richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5403 Commits
29 Branches
81 Tags
147 MiB
Tree: dbe6eb20c8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dbe6eb20c8'
${ noResults }
kubespray/roles/network_plugin/cilium/templates/cilium-ds.yml.j2

287 lines
8.6 KiB
Raw Normal View History

cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Update Cilium to 1.8.3 (#6629)
4 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Cilium: overwrite auto-detected MTU of underlying network (#6329)
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Fix cilium strict kube proxy replacement in HA (#6473) * Update the cilium svc proxy test to HA mode Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Fix cilium strict kube-proxy in HA Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Add a single global endpoint variable Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Add cilium docs about kube-proxy replacement Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Fix issues in docs Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Fix ImagePullPolicy missing variable usage (#6091)
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Update cilium to 1.8.0 (#6314)
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
improve Cilium metrics support (#6513) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
improve Cilium metrics support (#6513) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
improve Cilium metrics support (#6513) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Update cilium to 1.8.0 (#6314)
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
containerd support (#4664) * Add limited containerd support Containerd support for Ubuntu + Calico * Added CRI-O support for ubuntu * containerd support. * Reset containerd support. * fix lint. * implemented feedback * Change task name cri xx instead of cri-o in reset task and timeout condition. * set crictl to fixed version * Use docker-ce's container.io package for containerd. * Add check containerd is installable or not. * Avoid stop docker when use containerd and optimize retry for reset. * Add config.toml. * Fixed containerd for kubelet.env. * Merge PR #4629 * Remove unused ubuntu variable for containerd * Polish code for containerd and cri-o * Refactoring cri socket configuration. * Configurable conmon. * Remove unused crictl/runc download * Now crictl and runc is downloaded by common crictl.yml. * fixed yamllint error * Fixed brokenfiles by conflict. * Remove commented line in config.toml * Remove readded v1.12.x version * Fixed broken set_docker_image_facts * Fix yamllint errors. * Remove unused apt source * Fix crictl could not be installed * Add containerd config from skolekonov's PR #4601
5 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
containerd support (#4664) * Add limited containerd support Containerd support for Ubuntu + Calico * Added CRI-O support for ubuntu * containerd support. * Reset containerd support. * fix lint. * implemented feedback * Change task name cri xx instead of cri-o in reset task and timeout condition. * set crictl to fixed version * Use docker-ce's container.io package for containerd. * Add check containerd is installable or not. * Avoid stop docker when use containerd and optimize retry for reset. * Add config.toml. * Fixed containerd for kubelet.env. * Merge PR #4629 * Remove unused ubuntu variable for containerd * Polish code for containerd and cri-o * Refactoring cri socket configuration. * Configurable conmon. * Remove unused crictl/runc download * Now crictl and runc is downloaded by common crictl.yml. * fixed yamllint error * Fixed brokenfiles by conflict. * Remove commented line in config.toml * Remove readded v1.12.x version * Fixed broken set_docker_image_facts * Fix yamllint errors. * Remove unused apt source * Fix crictl could not be installed * Add containerd config from skolekonov's PR #4601
