richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5366 Commits
29 Branches
81 Tags
147 MiB
Tree: 28839f6b71
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '28839f6b71'
${ noResults }
kubespray/roles/network_plugin/weave/templates/weave-net.yml.j2

267 lines
7.3 KiB
Raw Normal View History

Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Added option to set MTU on Weave
6 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Added option to set MTU on Weave
6 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Added option to set MTU on Weave
6 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Added option to set MTU on Weave
6 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Add support for k8s v1.16.0-beta.2 (#5148) Cleaned up deprecated APIs: apps/v1beta1 apps/v1beta2 extensions/v1beta1 for ds,deploy,rs Add workaround for deploying helm using incompatible deployment manifest. Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
5 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Upgrading weave to weave-kube
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Add support for k8s v1.16.0-beta.2 (#5148) Cleaned up deprecated APIs: apps/v1beta1 apps/v1beta2 extensions/v1beta1 for ds,deploy,rs Add workaround for deploying helm using incompatible deployment manifest. Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
5 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Adding pod priority for all the components. (#3361) * Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
weave: Upgrade to 2.5.0 (#3660) * weave: Upgrade to 2.5.0 Upstream Changes: - weave 2.5.0 (https://github.com/weaveworks/weave/releases/tag/v2.5.0) - Adds support for Kubernetes `hostPort` mapping - Adds support for Kubernetes `ipBlock` NetworkPolicy feature Our Changes: - Templates sync with upstream manifests - Remove legacy nodePort fix * BC for weave < 2.5.0
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Add iptables_backend to weave options (#6639)
4 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
weave: Upgrade to 2.5.0 (#3660) * weave: Upgrade to 2.5.0 Upstream Changes: - weave 2.5.0 (https://github.com/weaveworks/weave/releases/tag/v2.5.0) - Adds support for Kubernetes `hostPort` mapping - Adds support for Kubernetes `ipBlock` NetworkPolicy feature Our Changes: - Templates sync with upstream manifests - Remove legacy nodePort fix * BC for weave < 2.5.0
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
update weave-net to 2.0.5 version (#1877)
7 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true (#4843)
5 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: support any taint effect in daemonset tolerations (#6159) Since weave 2.5.1, `NoExecute` taint effect is no more supported, this changes the daemonset tolerations to change this behavior. Also remove the toleration key `CriticalAddonsOnly` not required anymore.
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Enable scheduling of critical pods and network plugins on master Added toleration to DNS, netchecker, fluentd, canal, and calico policy. Also small fixes to make yamllint pass.
7 years ago
update weave-net to 2.0.5 version (#1877)
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Make daemonsets upgradeable (#1606) Canal will be covered by a separate PR
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Make daemonsets upgradeable (#1606) Canal will be covered by a separate PR
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
  1. ---
  2. apiVersion: v1
  3. kind: List
  4. items:
  5. - apiVersion: v1
  6. kind: ServiceAccount
  7. metadata:
  8. name: weave-net
  9. labels:
  10. name: weave-net
  11. namespace: kube-system
  12. - apiVersion: rbac.authorization.k8s.io/v1
  13. kind: ClusterRole
  14. metadata:
  15. name: weave-net
  16. labels:
  17. name: weave-net
  18. rules:
  19. - apiGroups:
  20. - ''
  21. resources:
  22. - pods
  23. - namespaces
  24. - nodes
  25. verbs:
  26. - get
  27. - list
  28. - watch
  29. - apiGroups:
  30. - networking.k8s.io
  31. resources:
  32. - networkpolicies
  33. verbs:
  34. - get
  35. - list
  36. - watch
  37. - apiGroups:
  38. - ''
  39. resources:
  40. - nodes/status
  41. verbs:
  42. - patch
  43. - update
  44. - apiGroups:
  45. - policy
  46. resourceNames:
  47. - privileged
  48. resources:
  49. - podsecuritypolicies
  50. verbs:
  51. - use
  52. - apiVersion: rbac.authorization.k8s.io/v1
  53. kind: ClusterRoleBinding
  54. metadata:
  55. name: weave-net
  56. labels:
  57. name: weave-net
  58. roleRef:
  59. kind: ClusterRole
  60. name: weave-net
  61. apiGroup: rbac.authorization.k8s.io
  62. subjects:
  63. - kind: ServiceAccount
  64. name: weave-net
  65. namespace: kube-system
  66. - apiVersion: rbac.authorization.k8s.io/v1
  67. kind: Role
  68. metadata:
  69. name: weave-net
  70. labels:
  71. name: weave-net
  72. namespace: kube-system
  73. rules:
  74. - apiGroups:
  75. - ''
  76. resourceNames:
