richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5763 Commits
33 Branches
82 Tags
153 MiB
Tree: ae3a1d7c01
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ae3a1d7c01'
${ noResults }
kubespray/roles/network_plugin/weave/templates/weave-net.yml.j2

283 lines
7.9 KiB
Raw Normal View History

Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
8 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Added option to set MTU on Weave
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
weave: Upgrade to 2.4.1 Upstream Changes: - weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1) Our Changes: - Templates sync with upstream manifests
6 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Added option to set MTU on Weave
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
Added option to set MTU on Weave
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Added option to set MTU on Weave
7 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
Add support for k8s v1.16.0-beta.2 (#5148) Cleaned up deprecated APIs: apps/v1beta1 apps/v1beta2 extensions/v1beta1 for ds,deploy,rs Add workaround for deploying helm using incompatible deployment manifest. Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
5 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
Upgrading weave to weave-kube
8 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Add support for k8s v1.16.0-beta.2 (#5148) Cleaned up deprecated APIs: apps/v1beta1 apps/v1beta2 extensions/v1beta1 for ds,deploy,rs Add workaround for deploying helm using incompatible deployment manifest. Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
5 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Adding pod priority for all the components. (#3361) * Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir
6 years ago
Update Weave to 2.8.0 (#7181)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Update Weave to 2.8.0 (#7181)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
weave: Upgrade to 2.5.0 (#3660) * weave: Upgrade to 2.5.0 Upstream Changes: - weave 2.5.0 (https://github.com/weaveworks/weave/releases/tag/v2.5.0) - Adds support for Kubernetes `hostPort` mapping - Adds support for Kubernetes `ipBlock` NetworkPolicy feature Our Changes: - Templates sync with upstream manifests - Remove legacy nodePort fix * BC for weave < 2.5.0
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Add iptables_backend to weave options (#6639)
4 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
weave: Upgrade to 2.5.0 (#3660) * weave: Upgrade to 2.5.0 Upstream Changes: - weave 2.5.0 (https://github.com/weaveworks/weave/releases/tag/v2.5.0) - Adds support for Kubernetes `hostPort` mapping - Adds support for Kubernetes `ipBlock` NetworkPolicy feature Our Changes: - Templates sync with upstream manifests - Remove legacy nodePort fix * BC for weave < 2.5.0
6 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Update Weave to 2.8.0 (#7181)
4 years ago
update weave-net to 2.0.5 version (#1877)
7 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrade Weave to 2.2.1 - Fix #2414, so namespace isolation should now works - Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net - Other minor fixup
7 years ago
Update weave to 2.7.0 + minor update to Cilium (#6501)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true (#4843)
5 years ago
Update Weave to 2.8.0 (#7181)
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
weave: support any taint effect in daemonset tolerations (#6159) Since weave 2.5.1, `NoExecute` taint effect is no more supported, this changes the daemonset tolerations to change this behavior. Also remove the toleration key `CriticalAddonsOnly` not required anymore.
4 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Upgrading weave to weave-kube
8 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Enable scheduling of critical pods and network plugins on master Added toleration to DNS, netchecker, fluentd, canal, and calico policy. Also small fixes to make yamllint pass.