5 years ago
Fix indentation in cilium-ds.yml template (#5305)
5 years ago
Add volume and volumeMount for crio-socket This commit fixes #3295
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Update cilium to 1.8.0 (#6314)
4 years ago
Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true (#4843)
5 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Update cilium to 1.8.0 (#6314)
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Fix ImagePullPolicy missing variable usage (#6091)
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Update Cilium to 1.8.3 (#6629)
4 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
containerd support (#4664) * Add limited containerd support Containerd support for Ubuntu + Calico * Added CRI-O support for ubuntu * containerd support. * Reset containerd support. * fix lint. * implemented feedback * Change task name cri xx instead of cri-o in reset task and timeout condition. * set crictl to fixed version * Use docker-ce's container.io package for containerd. * Add check containerd is installable or not. * Avoid stop docker when use containerd and optimize retry for reset. * Add config.toml. * Fixed containerd for kubelet.env. * Merge PR #4629 * Remove unused ubuntu variable for containerd * Polish code for containerd and cri-o * Refactoring cri socket configuration. * Configurable conmon. * Remove unused crictl/runc download * Now crictl and runc is downloaded by common crictl.yml. * fixed yamllint error * Fixed brokenfiles by conflict. * Remove commented line in config.toml * Remove readded v1.12.x version * Fixed broken set_docker_image_facts * Fix yamllint errors. * Remove unused apt source * Fix crictl could not be installed * Add containerd config from skolekonov's PR #4601
5 years ago
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
containerd support (#4664) * Add limited containerd support Containerd support for Ubuntu + Calico * Added CRI-O support for ubuntu * containerd support. * Reset containerd support. * fix lint. * implemented feedback * Change task name cri xx instead of cri-o in reset task and timeout condition. * set crictl to fixed version * Use docker-ce's container.io package for containerd. * Add check containerd is installable or not. * Avoid stop docker when use containerd and optimize retry for reset. * Add config.toml. * Fixed containerd for kubelet.env. * Merge PR #4629 * Remove unused ubuntu variable for containerd * Polish code for containerd and cri-o * Refactoring cri socket configuration. * Configurable conmon. * Remove unused crictl/runc download * Now crictl and runc is downloaded by common crictl.yml. * fixed yamllint error * Fixed brokenfiles by conflict. * Remove commented line in config.toml * Remove readded v1.12.x version * Fixed broken set_docker_image_facts * Fix yamllint errors. * Remove unused apt source * Fix crictl could not be installed * Add containerd config from skolekonov's PR #4601
5 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Add volume and volumeMount for crio-socket This commit fixes #3295
6 years ago
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
Update cilium to 1.8.0 (#6314)
4 years ago
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)...
6 years ago
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings.
5 years ago
  1. apiVersion: apps/v1
  2. kind: DaemonSet
  3. metadata:
  4. labels:
  5. k8s-app: cilium
  6. name: cilium
  7. namespace: kube-system
  8. spec:
  9. selector:
  10. matchLabels:
  11. k8s-app: cilium
  12. template:
  13. metadata:
  14. annotations:
  15. {% if cilium_enable_prometheus %}
  16. prometheus.io/port: "9090"
  17. prometheus.io/scrape: "true"
  18. {% endif %}
  19. scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated","operator":"Equal","value":"master","effect":"NoSchedule"}]'
