richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3778 Commits
29 Branches
81 Tags
150 MiB
Tree: 4d2b6b71f2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4d2b6b71f2'
${ noResults }
kubespray/roles/network_plugin/weave/templates/weave-net.yml.j2

267 lines
7.5 KiB
Raw Normal View History

Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Added option to set MTU on Weave
6 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Added option to set MTU on Weave
6 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Added option to set MTU on Weave
6 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Added option to set MTU on Weave
6 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Upgrading weave to weave-kube
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Adding pod priority for all the components. (#3361) * Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
update weave-net to 2.0.5 version (#1877)
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Enable scheduling of critical pods and network plugins on master Added toleration to DNS, netchecker, fluentd, canal, and calico policy. Also small fixes to make yamllint pass.
7 years ago
update weave-net to 2.0.5 version (#1877)
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Make daemonsets upgradeable (#1606) Canal will be covered by a separate PR
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Make daemonsets upgradeable (#1606) Canal will be covered by a separate PR
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
  1. ---
  2. apiVersion: v1
  3. kind: List
  4. items:
  5. - apiVersion: v1
  6. kind: ServiceAccount
  7. metadata:
  8. name: weave-net
  9. labels:
  10. name: weave-net
  11. namespace: kube-system
  12. - apiVersion: rbac.authorization.k8s.io/v1beta1
  13. kind: ClusterRole
  14. metadata:
  15. name: weave-net
  16. labels:
  17. name: weave-net
  18. rules:
  19. - apiGroups:
  20. - ''
  21. resources:
  22. - pods
  23. - namespaces
  24. - nodes
  25. verbs:
  26. - get
  27. - list
  28. - watch
  29. - apiGroups:
  30. - networking.k8s.io
  31. resources:
  32. - networkpolicies
  33. verbs:
  34. - get
  35. - list
  36. - watch
  37. - apiGroups:
  38. - ''
  39. resources:
  40. - nodes/status
  41. verbs:
  42. - patch
  43. - update
  44. - apiGroups:
  45. - policy
  46. resourceNames:
  47. - privileged
  48. resources:
  49. - podsecuritypolicies
  50. verbs:
  51. - use
  52. - apiVersion: rbac.authorization.k8s.io/v1beta1
  53. kind: ClusterRoleBinding
  54. metadata:
  55. name: weave-net
  56. labels:
  57. name: weave-net
  58. roleRef:
  59. kind: ClusterRole
  60. name: weave-net
  61. apiGroup: rbac.authorization.k8s.io
  62. subjects:
  63. - kind: ServiceAccount
  64. name: weave-net
  65. namespace: kube-system
  66. - apiVersion: rbac.authorization.k8s.io/v1beta1
  67. kind: Role
  68. metadata:
  69. name: weave-net
  70. labels:
  71. name: weave-net
  72. namespace: kube-system
  73. rules:
  74. - apiGroups:
  75. - ''
  76. resourceNames:
  77. - weave-net
  78. resources:
  79. - configmaps
  80. verbs:
  81. - get
  82. - update
  83. - apiGroups:
  84. - ''
  85. resources:
  86. - configmaps
  87. verbs:
  88. - create
  89. - apiVersion: rbac.authorization.k8s.io/v1beta1
  90. kind: RoleBinding
  91. metadata:
  92. name: weave-net
  93. labels:
  94. name: weave-net
  95. namespace: kube-system
  96. roleRef:
  97. kind: Role
  98. name: weave-net
  99. apiGroup: rbac.authorization.k8s.io
  100. subjects:
  101. - kind: ServiceAccount
  102. name: weave-net
  103. namespace: kube-system
  104. - apiVersion: extensions/v1beta1
  105. kind: DaemonSet
  106. metadata:
  107. name: weave-net
  108. labels:
  109. name: weave-net
  110. namespace: kube-system
  111. spec:
  112. minReadySeconds: 5
  113. template:
  114. metadata:
  115. labels:
  116. name: weave-net
  117. annotations:
  118. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  119. scheduler.alpha.kubernetes.io/critical-pod: ''
  120. spec:
  121. {% if kube_version is version('v1.11.1', '>=') %}
