richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4350 Commits
33 Branches
82 Tags
153 MiB
Tree: 6243467856
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6243467856'
${ noResults }
kubespray/roles/network_plugin/calico/templates/calico-node.yml.j2

281 lines
10 KiB
Raw Normal View History

Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
calico-node: add prometheus annotations (#3645) add prometheus annotations to calico-node if calico_felix_prometheusmetricsenabled is enabled. This will allow a kubernetes_sd to automaticly find the pods and start scraping.
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Adding pod priority for all the components. (#3361) * Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make Felix healthhost configurable
6 years ago
[Calico] Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode (#4173) * Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode * ensure kube_apiserver_node_port_range is defined
6 years ago
Mount host's xtable lock and enable calico lokcing for <v3.2.1
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
calico CALICO_IPV4POOL_IPIP overriding variable (#3507)
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make Calico Felix log level configurable (#3781)
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Adding calico/node env vars for prometheus configuration
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD can be set to one of first-found can-reach interface
7 years ago
Update calico-node.yml.j2
7 years ago
Set IP env var to autodetect when calico_ip_auto_method is defined (#4105)
6 years ago
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD can be set to one of first-found can-reach interface
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD can be set to one of first-found can-reach interface
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make calico_node_ignorelooserpf have an effect (#1945)
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Fix calico health checks
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Update probe timeouts, delays etc. (#4612) * Fix merge conflict * Add check delay * Add more liveness and readiness options to metrics-server
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Update probe timeouts, delays etc. (#4612) * Fix merge conflict * Add check delay * Add more liveness and readiness options to metrics-server
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Fix calico health checks
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Mount host's xtable lock and enable calico lokcing for <v3.2.1
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Mount host's xtable lock and enable calico lokcing for <v3.2.1
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
  1. ---
  2. # This manifest installs the calico/node container, as well
  3. # as the Calico CNI plugins and network config on
  4. # each master and worker node in a Kubernetes cluster.
  5. kind: DaemonSet
  6. apiVersion: extensions/v1beta1
  7. metadata:
  8. name: calico-node
  9. namespace: kube-system
  10. labels:
  11. k8s-app: calico-node
  12. spec:
  13. selector:
  14. matchLabels:
  15. k8s-app: calico-node
  16. template:
  17. metadata:
  18. labels:
  19. k8s-app: calico-node
  20. annotations:
  21. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  22. kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
  23. {% if calico_felix_prometheusmetricsenabled %}
  24. prometheus.io/scrape: 'true'
  25. prometheus.io/port: "{{ calico_felix_prometheusmetricsport }}"
  26. {% endif %}
  27. spec:
  28. {% if kube_version is version('v1.11.1', '>=') %}
  29. priorityClassName: system-node-critical
  30. {% endif %}
  31. hostNetwork: true
  32. serviceAccountName: calico-node
  33. tolerations:
  34. - effect: NoExecute
  35. operator: Exists
  36. - effect: NoSchedule
  37. operator: Exists
  38. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  39. - key: CriticalAddonsOnly
  40. operator: "Exists"
  41. # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
  42. # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
  43. terminationGracePeriodSeconds: 0
  44. {% if calico_version is version('v3.4.0', '>=') %}
  45. initContainers:
  46. # This container installs the Calico CNI binaries
  47. # and CNI network config file on each node.
  48. - name: install-cni
  49. image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
  50. command: ["/install-cni.sh"]
  51. env:
  52. # Name of the CNI config file to create.
  53. - name: CNI_CONF_NAME
  54. value: "10-calico.conflist"
  55. # Install CNI binaries
  56. - name: UPDATE_CNI_BINARIES
  57. value: "true"
  58. # The CNI network config to install on each node.
  59. - name: CNI_NETWORK_CONFIG_FILE
  60. value: "/host/etc/cni/net.d/calico.conflist.template"
  61. # Prevents the container from sleeping forever.
  62. - name: SLEEP
  63. value: "false"
  64. volumeMounts:
  65. - mountPath: /host/etc/cni/net.d
  66. name: cni-net-dir
  67. - mountPath: /host/opt/cni/bin
  68. name: cni-bin-dir
  69. {% endif %}
  70. containers:
  71. {% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
  72. - name: install-cni
  73. image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
  74. command: ["/install-cni.sh"]
  75. env:
  76. # Name of the CNI config file to create.