7 years ago
update weave-net to 2.0.5 version (#1877)
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
Make daemonsets upgradeable (#1606) Canal will be covered by a separate PR
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Make daemonsets upgradeable (#1606) Canal will be covered by a separate PR
7 years ago
weave: Upgrade to 2.4.0 Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customization
6 years ago
  1. ---
  2. apiVersion: v1
  3. kind: List
  4. items:
  5. - apiVersion: v1
  6. kind: ServiceAccount
  7. metadata:
  8. name: weave-net
  9. labels:
  10. name: weave-net
  11. namespace: kube-system
  12. - apiVersion: rbac.authorization.k8s.io/v1
  13. kind: ClusterRole
  14. metadata:
  15. name: weave-net
  16. labels:
  17. name: weave-net
  18. rules:
  19. - apiGroups:
  20. - ''
  21. resources:
  22. - pods
  23. - namespaces
  24. - nodes
  25. verbs:
  26. - get
  27. - list
  28. - watch
  29. - apiGroups:
  30. - networking.k8s.io
  31. resources:
  32. - networkpolicies
  33. verbs:
  34. - get
  35. - list
  36. - watch
  37. - apiGroups:
  38. - ''
  39. resources:
  40. - nodes/status
  41. verbs:
  42. - patch
  43. - update
  44. - apiGroups:
  45. - policy
  46. resourceNames:
  47. - privileged
  48. resources:
  49. - podsecuritypolicies
  50. verbs:
  51. - use
  52. - apiVersion: rbac.authorization.k8s.io/v1
  53. kind: ClusterRoleBinding
  54. metadata:
  55. name: weave-net
  56. labels:
  57. name: weave-net
  58. roleRef:
  59. kind: ClusterRole
  60. name: weave-net
  61. apiGroup: rbac.authorization.k8s.io
  62. subjects:
  63. - kind: ServiceAccount
  64. name: weave-net
  65. namespace: kube-system
  66. - apiVersion: rbac.authorization.k8s.io/v1
  67. kind: Role
  68. metadata:
  69. name: weave-net
  70. labels:
  71. name: weave-net
  72. namespace: kube-system
  73. rules:
  74. - apiGroups:
  75. - ''
  76. resourceNames:
  77. - weave-net
  78. resources:
  79. - configmaps
  80. verbs:
  81. - get
  82. - update
  83. - apiGroups:
  84. - ''
  85. resources:
  86. - configmaps
  87. verbs:
  88. - create
  89. - apiVersion: rbac.authorization.k8s.io/v1
  90. kind: RoleBinding
  91. metadata:
  92. name: weave-net
  93. labels:
  94. name: weave-net
  95. namespace: kube-system
  96. roleRef:
  97. kind: Role
  98. name: weave-net
  99. apiGroup: rbac.authorization.k8s.io
  100. subjects:
  101. - kind: ServiceAccount
  102. name: weave-net
  103. namespace: kube-system
  104. - apiVersion: apps/v1
  105. kind: DaemonSet
  106. metadata:
  107. name: weave-net
  108. labels:
  109. name: weave-net
  110. namespace: kube-system
  111. spec:
  112. minReadySeconds: 5
  113. selector:
  114. matchLabels:
  115. name: weave-net
  116. template:
  117. metadata:
  118. labels:
  119. name: weave-net
  120. spec:
  121. priorityClassName: system-node-critical
  122. initContainers:
  123. - name: weave-init
  124. image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
  125. imagePullPolicy: {{ k8s_image_pull_policy }}
  126. command:
  127. - /home/weave/init.sh
  128. env:
  129. securityContext:
  130. privileged: true
  131. volumeMounts:
  132. - name: cni-bin
  133. mountPath: /host/opt
  134. - name: cni-bin2
  135. mountPath: /host/home
  136. - name: cni-conf
  137. mountPath: /host/etc
  138. - name: lib-modules
  139. mountPath: /lib/modules
  140. - name: xtables-lock
  141. mountPath: /run/xtables.lock
  142. readOnly: false
  143. containers:
  144. - name: weave
  145. command:
  146. - /home/weave/launch.sh
  147. env:
  148. - name: INIT_CONTAINER
  149. value: "true"
  150. - name: HOSTNAME
  151. valueFrom:
  152. fieldRef:
