Add maintenance toleration for caas-registry

[ta/caas-registry.git] / ansible / roles / swift / templates / update / swift_update.yml

diff --git a/ansible/roles/swift/templates/update/swift_update.yml b/ansible/roles/swift/templates/update/swift_update.yml
index 8f6f940..3f24346 100644 (file)
--- a/ansible/roles/swift/templates/update/swift_update.yml
+++ b/ansible/roles/swift/templates/update/swift_update.yml
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 #}
 ---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: swift-update
@@ -28,10 +28,16 @@ spec:
       labels:
         name: swift-update
     spec:
+      priorityClassName: "system-cluster-critical"
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       nodeSelector:
-        nodename: caas_master1
+        nodetype: caas_master
+      tolerations:
+      - key: "node-maintenancemode"
+        value: "enabled"
+        operator: "Equal"
+        effect: "NoExecute"
       securityContext:
         runAsUser: {{ caas.uid.swift }}
       containers:
@@ -39,13 +45,14 @@ spec:
           image: {{ container_image_names | select('search', '/swift') | list | last }}
           securityContext:
             capabilities:
-              add: ["NET_BIND_SERVICE"]
+              add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
           args:
             - BACKEND
           resources:
             limits:
               memory: "4Gi"
             requests:
+              cpu: "200m"
               memory: "1Gi"
           env:
             - name: "SWIFT_PART_POWER"
@@ -58,6 +65,8 @@ spec:
               value: "1"
             - name: "SWIFT_OAM1_IP"
               value: "{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}"
+            - name: "SWIFT_URL"
+              value: "{{ caas.swift }}"
           volumeMounts:
             - name: config
               mountPath: /etc/swift/