ansible/roles/flannel/templates/flannel-ds.yaml

   1 {#
   2 Copyright 2019 Nokia
   3
   4 Licensed under the Apache License, Version 2.0 (the "License");
   5 you may not use this file except in compliance with the License.
   6 You may obtain a copy of the License at
   7
   8     http://www.apache.org/licenses/LICENSE-2.0
   9
  10 Unless required by applicable law or agreed to in writing, software
  11 distributed under the License is distributed on an "AS IS" BASIS,
  12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 See the License for the specific language governing permissions and
  14 limitations under the License.
  15 #}
  16 ---
  17 apiVersion: apps/v1beta2
  18 kind: DaemonSet
  19 metadata:
  20   name: flannel-ds
  21   namespace: kube-system
  22   labels:
  23     tier: node
  24     {{ caas.kubernetes_component_label }}: flannel
  25 spec:
  26   selector:
  27     matchLabels:
  28       {{ caas.kubernetes_component_label }}: flannel
  29   template:
  30     metadata:
  31       labels:
  32         tier: node
  33         {{ caas.kubernetes_component_label }}: flannel
  34     spec:
  35       priorityClassName: "system-node-critical"
  36       hostNetwork: true
  37       dnsPolicy: ClusterFirstWithHostNet
  38      # TODO: figure out why flannel needs to run with root to modify network settings on the host
  39      # Some setcap calls might be missing on its binary?
  40      #securityContext:
  41      #     runAsUser: {{ caas.uid.flannel }}
  42       tolerations:
  43       - key: node-role.kubernetes.io/master
  44         operator: Exists
  45         effect: NoSchedule
  46       containers:
  47       - name: kube-flannel
  48         image: {{ container_image_names | select('search', '/flannel') | list | last }}
  49         command:
  50         - /opt/bin/flanneld
  51         args:
  52         - --ip-masq
  53         - --kube-subnet-mgr
  54         - --iface={{ networking.infra_internal.interface }}
  55         securityContext:
  56           privileged: true
  57         env:
  58         - name: POD_NAME
  59           valueFrom:
  60             fieldRef:
  61               fieldPath: metadata.name
  62         - name: POD_NAMESPACE
  63           valueFrom:
  64             fieldRef:
  65               fieldPath: metadata.namespace
  66         resources:
  67           requests:
  68             cpu: "10m"
  69         volumeMounts:
  70         - name: time-mount
  71           mountPath: /etc/localtime
  72           readOnly: true
  73         - name: run
  74           mountPath: /run
  75         - name: flannel-cfg
  76           mountPath: /etc/kube-flannel/
  77       volumes:
  78         - name: time-mount
  79           hostPath:
  80              path: /etc/localtime
  81         - name: run
  82           hostPath:
  83             path: /run
  84         - name: flannel-cfg
  85           configMap:
  86             name: flannel-cm
  87       serviceAccountName: flannel