ansible/roles/flannel/templates/flannel-ds.yaml

   1 {#
   2 Copyright 2019 Nokia
   3
   4 Licensed under the Apache License, Version 2.0 (the "License");
   5 you may not use this file except in compliance with the License.
   6 You may obtain a copy of the License at
   7
   8     http://www.apache.org/licenses/LICENSE-2.0
   9
  10 Unless required by applicable law or agreed to in writing, software
  11 distributed under the License is distributed on an "AS IS" BASIS,
  12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 See the License for the specific language governing permissions and
  14 limitations under the License.
  15 #}
  16 ---
  17 apiVersion: apps/v1
  18 kind: DaemonSet
  19 metadata:
  20   name: flannel-ds
  21   namespace: kube-system
  22   labels:
  23     tier: node
  24     {{ caas.kubernetes_component_label }}: flannel
  25 spec:
  26   selector:
  27     matchLabels:
  28       {{ caas.kubernetes_component_label }}: flannel
  29   template:
  30     metadata:
  31       labels:
  32         tier: node
  33         {{ caas.kubernetes_component_label }}: flannel
  34     spec:
  35       priorityClassName: "system-node-critical"
  36       hostNetwork: true
  37       dnsPolicy: ClusterFirstWithHostNet
  38      # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher)
  39      #securityContext:
  40      #     runAsUser: {{ caas.uid.flannel }}
  41       tolerations:
  42       - key: node.kubernetes.io/master
  43         operator: Exists
  44         effect: NoSchedule
  45       containers:
  46       - name: kube-flannel
  47         image: {{ container_image_names | select('search', '/flannel') | list | last }}
  48         command:
  49         - /opt/bin/flanneld
  50         args:
  51         - --ip-masq
  52         - --kube-subnet-mgr
  53         - --iface={{ networking.infra_internal.interface }}
  54         securityContext:
  55           privileged: true
  56         env:
  57         - name: POD_NAME
  58           valueFrom:
  59             fieldRef:
  60               fieldPath: metadata.name
  61         - name: POD_NAMESPACE
  62           valueFrom:
  63             fieldRef:
  64               fieldPath: metadata.namespace
  65         resources:
  66           requests:
  67             cpu: "10m"
  68         volumeMounts:
  69         - name: time-mount
  70           mountPath: /etc/localtime
  71           readOnly: true
  72         - name: run
  73           mountPath: /run
  74         - name: flannel-cfg
  75           mountPath: /etc/kube-flannel/
  76       volumes:
  77         - name: time-mount
  78           hostPath:
  79              path: /etc/localtime
  80         - name: run
  81           hostPath:
  82             path: /run
  83         - name: flannel-cfg
  84           configMap:
  85             name: flannel-cm
  86       serviceAccountName: flannel