kubespray/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2

apiVersion: apps/v1
kind: Deployment
metadata:
  name: calico-kube-controllers
  namespace: kube-system
  labels:
    k8s-app: calico-kube-controllers
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      k8s-app: calico-kube-controllers
  template:
    metadata:
      name: calico-kube-controllers
      namespace: kube-system
      labels:
        k8s-app: calico-kube-controllers
    spec:
      nodeSelector:
        {{ calico_policy_controller_deployment_nodeselector }}
{% if calico_datastore == "etcd" %}
      hostNetwork: true
{% endif %}
      serviceAccountName: calico-kube-controllers
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/control-plane
          effect: NoSchedule
{% if policy_controller_extra_tolerations is defined %}
        {{ policy_controller_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }}
{% endif %}
      priorityClassName: system-cluster-critical
      containers:
        - name: calico-kube-controllers
          image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
          imagePullPolicy: {{ k8s_image_pull_policy }}
          resources:
            limits:
              cpu: {{ calico_policy_controller_cpu_limit }}
              memory: {{ calico_policy_controller_memory_limit }}
            requests:
              cpu: {{ calico_policy_controller_cpu_requests }}
              memory: {{ calico_policy_controller_memory_requests }}
          livenessProbe:
            exec:
              command:
              - /usr/bin/check-status
              - -l
            periodSeconds: 10
            initialDelaySeconds: 10
            failureThreshold: 6
          readinessProbe:
            exec:
              command:
              - /usr/bin/check-status
              - -r
            periodSeconds: 10
          env:
            - name: LOG_LEVEL
              value: {{ calico_policy_controller_log_level }}
{% if calico_datastore == "kdd" %}
            - name: ENABLED_CONTROLLERS
              value: node
            - name: DATASTORE_TYPE
              value: kubernetes
{% else %}
            - name: ETCD_ENDPOINTS
              value: "{{ etcd_access_addresses }}"
            - name: ETCD_CA_CERT_FILE
              value: "{{ calico_cert_dir }}/ca_cert.crt"
            - name: ETCD_CERT_FILE
              value: "{{ calico_cert_dir }}/cert.crt"
            - name: ETCD_KEY_FILE
              value: "{{ calico_cert_dir }}/key.pem"
          volumeMounts:
          - mountPath: {{ calico_cert_dir }}
            name: etcd-certs
            readOnly: true
      volumes:
      - hostPath:
          path: {{ calico_cert_dir }}
        name: etcd-certs
{% endif %}