  122. priorityClassName: system-node-critical
  123. {% endif %}
  124. containers:
  125. - name: weave
  126. command:
  127. - /home/weave/launch.sh
  128. env:
  129. - name: HOSTNAME
  130. valueFrom:
  131. fieldRef:
  132. apiVersion: v1
  133. fieldPath: spec.nodeName
  134. - name: WEAVE_PASSWORD
  135. valueFrom:
  136. secretKeyRef:
  137. name: weave-net
  138. key: WEAVE_PASSWORD
  139. - name: CHECKPOINT_DISABLE
  140. value: "{{ weave_checkpoint_disable | bool | int }}"
  141. - name: CONN_LIMIT
  142. value: "{{ weave_conn_limit | int }}"
  143. - name: HAIRPIN_MODE
  144. value: "{{ weave_hairpin_mode | bool }}"
  145. - name: IPALLOC_RANGE
  146. value: "{{ weave_ipalloc_range }}"
  147. - name: EXPECT_NPC
  148. value: "{{ weave_expect_npc | bool | int }}"
  149. {% if weave_kube_peers %}
  150. - name: KUBE_PEERS
  151. value: "{{ weave_kube_peers }}"
  152. {% endif %}
  153. {% if weave_ipalloc_init %}
  154. - name: IPALLOC_INIT
  155. value: "{{ weave_ipalloc_init }}"
  156. {% endif %}
  157. {% if weave_expose_ip %}
  158. - name: WEAVE_EXPOSE_IP
  159. value: "{{ weave_expose_ip }}"
  160. {% endif %}
  161. {% if weave_metrics_addr %}
  162. - name: WEAVE_METRICS_ADDR
  163. value: "{{ weave_metrics_addr }}"
  164. {% endif %}
  165. {% if weave_status_addr %}
  166. - name: WEAVE_STATUS_ADDR
  167. value: "{{ weave_status_addr }}"
  168. {% endif %}
  169. - name: WEAVE_MTU
  170. value: "{{ weave_mtu | int }}"
  171. - name: NO_MASQ_LOCAL
  172. value: "{{ weave_no_masq_local | bool | int }}"
  173. {% if weave_extra_args %}
  174. - name: EXTRA_ARGS
  175. value: "{{ weave_extra_args }}"
  176. {% endif %}
  177. image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
  178. imagePullPolicy: {{ k8s_image_pull_policy }}
  179. livenessProbe:
  180. httpGet:
  181. host: 127.0.0.1
  182. path: /status
  183. port: 6784
  184. initialDelaySeconds: 30
  185. resources:
  186. requests:
  187. cpu: 10m
  188. securityContext:
  189. privileged: true
  190. volumeMounts:
  191. - name: weavedb
  192. mountPath: /weavedb
  193. - name: cni-bin
  194. mountPath: /host/opt
  195. - name: cni-bin2
  196. mountPath: /host/home
  197. - name: cni-conf
  198. mountPath: /host/etc
  199. - name: dbus
  200. mountPath: /host/var/lib/dbus
  201. - name: lib-modules
  202. mountPath: /lib/modules
  203. - name: xtables-lock
  204. mountPath: /run/xtables.lock
  205. - name: weave-npc
  206. args: []
  207. env:
  208. - name: HOSTNAME
  209. valueFrom:
  210. fieldRef:
  211. apiVersion: v1
  212. fieldPath: spec.nodeName
  213. image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
  214. imagePullPolicy: {{ k8s_image_pull_policy }}
  215. resources:
  216. requests:
  217. cpu: 10m
  218. securityContext:
  219. privileged: true
  220. volumeMounts:
  221. - name: xtables-lock
  222. mountPath: /run/xtables.lock
  223. hostNetwork: true
  224. hostPID: true
  225. restartPolicy: Always
  226. securityContext:
  227. seLinuxOptions: {}
  228. serviceAccountName: weave-net
  229. tolerations:
  230. - operator: Exists
  231. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  232. - key: CriticalAddonsOnly
  233. operator: "Exists"
  234. volumes:
  235. - name: weavedb
  236. hostPath:
  237. path: /var/lib/weave
  238. - name: cni-bin
  239. hostPath:
  240. path: /opt
  241. - name: cni-bin2
  242. hostPath:
  243. path: /home
  244. - name: cni-conf
  245. hostPath:
  246. path: /etc
  247. - name: dbus
  248. hostPath:
  249. path: /var/lib/dbus
  250. - name: lib-modules
  251. hostPath:
  252. path: /lib/modules
  253. - name: xtables-lock
  254. hostPath:
  255. path: /run/xtables.lock
  256. type: FileOrCreate
  257. updateStrategy:
  258. rollingUpdate:
  259. maxUnavailable: {{ serial | default('20%') }}
  260. type: RollingUpdate
  261. - apiVersion: v1
  262. kind: Secret
  263. metadata:
  264. name: weave-net
  265. namespace: kube-system
  266. data:
  267. WEAVE_PASSWORD: "{{ weave_password | default("") | b64encode }}"