  20. labels:
  21. k8s-app: cilium
  22. spec:
  23. affinity:
  24. podAntiAffinity:
  25. requiredDuringSchedulingIgnoredDuringExecution:
  26. - labelSelector:
  27. matchExpressions:
  28. - key: k8s-app
  29. operator: In
  30. values:
  31. - cilium
  32. topologyKey: kubernetes.io/hostname
  33. containers:
  34. - args:
  35. - --kvstore=etcd
  36. - --kvstore-opt=etcd.config=/var/lib/etcd-config/etcd.config
  37. - --config-dir=/tmp/cilium/config-map
  38. {% if cilium_mtu != "" %}
  39. - --mtu={{ cilium_mtu }}
  40. {% endif %}
  41. command:
  42. - cilium-agent
  43. env:
  44. - name: K8S_NODE_NAME
  45. valueFrom:
  46. fieldRef:
  47. apiVersion: v1
  48. fieldPath: spec.nodeName
  49. - name: CILIUM_K8S_NAMESPACE
  50. valueFrom:
  51. fieldRef:
  52. apiVersion: v1
  53. fieldPath: metadata.namespace
  54. - name: CILIUM_CLUSTERMESH_CONFIG
  55. value: /var/lib/cilium/clustermesh/
  56. {% if cilium_kube_proxy_replacement == 'strict' %}
  57. - name: KUBERNETES_SERVICE_HOST
  58. value: "{{ kube_apiserver_global_endpoint | urlsplit('hostname') }}"
  59. - name: KUBERNETES_SERVICE_PORT
  60. value: "{{ kube_apiserver_global_endpoint | urlsplit('port') }}"
  61. {% endif %}
  62. image: "{{cilium_image_repo}}:{{cilium_image_tag}}"
  63. imagePullPolicy: {{ k8s_image_pull_policy }}
  64. resources:
  65. limits:
  66. cpu: {{ cilium_cpu_limit }}
  67. memory: {{ cilium_memory_limit }}
  68. requests:
  69. cpu: {{ cilium_cpu_requests }}
  70. memory: {{ cilium_memory_requests }}
  71. lifecycle:
  72. postStart:
  73. exec:
  74. command:
  75. - /cni-install.sh
  76. preStop:
  77. exec:
  78. command:
  79. - /cni-uninstall.sh
  80. livenessProbe:
  81. httpGet:
  82. host: '127.0.0.1'
  83. path: /healthz
  84. port: 9876
  85. scheme: HTTP
  86. httpHeaders:
  87. - name: "brief"
  88. value: "true"
  89. failureThreshold: 10
  90. # The initial delay for the liveness probe is intentionally large to
  91. # avoid an endless kill & restart cycle if in the event that the initial
  92. # bootstrapping takes longer than expected.
  93. initialDelaySeconds: 120
  94. periodSeconds: 30
  95. successThreshold: 1
  96. timeoutSeconds: 5
  97. name: cilium-agent
  98. {% if cilium_enable_prometheus or cilium_enable_hubble_metrics %}
  99. ports:
  100. {% endif %}
  101. {% if cilium_enable_prometheus %}
  102. - containerPort: 9090
  103. hostPort: 9090
  104. name: prometheus
  105. protocol: TCP
  106. {% endif %}
  107. {% if cilium_enable_hubble_metrics %}
  108. - containerPort: 9091
  109. hostPort: 9091
  110. name: hubble-metrics
  111. protocol: TCP
  112. {% endif %}
  113. readinessProbe:
  114. httpGet:
  115. host: '127.0.0.1'
  116. path: /healthz
  117. port: 9876
  118. scheme: HTTP
  119. httpHeaders:
  120. - name: "brief"
  121. value: "true"
  122. failureThreshold: 3
  123. initialDelaySeconds: 5
  124. periodSeconds: 30
  125. successThreshold: 1
  126. timeoutSeconds: 5
  127. securityContext:
  128. capabilities:
  129. add:
  130. - NET_ADMIN
  131. - SYS_MODULE
  132. privileged: true
  133. volumeMounts:
  134. - mountPath: /sys/fs/bpf
  135. name: bpf-maps
  136. - mountPath: /var/run/cilium
  137. name: cilium-run
  138. - mountPath: /host/opt/cni/bin
  139. name: cni-path
  140. - mountPath: /host/etc/cni/net.d
  141. name: etc-cni-netd
  142. {% if container_manager == 'docker' %}
  143. - mountPath: /var/run/docker.sock
  144. name: docker-socket
  145. readOnly: true
  146. {% else %}
  147. - name: "{{ container_manager }}-socket"
  148. mountPath: {{ cri_socket }}
  149. readOnly: true
  150. {% endif %}
  151. - mountPath: /var/lib/etcd-config
  152. name: etcd-config-path
  153. readOnly: true
  154. - mountPath: "{{cilium_cert_dir}}"
  155. name: etcd-secrets
  156. readOnly: true
  157. - mountPath: /var/lib/cilium/clustermesh
  158. name: clustermesh-secrets
