You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
---apiVersion: apps/v1kind: Deploymentmetadata: labels: io.cilium/app: operator name: cilium-operator name: cilium-operator namespace: kube-systemspec: replicas: 1 selector: matchLabels: io.cilium/app: operator name: cilium-operator strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata:{% if cilium_enable_prometheus %} annotations: prometheus.io/port: "6942" prometheus.io/scrape: "true"{% endif %} labels: io.cilium/app: operator name: cilium-operator spec: # In HA mode, cilium-operator pods must not be scheduled on the same # node as they will clash with each other. affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: io.cilium/app operator: In values: - operator topologyKey: "kubernetes.io/hostname" containers: - args: - --debug=$(CILIUM_DEBUG) - --config-dir=/tmp/cilium/config-map command: - cilium-operator env: - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: K8S_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: CILIUM_K8S_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CILIUM_DEBUG valueFrom: configMapKeyRef: key: debug name: cilium-config optional: true - name: CILIUM_CLUSTER_NAME valueFrom: configMapKeyRef: key: cluster-name name: cilium-config optional: true - name: CILIUM_CLUSTER_ID valueFrom: configMapKeyRef: key: cluster-id name: cilium-config optional: true - name: CILIUM_DISABLE_ENDPOINT_CRD valueFrom: configMapKeyRef: key: disable-endpoint-crd name: cilium-config optional: true - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: AWS_ACCESS_KEY_ID name: cilium-aws optional: true - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: AWS_SECRET_ACCESS_KEY name: cilium-aws optional: true - name: AWS_DEFAULT_REGION valueFrom: secretKeyRef: key: AWS_DEFAULT_REGION name: cilium-aws optional: true{% if cilium_kube_proxy_replacement == 'strict' %} - name: KUBERNETES_SERVICE_HOST value: "{{ kube_apiserver_global_endpoint | urlsplit('hostname') }}" - name: KUBERNETES_SERVICE_PORT value: "{{ kube_apiserver_global_endpoint | urlsplit('port') }}"{% endif %} image: "{{ cilium_operator_image_repo }}:{{ cilium_operator_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} name: cilium-operator{% if cilium_enable_prometheus %} ports: - containerPort: 6942 hostPort: 6942 name: prometheus protocol: TCP{% endif %} livenessProbe: httpGet:{% if cilium_enable_ipv4 %} host: 127.0.0.1{% else %} host: '::1'{% endif %} path: /healthz port: 9234 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 3 volumeMounts: - mountPath: /var/lib/etcd-config name: etcd-config-path readOnly: true - mountPath: "{{cilium_cert_dir}}" name: etcd-secrets readOnly: true - mountPath: /tmp/cilium/config-map name: cilium-config-path readOnly: true dnsPolicy: ClusterFirst priorityClassName: system-node-critical restartPolicy: Always serviceAccount: cilium-operator serviceAccountName: cilium-operator hostNetwork: true tolerations: - operator: Exists volumes: # To read the etcd config stored in config maps - configMap: defaultMode: 420 items: - key: etcd-config path: etcd.config name: cilium-config name: etcd-config-path # To read the k8s etcd secrets in case the user might want to use TLS - name: etcd-secrets hostPath: path: "{{cilium_cert_dir}}" - configMap: name: cilium-config name: cilium-config-path
|
