|
|
---apiVersion: v1kind: Listitems: - apiVersion: v1 kind: ServiceAccount metadata: name: weave-net labels: name: weave-net namespace: kube-system - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-net labels: name: weave-net rules: - apiGroups: - '' resources: - pods - namespaces - nodes verbs: - get - list - watch - apiGroups: - extensions resources: - networkpolicies verbs: - get - list - watch - apiGroups: - 'networking.k8s.io' resources: - networkpolicies verbs: - get - list - watch - apiGroups: - '' resources: - nodes/status verbs: - patch - update - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-net labels: name: weave-net roleRef: kind: ClusterRole name: weave-net apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: weave-net namespace: kube-system - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: weave-net namespace: kube-system labels: name: weave-net rules: - apiGroups: - '' resources: - configmaps resourceNames: - weave-net verbs: - get - update - apiGroups: - '' resources: - configmaps verbs: - create - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: weave-net namespace: kube-system labels: name: weave-net roleRef: kind: Role name: weave-net apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: weave-net namespace: kube-system - apiVersion: apps/v1 kind: DaemonSet metadata: name: weave-net labels: name: weave-net namespace: kube-system spec: # Wait 5 seconds to let pod connect before rolling next pod selector: matchLabels: name: weave-net minReadySeconds: 5 template: metadata: labels: name: weave-net spec: initContainers: - name: weave-init image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} command: - /home/weave/init.sh env: securityContext: privileged: true volumeMounts: - name: cni-bin mountPath: /host/opt - name: cni-bin2 mountPath: /host/home - name: cni-conf mountPath: /host/etc - name: lib-modules mountPath: /lib/modules - name: xtables-lock mountPath: /run/xtables.lock readOnly: false containers: - name: weave command: - /home/weave/launch.sh env: - name: INIT_CONTAINER value: "true" - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: WEAVE_PASSWORD valueFrom: secretKeyRef: name: weave-net key: WEAVE_PASSWORD - name: CHECKPOINT_DISABLE value: "{{ weave_checkpoint_disable | bool | int }}" - name: CONN_LIMIT value: "{{ weave_conn_limit | int }}" - name: HAIRPIN_MODE value: "{{ weave_hairpin_mode | bool | lower }}" - name: IPALLOC_RANGE value: "{{ weave_ipalloc_range }}" - name: EXPECT_NPC value: "{{ weave_expect_npc | bool | int }}"{% if weave_kube_peers %} - name: KUBE_PEERS value: "{{ weave_kube_peers }}"{% endif %}{% if weave_ipalloc_init %} - name: IPALLOC_INIT value: "{{ weave_ipalloc_init }}"{% endif %}{% if weave_expose_ip %} - name: WEAVE_EXPOSE_IP value: "{{ weave_expose_ip }}"{% endif %}{% if weave_metrics_addr %} - name: WEAVE_METRICS_ADDR value: "{{ weave_metrics_addr }}"{% endif %}{% if weave_status_addr %} - name: WEAVE_STATUS_ADDR value: "{{ weave_status_addr }}"{% endif %}{% if weave_iptables_backend %} - name: IPTABLES_BACKEND value: "{{ weave_iptables_backend }}"{% endif %} - name: WEAVE_MTU value: "{{ weave_mtu | int }}" - name: NO_MASQ_LOCAL value: "{{ weave_no_masq_local | bool | int }}"{% if weave_extra_args %} - name: EXTRA_ARGS value: "{{ weave_extra_args }}"{% endif %} image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} readinessProbe: httpGet: host: 127.0.0.1 path: /status port: 6784 resources: requests: cpu: 50m securityContext: privileged: true volumeMounts: - name: weavedb mountPath: /weavedb - name: dbus mountPath: /host/var/lib/dbus readOnly: true - mountPath: /host/etc/machine-id name: cni-machine-id readOnly: true - name: xtables-lock mountPath: /run/xtables.lock readOnly: false - name: weave-npc env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName{% if weave_npc_extra_args %} - name: EXTRA_ARGS value: "{{ weave_npc_extra_args }}"{% endif %} image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} resources: requests: cpu: 50m securityContext: privileged: true volumeMounts: - name: xtables-lock mountPath: /run/xtables.lock readOnly: false hostNetwork: true dnsPolicy: ClusterFirstWithHostNet hostPID: false restartPolicy: Always securityContext: seLinuxOptions: {} serviceAccountName: weave-net tolerations: - effect: NoSchedule operator: Exists - effect: NoExecute operator: Exists volumes: - name: weavedb hostPath: path: /var/lib/weave - name: cni-bin hostPath: path: /opt - name: cni-bin2 hostPath: path: /home - name: cni-conf hostPath: path: /etc - name: cni-machine-id hostPath: path: /etc/machine-id - name: dbus hostPath: path: /var/lib/dbus - name: lib-modules hostPath: path: /lib/modules - name: xtables-lock hostPath: path: /run/xtables.lock type: FileOrCreate priorityClassName: system-node-critical updateStrategy: rollingUpdate: maxUnavailable: {{ serial | default('20%') }} type: RollingUpdate - apiVersion: v1 kind: Secret metadata: name: weave-net namespace: kube-system data: WEAVE_PASSWORD: "{{ weave_password | default("") | b64encode }}"
|