  159. readOnly: true
  160. - mountPath: /tmp/cilium/config-map
  161. name: cilium-config-path
  162. readOnly: true
  163. # Needed to be able to load kernel modules
  164. - mountPath: /lib/modules
  165. name: lib-modules
  166. readOnly: true
  167. - mountPath: /run/xtables.lock
  168. name: xtables-lock
  169. dnsPolicy: ClusterFirstWithHostNet
  170. hostNetwork: true
  171. hostPID: false
  172. initContainers:
  173. - command:
  174. - /init-container.sh
  175. env:
  176. - name: CILIUM_ALL_STATE
  177. valueFrom:
  178. configMapKeyRef:
  179. key: clean-cilium-state
  180. name: cilium-config
  181. optional: true
  182. - name: CLEAN_CILIUM_BPF_STATE
  183. valueFrom:
  184. configMapKeyRef:
  185. key: clean-cilium-bpf-state
  186. name: cilium-config
  187. optional: true
  188. - name: CILIUM_WAIT_BPF_MOUNT
  189. valueFrom:
  190. configMapKeyRef:
  191. key: wait-bpf-mount
  192. name: cilium-config
  193. optional: true
  194. image: "{{cilium_init_image_repo}}:{{cilium_init_image_tag}}"
  195. imagePullPolicy: {{ k8s_image_pull_policy }}
  196. name: clean-cilium-state
  197. securityContext:
  198. capabilities:
  199. add:
  200. - NET_ADMIN
  201. privileged: true
  202. volumeMounts:
  203. - mountPath: /sys/fs/bpf
  204. name: bpf-maps
  205. - mountPath: /var/run/cilium
  206. name: cilium-run
  207. resources:
  208. requests:
  209. cpu: 100m
  210. memory: 100Mi
  211. priorityClassName: system-node-critical
  212. restartPolicy: Always
  213. serviceAccount: cilium
  214. serviceAccountName: cilium
  215. terminationGracePeriodSeconds: 1
  216. tolerations:
  217. - operator: Exists
  218. volumes:
  219. # To keep state between restarts / upgrades
  220. - hostPath:
  221. path: /var/run/cilium
  222. type: DirectoryOrCreate
  223. name: cilium-run
  224. # To keep state between restarts / upgrades for bpf maps
  225. - hostPath:
  226. path: /sys/fs/bpf
  227. type: DirectoryOrCreate
  228. name: bpf-maps
  229. {% if container_manager == 'docker' %}
  230. # To read docker events from the node
  231. - hostPath:
  232. path: /var/run/docker.sock
  233. type: Socket
  234. name: docker-socket
  235. {% else %}
  236. # To read crio events from the node
  237. - hostPath:
  238. path: {{ cri_socket }}
  239. type: Socket
  240. name: {{ container_manager }}-socket
  241. {% endif %}
  242. # To install cilium cni plugin in the host
  243. - hostPath:
  244. path: /opt/cni/bin
  245. type: DirectoryOrCreate
  246. name: cni-path
  247. # To install cilium cni configuration in the host
  248. - hostPath:
  249. path: /etc/cni/net.d
  250. type: DirectoryOrCreate
  251. name: etc-cni-netd
  252. # To be able to load kernel modules
  253. - hostPath:
  254. path: /lib/modules
  255. name: lib-modules
  256. # To access iptables concurrently with other processes (e.g. kube-proxy)
  257. - hostPath:
  258. path: /run/xtables.lock
  259. type: FileOrCreate
  260. name: xtables-lock
  261. # To read the etcd config stored in config maps
  262. - configMap:
  263. defaultMode: 420
  264. items:
  265. - key: etcd-config
  266. path: etcd.config
  267. name: cilium-config
  268. name: etcd-config-path
  269. # To read the k8s etcd secrets in case the user might want to use TLS
  270. - name: etcd-secrets
  271. hostPath:
  272. path: "{{cilium_cert_dir}}"
  273. # To read the clustermesh configuration
  274. - name: clustermesh-secrets
  275. secret:
  276. defaultMode: 420
  277. optional: true
  278. secretName: cilium-clustermesh
  279. # To read the configuration from the config map
  280. - configMap:
  281. name: cilium-config
  282. name: cilium-config-path
  283. updateStrategy:
  284. rollingUpdate:
  285. # Specifies the maximum number of Pods that can be unavailable during the update process.
  286. maxUnavailable: 2
  287. type: RollingUpdate