  153. apiVersion: v1
  154. fieldPath: spec.nodeName
  155. - name: WEAVE_PASSWORD
  156. valueFrom:
  157. secretKeyRef:
  158. name: weave-net
  159. key: WEAVE_PASSWORD
  160. - name: CHECKPOINT_DISABLE
  161. value: "{{ weave_checkpoint_disable | bool | int }}"
  162. - name: CONN_LIMIT
  163. value: "{{ weave_conn_limit | int }}"
  164. - name: HAIRPIN_MODE
  165. value: "{{ weave_hairpin_mode | bool | lower }}"
  166. - name: IPALLOC_RANGE
  167. value: "{{ weave_ipalloc_range }}"
  168. - name: EXPECT_NPC
  169. value: "{{ weave_expect_npc | bool | int }}"
  170. {% if weave_kube_peers %}
  171. - name: KUBE_PEERS
  172. value: "{{ weave_kube_peers }}"
  173. {% endif %}
  174. {% if weave_ipalloc_init %}
  175. - name: IPALLOC_INIT
  176. value: "{{ weave_ipalloc_init }}"
  177. {% endif %}
  178. {% if weave_expose_ip %}
  179. - name: WEAVE_EXPOSE_IP
  180. value: "{{ weave_expose_ip }}"
  181. {% endif %}
  182. {% if weave_metrics_addr %}
  183. - name: WEAVE_METRICS_ADDR
  184. value: "{{ weave_metrics_addr }}"
  185. {% endif %}
  186. {% if weave_status_addr %}
  187. - name: WEAVE_STATUS_ADDR
  188. value: "{{ weave_status_addr }}"
  189. {% endif %}
  190. {% if weave_iptables_backend %}
  191. - name: IPTABLES_BACKEND
  192. value: "{{ weave_iptables_backend }}"
  193. {% endif %}
  194. - name: WEAVE_MTU
  195. value: "{{ weave_mtu | int }}"
  196. - name: NO_MASQ_LOCAL
  197. value: "{{ weave_no_masq_local | bool | int }}"
  198. {% if weave_extra_args %}
  199. - name: EXTRA_ARGS
  200. value: "{{ weave_extra_args }}"
  201. {% endif %}
  202. image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
  203. imagePullPolicy: {{ k8s_image_pull_policy }}
  204. readinessProbe:
  205. httpGet:
  206. host: 127.0.0.1
  207. path: /status
  208. port: 6784
  209. resources:
  210. requests:
  211. cpu: 50m
  212. securityContext:
  213. privileged: true
  214. volumeMounts:
  215. - name: weavedb
  216. mountPath: /weavedb
  217. - name: dbus
  218. mountPath: /host/var/lib/dbus
  219. readOnly: true
  220. - name: xtables-lock
  221. mountPath: /run/xtables.lock
  222. readOnly: false
  223. - name: weave-npc
  224. env:
  225. - name: HOSTNAME
  226. valueFrom:
  227. fieldRef:
  228. apiVersion: v1
  229. fieldPath: spec.nodeName
  230. image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
  231. imagePullPolicy: {{ k8s_image_pull_policy }}
  232. resources:
  233. requests:
  234. cpu: 50m
  235. securityContext:
  236. privileged: true
  237. volumeMounts:
  238. - name: xtables-lock
  239. mountPath: /run/xtables.lock
  240. readOnly: false
  241. hostNetwork: true
  242. dnsPolicy: ClusterFirstWithHostNet
  243. hostPID: false
  244. restartPolicy: Always
  245. securityContext:
  246. seLinuxOptions: {}
  247. serviceAccountName: weave-net
  248. tolerations:
  249. - operator: Exists
  250. volumes:
  251. - name: weavedb
  252. hostPath:
  253. path: /var/lib/weave
  254. - name: cni-bin
  255. hostPath:
  256. path: /opt
  257. - name: cni-bin2
  258. hostPath:
  259. path: /home
  260. - name: cni-conf
  261. hostPath:
  262. path: /etc
  263. - name: dbus
  264. hostPath:
  265. path: /var/lib/dbus
  266. - name: lib-modules
  267. hostPath:
  268. path: /lib/modules
  269. - name: xtables-lock
  270. hostPath:
  271. path: /run/xtables.lock
  272. type: FileOrCreate
  273. updateStrategy:
  274. rollingUpdate:
  275. maxUnavailable: {{ serial | default('20%') }}
  276. type: RollingUpdate
  277. - apiVersion: v1
  278. kind: Secret
  279. metadata:
  280. name: weave-net
  281. namespace: kube-system
  282. data:
  283. WEAVE_PASSWORD: "{{ weave_password | default("") | b64encode }}"