  77. - name: CNI_CONF_NAME
  78. value: "10-calico.conflist"
  79. # Install CNI binaries
  80. - name: UPDATE_CNI_BINARIES
  81. value: "true"
  82. # The CNI network config to install on each node.
  83. - name: CNI_NETWORK_CONFIG_FILE
  84. value: "/host/etc/cni/net.d/calico.conflist.template"
  85. # Prevents the container from sleeping forever.
  86. - name: SLEEP
  87. value: "false"
  88. volumeMounts:
  89. - mountPath: /host/etc/cni/net.d
  90. name: cni-net-dir
  91. - mountPath: /host/opt/cni/bin
  92. name: cni-bin-dir
  93. {% endif %}
  94. # Runs calico/node container on each Kubernetes node. This
  95. # container programs network policy and routes on each
  96. # host.
  97. - name: calico-node
  98. image: {{ calico_node_image_repo }}:{{ calico_node_image_tag }}
  99. env:
  100. # The location of the Calico etcd cluster.
  101. - name: ETCD_ENDPOINTS
  102. valueFrom:
  103. configMapKeyRef:
  104. name: calico-config
  105. key: etcd_endpoints
  106. # Choose the backend to use.
  107. - name: CALICO_NETWORKING_BACKEND
  108. valueFrom:
  109. configMapKeyRef:
  110. name: calico-config
  111. key: calico_backend
  112. # Cluster type to identify the deployment type
  113. - name: CLUSTER_TYPE
  114. valueFrom:
  115. configMapKeyRef:
  116. name: calico-config
  117. key: cluster_type
  118. # Set noderef for node controller.
  119. - name: CALICO_K8S_NODE_REF
  120. valueFrom:
  121. fieldRef:
  122. fieldPath: spec.nodeName
  123. # Disable file logging so `kubectl logs` works.
  124. - name: CALICO_DISABLE_FILE_LOGGING
  125. value: "true"
  126. # Set Felix endpoint to host default action to ACCEPT.
  127. - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
  128. value: "{{ calico_endpoint_to_host_action|default('RETURN') }}"
  129. - name: FELIX_HEALTHHOST
  130. value: "{{ calico_healthhost }}"
  131. {% if kube_proxy_mode == 'ipvs' and kube_apiserver_node_port_range is defined %}
  132. - name: FELIX_KUBENODEPORTRANGES
  133. value: "{{ kube_apiserver_node_port_range.split('-')[0] }}:{{ kube_apiserver_node_port_range.split('-')[1] }}"
  134. {% endif %}
  135. # Prior to v3.2.1 iptables didn't acquire the lock, so Calico's own implementation of the lock should be used,
  136. # this is not required in later versions https://github.com/projectcalico/calico/issues/2179
  137. {% if calico_version is version('v3.2.1', '<') %}
  138. - name: FELIX_IPTABLESLOCKTIMEOUTSECS
  139. value: "10"
  140. {% endif %}
  141. # should be set in etcd before deployment
  142. # # Configure the IP Pool from which Pod IPs will be chosen.
  143. # - name: CALICO_IPV4POOL_CIDR
  144. # value: "192.168.0.0/16"
  145. - name: CALICO_IPV4POOL_IPIP
  146. value: "{{ calico_ipv4pool_ipip }}"
  147. # Disable IPv6 on Kubernetes.
  148. - name: FELIX_IPV6SUPPORT
  149. value: "false"
  150. # Set Felix logging to "info"
  151. - name: FELIX_LOGSEVERITYSCREEN
  152. value: "{{ calico_loglevel }}"
  153. # Set MTU for tunnel device used if ipip is enabled
  154. {% if calico_mtu is defined %}
  155. - name: FELIX_IPINIPMTU
  156. value: "{{ calico_mtu }}"
  157. {% endif %}
  158. - name: FELIX_PROMETHEUSMETRICSENABLED
  159. value: "{{ calico_felix_prometheusmetricsenabled }}"
  160. - name: FELIX_PROMETHEUSMETRICSPORT
  161. value: "{{ calico_felix_prometheusmetricsport }}"
  162. - name: FELIX_PROMETHEUSGOMETRICSENABLED
  163. value: "{{ calico_felix_prometheusgometricsenabled }}"
  164. - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED
  165. value: "{{ calico_felix_prometheusprocessmetricsenabled }}"
  166. {% if calico_version is version('v3.4.0', '>=') and calico_advertise_cluster_ips|default(false) %}
  167. - name: CALICO_ADVERTISE_CLUSTER_IPS
  168. value: "{{ kube_service_addresses }}"
  169. {% endif %}
  170. # Location of the CA certificate for etcd.
