tier: node
{{ caas.kubernetes_component_label }}: flannel
spec:
+ priorityClassName: "system-node-critical"
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
- # TODO: figure out why flannel needs to run with root to modify network settings on the host
- # Some setcap calls might be missing on its binary?
+ # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher)
#securityContext:
# runAsUser: {{ caas.uid.flannel }}
tolerations:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ resources:
+ requests:
+ cpu: "10m"
volumeMounts:
+ - name: time-mount
+ mountPath: /etc/localtime
+ readOnly: true
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
+ - name: time-mount
+ hostPath:
+ path: /etc/localtime
- name: run
hostPath:
path: /run