Code Review
/
ta
/
caas-danm.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Add maintenance toleration for flannel
[ta/caas-danm.git]
/
ansible
/
roles
/
flannel
/
templates
/
flannel-ds.yaml
diff --git
a/ansible/roles/flannel/templates/flannel-ds.yaml
b/ansible/roles/flannel/templates/flannel-ds.yaml
index
117f9cf
..
e968fe9
100644
(file)
--- a/
ansible/roles/flannel/templates/flannel-ds.yaml
+++ b/
ansible/roles/flannel/templates/flannel-ds.yaml
@@
-1,3
+1,4
@@
+#jinja2: lstrip_blocks: True
{#
Copyright 2019 Nokia
{#
Copyright 2019 Nokia
@@
-14,7
+15,7
@@
See the License for the specific language governing permissions and
limitations under the License.
#}
---
limitations under the License.
#}
---
-apiVersion: apps/v1
beta2
+apiVersion: apps/v1
kind: DaemonSet
metadata:
name: flannel-ds
kind: DaemonSet
metadata:
name: flannel-ds
@@
-35,14
+36,17
@@
spec:
priorityClassName: "system-node-critical"
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
priorityClassName: "system-node-critical"
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
- # TODO: figure out why flannel needs to run with root to modify network settings on the host
- # Some setcap calls might be missing on its binary?
+ # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher)
#securityContext:
# runAsUser: {{ caas.uid.flannel }}
tolerations:
#securityContext:
# runAsUser: {{ caas.uid.flannel }}
tolerations:
- - key: node
-role
.kubernetes.io/master
+ - key: node.kubernetes.io/master
operator: Exists
effect: NoSchedule
operator: Exists
effect: NoSchedule
+ - key: "node-maintenancemode"
+ value: "enabled"
+ operator: "Equal"
+ effect: "NoExecute"
containers:
- name: kube-flannel
image: {{ container_image_names | select('search', '/flannel') | list | last }}
containers:
- name: kube-flannel
image: {{ container_image_names | select('search', '/flannel') | list | last }}
@@
-51,7
+55,9
@@
spec:
args:
- --ip-masq
- --kube-subnet-mgr
args:
- --ip-masq
- --kube-subnet-mgr
- - --iface={{ networking.infra_internal.interface }}
+ {% for interface in flannel_interfaces | default([]) %}
+ - --iface={{ interface }}
+ {% endfor %}
securityContext:
privileged: true
env:
securityContext:
privileged: true
env: