X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ansible%2Froles%2Fflannel%2Ftemplates%2Fflannel-ds.yaml;h=e968fe9c6554c0b201d4ec4dea38596fb8a8bc87;hb=77284be6364a55804a63299e362e80051e7c35eb;hp=41e78a2f0da682965f64c0dafae78119975a0db5;hpb=85f2106bce174db4c77c5fe5daa13f17f5606dcd;p=ta%2Fcaas-danm.git

diff --git a/ansible/roles/flannel/templates/flannel-ds.yaml b/ansible/roles/flannel/templates/flannel-ds.yaml
index 41e78a2..e968fe9 100644
--- a/ansible/roles/flannel/templates/flannel-ds.yaml
+++ b/ansible/roles/flannel/templates/flannel-ds.yaml
@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: True
 {#
 Copyright 2019 Nokia
 
@@ -14,7 +15,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 #}
 ---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: flannel-ds
@@ -32,16 +33,20 @@ spec:
         tier: node
         {{ caas.kubernetes_component_label }}: flannel
     spec:
+      priorityClassName: "system-node-critical"
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
-     # TODO: figure out why flannel needs to run with root to modify network settings on the host
-     # Some setcap calls might be missing on its binary?
+     # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher)
      #securityContext:
      #     runAsUser: {{ caas.uid.flannel }}
       tolerations:
-      - key: node-role.kubernetes.io/master
+      - key: node.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: "node-maintenancemode"
+        value: "enabled"
+        operator: "Equal"
+        effect: "NoExecute"
       containers:
       - name: kube-flannel
         image: {{ container_image_names | select('search', '/flannel') | list | last }}
@@ -50,7 +55,9 @@ spec:
         args:
         - --ip-masq
         - --kube-subnet-mgr
-        - --iface={{ networking.infra_internal.interface }}
+        {% for interface in flannel_interfaces | default([]) %}
+        - --iface={{ interface }}
+        {% endfor %}
         securityContext:
           privileged: true
         env:
@@ -62,6 +69,9 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
+        resources:
+          requests:
+            cpu: "10m"
         volumeMounts:
         - name: time-mount
           mountPath: /etc/localtime