+#jinja2: lstrip_blocks: True
{#
Copyright 2019 Nokia
limitations under the License.
#}
---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: DaemonSet
metadata:
name: flannel-ds
tier: node
{{ caas.kubernetes_component_label }}: flannel
spec:
+ priorityClassName: "system-node-critical"
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
- # TODO: figure out why flannel needs to run with root to modify network settings on the host
- # Some setcap calls might be missing on its binary?
+ # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher)
#securityContext:
# runAsUser: {{ caas.uid.flannel }}
tolerations:
- - key: node-role.kubernetes.io/master
+ - key: node.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: "node-maintenancemode"
+ value: "enabled"
+ operator: "Equal"
+ effect: "NoExecute"
containers:
- name: kube-flannel
image: {{ container_image_names | select('search', '/flannel') | list | last }}
args:
- --ip-masq
- --kube-subnet-mgr
- - --iface={{ networking.infra_internal.interface }}
+ {% for interface in flannel_interfaces | default([]) %}
+ - --iface={{ interface }}
+ {% endfor %}
securityContext:
privileged: true
env:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ resources:
+ requests:
+ cpu: "10m"
volumeMounts:
+ - name: time-mount
+ mountPath: /etc/localtime
+ readOnly: true
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
+ - name: time-mount
+ hostPath:
+ path: /etc/localtime
- name: run
hostPath:
path: /run