  77. - weave-net
  78. resources:
  79. - configmaps
  80. verbs:
  81. - get
  82. - update
  83. - apiGroups:
  84. - ''
  85. resources:
  86. - configmaps
  87. verbs:
  88. - create
  89. - apiVersion: rbac.authorization.k8s.io/v1
  90. kind: RoleBinding
  91. metadata:
  92. name: weave-net
  93. labels:
  94. name: weave-net
  95. namespace: kube-system
  96. roleRef:
  97. kind: Role
  98. name: weave-net
  99. apiGroup: rbac.authorization.k8s.io
  100. subjects:
  101. - kind: ServiceAccount
  102. name: weave-net
  103. namespace: kube-system
  104. - apiVersion: apps/v1
  105. kind: DaemonSet
  106. metadata:
  107. name: weave-net
  108. labels:
  109. name: weave-net
  110. namespace: kube-system
  111. spec:
  112. minReadySeconds: 5
  113. selector:
  114. matchLabels:
  115. name: weave-net
  116. template:
  117. metadata:
  118. labels:
  119. name: weave-net
  120. spec:
  121. priorityClassName: system-node-critical
  122. containers:
  123. - name: weave
  124. command:
  125. - /home/weave/launch.sh
  126. env:
  127. - name: HOSTNAME
  128. valueFrom:
  129. fieldRef:
  130. apiVersion: v1
  131. fieldPath: spec.nodeName
  132. - name: WEAVE_PASSWORD
  133. valueFrom:
  134. secretKeyRef:
  135. name: weave-net
  136. key: WEAVE_PASSWORD
  137. - name: CHECKPOINT_DISABLE
  138. value: "{{ weave_checkpoint_disable | bool | int }}"
  139. - name: CONN_LIMIT
  140. value: "{{ weave_conn_limit | int }}"
  141. - name: HAIRPIN_MODE
  142. value: "{{ weave_hairpin_mode | bool | lower }}"
  143. - name: IPALLOC_RANGE
  144. value: "{{ weave_ipalloc_range }}"
  145. - name: EXPECT_NPC
  146. value: "{{ weave_expect_npc | bool | int }}"
  147. {% if weave_kube_peers %}
  148. - name: KUBE_PEERS
  149. value: "{{ weave_kube_peers }}"
  150. {% endif %}
  151. {% if weave_ipalloc_init %}
  152. - name: IPALLOC_INIT
  153. value: "{{ weave_ipalloc_init }}"
  154. {% endif %}
  155. {% if weave_expose_ip %}
  156. - name: WEAVE_EXPOSE_IP
  157. value: "{{ weave_expose_ip }}"
  158. {% endif %}
  159. {% if weave_metrics_addr %}
  160. - name: WEAVE_METRICS_ADDR
  161. value: "{{ weave_metrics_addr }}"
  162. {% endif %}
  163. {% if weave_status_addr %}
  164. - name: WEAVE_STATUS_ADDR
  165. value: "{{ weave_status_addr }}"
  166. {% endif %}
  167. {% if weave_iptables_backend %}
  168. - name: IPTABLES_BACKEND
  169. value: "{{ weave_iptables_backend }}"
  170. {% endif %}
  171. - name: WEAVE_MTU
  172. value: "{{ weave_mtu | int }}"
  173. - name: NO_MASQ_LOCAL
  174. value: "{{ weave_no_masq_local | bool | int }}"
  175. {% if weave_extra_args %}
  176. - name: EXTRA_ARGS
  177. value: "{{ weave_extra_args }}"
  178. {% endif %}
  179. image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
  180. imagePullPolicy: {{ k8s_image_pull_policy }}
  181. readinessProbe:
  182. httpGet:
  183. host: 127.0.0.1
  184. path: /status
  185. port: 6784
  186. resources:
  187. requests:
  188. cpu: 50m
  189. securityContext:
  190. privileged: true
  191. volumeMounts:
  192. - name: weavedb
  193. mountPath: /weavedb
  194. - name: cni-bin
  195. mountPath: /host/opt
  196. - name: cni-bin2
  197. mountPath: /host/home
  198. - name: cni-conf
  199. mountPath: /host/etc
  200. - name: dbus
  201. mountPath: /host/var/lib/dbus
  202. - name: lib-modules
  203. mountPath: /lib/modules
  204. - name: xtables-lock
  205. mountPath: /run/xtables.lock
  206. readOnly: false
  207. - name: weave-npc
  208. env:
  209. - name: HOSTNAME
  210. valueFrom:
  211. fieldRef:
  212. apiVersion: v1
  213. fieldPath: spec.nodeName
  214. image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
  215. imagePullPolicy: {{ k8s_image_pull_policy }}
  216. resources:
  217. requests:
  218. cpu: 50m
  219. securityContext:
  220. privileged: true
  221. volumeMounts:
  222. - name: xtables-lock
  223. mountPath: /run/xtables.lock
  224. readOnly: false
  225. hostNetwork: true
  226. dnsPolicy: ClusterFirstWithHostNet
  227. hostPID: true
  228. restartPolicy: Always
  229. securityContext:
  230. seLinuxOptions: {}
  231. serviceAccountName: weave-net
  232. tolerations:
  233. - operator: Exists
  234. volumes:
  235. - name: weavedb
  236. hostPath:
  237. path: /var/lib/weave
  238. - name: cni-bin
  239. hostPath:
  240. path: /opt
  241. - name: cni-bin2
  242. hostPath:
  243. path: /home
  244. - name: cni-conf
  245. hostPath:
  246. path: /etc
  247. - name: dbus
  248. hostPath:
  249. path: /var/lib/dbus
  250. - name: lib-modules
  251. hostPath:
  252. path: /lib/modules
  253. - name: xtables-lock
  254. hostPath:
  255. path: /run/xtables.lock
  256. type: FileOrCreate
  257. updateStrategy:
  258. rollingUpdate:
  259. maxUnavailable: {{ serial | default('20%') }}
  260. type: RollingUpdate
  261. - apiVersion: v1
  262. kind: Secret
  263. metadata:
  264. name: weave-net
  265. namespace: kube-system
  266. data:
  267. WEAVE_PASSWORD: "{{ weave_password | default("") | b64encode }}"