You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
---apiVersion: v1kind: Listitems: - apiVersion: v1 kind: ServiceAccount metadata: name: weave-net labels: name: weave-net namespace: {{ system_namespace }} - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-net labels: name: weave-net rules: - apiGroups: - '' resources: - pods - namespaces - nodes verbs: - get - list - watch - apiGroups: - extensions resources: - networkpolicies verbs: - get - list - watch - apiGroups: - 'networking.k8s.io' resources: - networkpolicies verbs: - get - list - watch - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: weave-net namespace: kube-system labels: name: weave-net rules: - apiGroups: - '' resources: - configmaps resourceNames: - weave-net verbs: - get - update - apiGroups: - '' resources: - configmaps verbs: - create - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-net labels: name: weave-net roleRef: kind: ClusterRole name: weave-net apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: weave-net namespace: kube-system - apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: weave-net labels: name: weave-net version: {{ weave_version }} namespace: {{ system_namespace }} spec: template: metadata: labels: name: weave-net spec: containers: - name: weave command:{% if weave_mode_seed == true %} - /bin/sh - -c - export EXTRA_ARGS=--name=$(cat /sys/class/net/{{ ansible_default_ipv4['interface'] }}/address) && /home/weave/launch.sh{% else %} - /home/weave/launch.sh{% endif %} env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: WEAVE_MTU value: "{{ weave_mtu }}" - name: IPALLOC_RANGE value: {{ kube_pods_subnet }}{% if weave_mode_seed == true %} - name: KUBE_PEERS value: {{ peers }} - name: IPALLOC_INIT value: seed={{ seed }}{% endif %} - name: WEAVE_PASSWORD value: {{ weave_password }} image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} imagePullPolicy: Always livenessProbe: httpGet: host: 127.0.0.1 path: /status port: 6784 initialDelaySeconds: 30 resources: requests: cpu: 10m securityContext: privileged: true volumeMounts: - name: weavedb mountPath: /weavedb - name: cni-bin mountPath: /host/opt - name: cni-bin2 mountPath: /host/home - name: cni-conf mountPath: /host/etc - name: dbus mountPath: /host/var/lib/dbus - name: lib-modules mountPath: /lib/modules - name: xtables-lock mountPath: /run/xtables.lock readOnly: false - name: weave-npc image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }} imagePullPolicy: Always resources: requests: cpu: {{ weave_cpu_requests }} memory: {{ weave_memory_requests }} limits: cpu: {{ weave_cpu_limit }} memory: {{ weave_memory_limit }} securityContext: privileged: true hostNetwork: true hostPID: true restartPolicy: Always securityContext: seLinuxOptions: {} serviceAccountName: weave-net tolerations: - effect: NoSchedule operator: Exists volumes: - name: weavedb hostPath: path: /var/lib/weave - name: cni-bin hostPath: path: /opt - name: cni-bin2 hostPath: path: /home - name: cni-conf hostPath: path: /etc - name: dbus hostPath: path: /var/lib/dbus - name: lib-modules hostPath: path: /lib/modules - name: xtables-lock hostPath: path: /run/xtables.lock updateStrategy: rollingUpdate: maxUnavailable: {{ serial | default('20%') }} type: RollingUpdate
|