  171. - name: ETCD_CA_CERT_FILE
  172. valueFrom:
  173. configMapKeyRef:
  174. name: calico-config
  175. key: etcd_ca
  176. # Location of the client key for etcd.
  177. - name: ETCD_KEY_FILE
  178. valueFrom:
  179. configMapKeyRef:
  180. name: calico-config
  181. key: etcd_key
  182. # Location of the client certificate for etcd.
  183. - name: ETCD_CERT_FILE
  184. valueFrom:
  185. configMapKeyRef:
  186. name: calico-config
  187. key: etcd_cert
  188. {% if calico_ip_auto_method is defined %}
  189. - name: IP_AUTODETECTION_METHOD
  190. value: "{{ calico_ip_auto_method }}"
  191. - name: IP
  192. value: "autodetect"
  193. {% else %}
  194. - name: IP
  195. valueFrom:
  196. fieldRef:
  197. fieldPath: status.hostIP
  198. {% endif %}
  199. - name: NODENAME
  200. valueFrom:
  201. fieldRef:
  202. fieldPath: spec.nodeName
  203. - name: FELIX_HEALTHENABLED
  204. value: "true"
  205. - name: FELIX_IGNORELOOSERPF
  206. value: "{{ calico_node_ignorelooserpf }}"
  207. securityContext:
  208. privileged: true
  209. resources:
  210. limits:
  211. cpu: {{ calico_node_cpu_limit }}
  212. memory: {{ calico_node_memory_limit }}
  213. requests:
  214. cpu: {{ calico_node_cpu_requests }}
  215. memory: {{ calico_node_memory_requests }}
  216. livenessProbe:
  217. httpGet:
  218. host: 127.0.0.1
  219. path: /liveness
  220. port: 9099
  221. initialDelaySeconds: 5
  222. failureThreshold: 6
  223. readinessProbe:
  224. failureThreshold: 6
  225. {% if calico_version is version('v3.3.0', '<') %}
  226. httpGet:
  227. host: 127.0.0.1
  228. path: /readiness
  229. port: 9099
  230. {% else %}
  231. exec:
  232. command:
  233. - /bin/calico-node
  234. - -bird-ready
  235. - -felix-ready
  236. {% endif %}
  237. volumeMounts:
  238. - mountPath: /lib/modules
  239. name: lib-modules
  240. readOnly: true
  241. - mountPath: /var/run/calico
  242. name: var-run-calico
  243. - mountPath: /var/lib/calico
  244. name: var-lib-calico
  245. readOnly: false
  246. - mountPath: /calico-secrets
  247. name: etcd-certs
  248. - name: xtables-lock
  249. mountPath: /run/xtables.lock
  250. readOnly: false
  251. volumes:
  252. # Used by calico/node.
  253. - name: lib-modules
  254. hostPath:
  255. path: /lib/modules
  256. - name: var-run-calico
  257. hostPath:
  258. path: /var/run/calico
  259. - name: var-lib-calico
  260. hostPath:
  261. path: /var/lib/calico
  262. # Used to install CNI.
  263. - name: cni-net-dir
  264. hostPath:
  265. path: /etc/cni/net.d
  266. - name: cni-bin-dir
  267. hostPath:
  268. path: /opt/cni/bin
  269. # Mount in the etcd TLS secrets.
  270. - name: etcd-certs
  271. hostPath:
  272. path: "{{ calico_cert_dir }}"
  273. # Mount the global iptables lock file, used by calico/node
  274. - name: xtables-lock
  275. hostPath:
  276. path: /run/xtables.lock
  277. type: FileOrCreate
  278. updateStrategy:
  279. rollingUpdate:
  280. maxUnavailable: {{ serial | default('20%') }}
  281. type: RollingUpdate