolicies
210 singular: networkpolicy
213 apiVersion: rbac.authorization.k8s.io/v1beta1
215 name: calico-kube-controllers
229 - apiGroups: ["crd.projectcalico.org"]
234 - apiGroups: ["crd.projectcalico.org"]
245 - apiGroups: ["crd.projectcalico.org"]
247 - clusterinformations
253 kind: ClusterRoleBinding
254 apiVersion: rbac.authorization.k8s.io/v1beta1
256 name: calico-kube-controllers
258 apiGroup: rbac.authorization.k8s.io
260 name: calico-kube-controllers
262 - kind: ServiceAccount
263 name: calico-kube-controllers
264 namespace: kube-system
267 apiVersion: rbac.authorization.k8s.io/v1beta1
292 - apiGroups: ["networking.k8s.io"]
311 - apiGroups: ["crd.projectcalico.org"]
314 - felixconfigurations
320 - globalnetworkpolicies
323 - clusterinformations
329 - apiGroups: ["crd.projectcalico.org"]
332 - felixconfigurations
333 - clusterinformations
344 - apiGroups: ["crd.projectcalico.org"]
351 - apiGroups: ["crd.projectcalico.org"]
362 - apiGroups: ["crd.projectcalico.org"]
367 - apiGroups: ["crd.projectcalico.org"]
372 - apiGroups: ["apps"]
378 apiVersion: rbac.authorization.k8s.io/v1beta1
379 kind: ClusterRoleBinding
383 apiGroup: rbac.authorization.k8s.io
387 - kind: ServiceAccount
389 namespace: kube-system
392 apiVersion: extensions/v1beta1
395 namespace: kube-system
411 scheduler.alpha.kubernetes.io/critical-pod: ''
414 beta.kubernetes.io/os: linux
419 - key: CriticalAddonsOnly
423 serviceAccountName: calico-node
424 terminationGracePeriodSeconds: 0
427 image: calico/cni:v3.6.1
428 command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
430 - name: KUBERNETES_NODE_NAME
433 fieldPath: spec.nodeName
434 - name: CALICO_NETWORKING_BACKEND
440 - mountPath: /var/lib/cni/networks
441 name: host-local-net-dir
442 - mountPath: /host/opt/cni/bin
445 image: calico/cni:v3.6.1
446 command: ["/install-cni.sh"]
448 - name: CNI_CONF_NAME
449 value: "10-calico.conflist"
450 - name: CNI_NETWORK_CONFIG
454 key: cni_network_config
455 - name: KUBERNETES_NODE_NAME
458 fieldPath: spec.nodeName
467 - mountPath: /host/opt/cni/bin
469 - mountPath: /host/etc/cni/net.d
473 image: calico/node:v3.6.1
475 # Use Kubernetes API as the backing datastore.
476 - name: DATASTORE_TYPE
478 # Wait for the datastore.
479 - name: WAIT_FOR_DATASTORE
481 # Set based on the k8s node name.
485 fieldPath: spec.nodeName
486 # Choose the backend to use.
487 - name: CALICO_NETWORKING_BACKEND
492 # Cluster type to identify the deployment type
495 # Auto-detect the BGP IP address.
498 - name: IP_AUTODETECTION_METHOD
499 value: "can-reach=www.google.com"
501 - name: CALICO_IPV4POOL_IPIP
503 # Set MTU for tunnel device used if ipip is enabled
504 - name: FELIX_IPINIPMTU
509 # The default IPv4 pool to create on startup if none exists. Pod IPs will be
510 # chosen from this range. Changing this value after installation will have
511 # no effect. This should fall within `--cluster-cidr`.
512 - name: CALICO_IPV4POOL_CIDR
513 value: "10.244.0.0/16"
514 # Disable file logging so `kubectl logs` works.
515 - name: CALICO_DISABLE_FILE_LOGGING
517 # Set Felix endpoint to host default action to ACCEPT.
518 - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
520 # Disable IPv6 on Kubernetes.
521 - name: FELIX_IPV6SUPPORT
523 # Set Felix logging to "info"
524 - name: FELIX_LOGSEVERITYSCREEN
526 - name: FELIX_HEALTHENABLED
539 initialDelaySeconds: 10
549 - mountPath: /lib/modules
552 - mountPath: /run/xtables.lock
555 - mountPath: /var/run/calico
558 - mountPath: /var/lib/calico
565 - name: var-run-calico
567 path: /var/run/calico
568 - name: var-lib-calico
570 path: /var/lib/calico
573 path: /run/xtables.lock
580 # NOTE: moved to tmp so we can see what it attempts to write
581 path: /etc/cni/multus/calico/net.d
582 - name: host-local-net-dir
584 path: /var/lib/cni/networks
590 namespace: kube-system
592 apiVersion: extensions/v1beta1
595 name: calico-kube-controllers
596 namespace: kube-system
598 k8s-app: calico-kube-controllers
600 scheduler.alpha.kubernetes.io/critical-pod: ''
607 name: calico-kube-controllers
608 namespace: kube-system
610 k8s-app: calico-kube-controllers
613 beta.kubernetes.io/os: linux
615 - key: CriticalAddonsOnly
617 - key: node-role.kubernetes.io/master
619 serviceAccountName: calico-kube-controllers
621 - name: calico-kube-controllers
622 image: calico/kube-controllers:v3.6.1
624 - name: ENABLED_CONTROLLERS
626 - name: DATASTORE_TYPE
631 - /usr/bin/check-status
637 name: calico-kube-controllers
638 namespace: kube-system