ansible/roles/flannel/templates/flannel-ds.yaml

   1 #jinja2: lstrip_blocks: True
   2 {#
   3 Copyright 2019 Nokia
   4
   5 Licensed under the Apache License, Version 2.0 (the "License");
   6 you may not use this file except in compliance with the License.
   7 You may obtain a copy of the License at
   8
   9     http://www.apache.org/licenses/LICENSE-2.0
  10
  11 Unless required by applicable law or agreed to in writing, software
  12 distributed under the License is distributed on an "AS IS" BASIS,
  13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 See the License for the specific language governing permissions and
  15 limitations under the License.
  16 #}
  17 ---
  18 apiVersion: apps/v1
  19 kind: DaemonSet
  20 metadata:
  21   name: flannel-ds
  22   namespace: kube-system
  23   labels:
  24     tier: node
  25     {{ caas.kubernetes_component_label }}: flannel
  26 spec:
  27   selector:
  28     matchLabels:
  29       {{ caas.kubernetes_component_label }}: flannel
  30   template:
  31     metadata:
  32       labels:
  33         tier: node
  34         {{ caas.kubernetes_component_label }}: flannel
  35     spec:
  36       priorityClassName: "system-node-critical"
  37       hostNetwork: true
  38       dnsPolicy: ClusterFirstWithHostNet
  39      # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher)
  40      #securityContext:
  41      #     runAsUser: {{ caas.uid.flannel }}
  42       tolerations:
  43       - key: node.kubernetes.io/master
  44         operator: Exists
  45         effect: NoSchedule
  46       - key: "node-maintenancemode"
  47         value: "enabled"
  48         operator: "Equal"
  49         effect: "NoExecute"
  50       containers:
  51       - name: kube-flannel
  52         image: {{ container_image_names | select('search', '/flannel') | list | last }}
  53         command:
  54         - /opt/bin/flanneld
  55         args:
  56         - --ip-masq
  57         - --kube-subnet-mgr
  58         {% for interface in flannel_interfaces | default([]) %}
  59         - --iface={{ interface }}
  60         {% endfor %}
  61         securityContext:
  62           privileged: true
  63         env:
  64         - name: POD_NAME
  65           valueFrom:
  66             fieldRef:
  67               fieldPath: metadata.name
  68         - name: POD_NAMESPACE
  69           valueFrom:
  70             fieldRef:
  71               fieldPath: metadata.namespace
  72         resources:
  73           requests:
  74             cpu: "10m"
  75         volumeMounts:
  76         - name: time-mount
  77           mountPath: /etc/localtime
  78           readOnly: true
  79         - name: run
  80           mountPath: /run
  81         - name: flannel-cfg
  82           mountPath: /etc/kube-flannel/
  83       volumes:
  84         - name: time-mount
  85           hostPath:
  86              path: /etc/localtime
  87         - name: run
  88           hostPath:
  89             path: /run
  90         - name: flannel-cfg
  91           configMap:
  92             name: flannel-cm
  93       serviceAccountName: flannel