richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4775 Commits
33 Branches
82 Tags
152 MiB
Tree: 26700e7882
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '26700e7882'
${ noResults }
kubespray/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2

122 lines
3.6 KiB
Raw Normal View History

Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
  1. ---
  2. apiVersion: apps/v1
  3. kind: Deployment
  4. metadata:
  5. labels:
  6. io.cilium/app: operator
  7. name: cilium-operator
  8. name: cilium-operator
  9. namespace: kube-system
  10. spec:
  11. replicas: 1
  12. selector:
  13. matchLabels:
  14. io.cilium/app: operator
  15. name: cilium-operator
  16. strategy:
  17. rollingUpdate:
  18. maxSurge: 1
  19. maxUnavailable: 1
  20. type: RollingUpdate
  21. template:
  22. metadata:
  23. labels:
  24. io.cilium/app: operator
  25. name: cilium-operator
  26. spec:
  27. containers:
  28. - args:
  29. - --debug=$(CILIUM_DEBUG)
  30. - --kvstore=etcd
  31. - --kvstore-opt=etcd.config=/var/lib/etcd-config/etcd.config
  32. command:
  33. - cilium-operator
  34. env:
  35. - name: POD_NAMESPACE
  36. valueFrom:
  37. fieldRef:
  38. apiVersion: v1
  39. fieldPath: metadata.namespace
  40. - name: K8S_NODE_NAME
  41. valueFrom:
  42. fieldRef:
  43. apiVersion: v1
  44. fieldPath: spec.nodeName
  45. - name: CILIUM_DEBUG
  46. valueFrom:
  47. configMapKeyRef:
  48. key: debug
  49. name: cilium-config
  50. optional: true
  51. - name: CILIUM_CLUSTER_NAME
  52. valueFrom:
  53. configMapKeyRef:
  54. key: cluster-name
  55. name: cilium-config
  56. optional: true
  57. - name: CILIUM_CLUSTER_ID
  58. valueFrom:
  59. configMapKeyRef:
  60. key: cluster-id
  61. name: cilium-config
  62. optional: true
  63. - name: CILIUM_DISABLE_ENDPOINT_CRD
  64. valueFrom:
  65. configMapKeyRef:
  66. key: disable-endpoint-crd
  67. name: cilium-config
  68. optional: true
  69. - name: AWS_ACCESS_KEY_ID
  70. valueFrom:
  71. secretKeyRef:
  72. key: AWS_ACCESS_KEY_ID
  73. name: cilium-aws
  74. optional: true
  75. - name: AWS_SECRET_ACCESS_KEY
  76. valueFrom:
  77. secretKeyRef:
  78. key: AWS_SECRET_ACCESS_KEY
  79. name: cilium-aws
  80. optional: true
  81. - name: AWS_DEFAULT_REGION
  82. valueFrom:
  83. secretKeyRef:
  84. key: AWS_DEFAULT_REGION
  85. name: cilium-aws
  86. optional: true
  87. image: docker.io/cilium/operator:v1.5.5
  88. imagePullPolicy: IfNotPresent
  89. name: cilium-operator
  90. livenessProbe:
  91. httpGet:
  92. path: /healthz
  93. port: 9234
  94. scheme: HTTP
  95. initialDelaySeconds: 60
  96. periodSeconds: 10
  97. timeoutSeconds: 3
  98. volumeMounts:
  99. - mountPath: /var/lib/etcd-config
  100. name: etcd-config-path
  101. readOnly: true
  102. - mountPath: "{{cilium_cert_dir}}"
  103. name: etcd-secrets
  104. readOnly: true
  105. dnsPolicy: ClusterFirst
  106. priorityClassName: system-node-critical
  107. restartPolicy: Always
  108. serviceAccount: cilium-operator
  109. serviceAccountName: cilium-operator
  110. volumes:
  111. # To read the etcd config stored in config maps
  112. - configMap:
  113. defaultMode: 420
  114. items:
  115. - key: etcd-config
  116. path: etcd.config
  117. name: cilium-config
  118. name: etcd-config-path
  119. # To read the k8s etcd secrets in case the user might want to use TLS
  120. - name: etcd-secrets
  121. hostPath:
  122. path: "{{cilium_cert_dir}}"