You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
---apiVersion: extensions/v1beta1kind: DaemonSetmetadata: name: cilium namespace: {{ system_namespace }}spec: template: metadata: labels: k8s-app: cilium kubernetes.io/cluster-service: "true" annotations: # This annotation plus the CriticalAddonsOnly toleration makes # cilium to be a critical pod in the cluster, which ensures cilium # gets priority scheduling. # https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: >- [{"key":"dedicated","operator":"Equal","value":"master","effect":"NoSchedule"}]{% if cilium_enable_prometheus %} prometheus.io/scrape: "true" prometheus.io/port: "9090"{% endif %} spec:{% if rbac_enabled %} serviceAccountName: cilium{% endif %} containers: - image: {{ cilium_image_repo }}:{{ cilium_image_tag }} imagePullPolicy: Always name: cilium-agent command: [ "cilium-agent" ] args: - "--debug=$(CILIUM_DEBUG)" - "-t" - "vxlan" - "--kvstore" - "etcd" - "--kvstore-opt" - "etcd.config=/var/lib/etcd-config/etcd.config" - "--disable-ipv4=$(DISABLE_IPV4)"{% if cilium_enable_prometheus %} ports: - name: prometheus containerPort: 9090{% endif %} lifecycle: postStart: exec: command: - "/cni-install.sh" preStop: exec: command: - "/cni-uninstall.sh" env: - name: "K8S_NODE_NAME" valueFrom: fieldRef: fieldPath: spec.nodeName - name: "CILIUM_DEBUG" valueFrom: configMapKeyRef: name: cilium-config key: debug - name: "DISABLE_IPV4" valueFrom: configMapKeyRef: name: cilium-config key: disable-ipv4{% if cilium_enable_prometheus %} # Note: this variable is a no-op if not defined, and is used in the # prometheus examples. - name: "CILIUM_PROMETHEUS_SERVE_ADDR" valueFrom: configMapKeyRef: name: cilium-metrics-config optional: true key: prometheus-serve-addr{% endif %} resources: limits: cpu: {{ cilium_cpu_limit }} memory: {{ cilium_memory_limit }} requests: cpu: {{ cilium_cpu_requests }} memory: {{ cilium_memory_requests }} livenessProbe: exec: command: - cilium - status # The initial delay for the liveness probe is intentionally large to # avoid an endless kill & restart cycle if in the event that the initial # bootstrapping takes longer than expected. initialDelaySeconds: 120 failureThreshold: 10 periodSeconds: 10 readinessProbe: exec: command: - cilium - status initialDelaySeconds: 5 periodSeconds: 5 volumeMounts: - name: bpf-maps mountPath: /sys/fs/bpf - name: cilium-run mountPath: /var/run/cilium - name: cni-path mountPath: /host/opt/cni/bin - name: etc-cni-netd mountPath: /host/etc/cni/net.d - name: docker-socket mountPath: /var/run/docker.sock readOnly: true - name: etcd-config-path mountPath: /var/lib/etcd-config readOnly: true - name: cilium-certs mountPath: {{ cilium_cert_dir }} readOnly: true securityContext: capabilities: add: - "NET_ADMIN" privileged: true hostNetwork: true volumes: # To keep state between restarts / upgrades - name: cilium-run hostPath: path: /var/run/cilium # To keep state between restarts / upgrades - name: bpf-maps hostPath: path: /sys/fs/bpf # To read docker events from the node - name: docker-socket hostPath: path: /var/run/docker.sock # To install cilium cni plugin in the host - name: cni-path hostPath: path: /opt/cni/bin # To install cilium cni configuration in the host - name: etc-cni-netd hostPath: path: /etc/cni/net.d - name: cilium-certs hostPath: path: {{ cilium_cert_dir }} # To read the etcd config stored in config maps - name: etcd-config-path configMap: name: cilium-config items: - key: etcd-config path: etcd.config tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized value: "true" # Mark cilium's pod as critical for rescheduling - key: CriticalAddonsOnly operator: "Exists"
|
