Cyclinder
4 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
7 additions and
13 deletions
-
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
-
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
|
|
|
@ -30,6 +30,8 @@ spec: |
|
|
|
operator: Exists |
|
|
|
- key: node-role.kubernetes.io/control-plane |
|
|
|
effect: NoSchedule |
|
|
|
- key: node-role.kubernetes.io/master |
|
|
|
effect: NoSchedule |
|
|
|
{% if policy_controller_extra_tolerations is defined %} |
|
|
|
{{ policy_controller_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }} |
|
|
|
{% endif %} |
|
|
|
@ -59,6 +61,8 @@ spec: |
|
|
|
- /usr/bin/check-status |
|
|
|
- -r |
|
|
|
periodSeconds: 10 |
|
|
|
securityContext: |
|
|
|
runAsNonRoot: true |
|
|
|
env: |
|
|
|
- name: LOG_LEVEL |
|
|
|
value: {{ calico_policy_controller_log_level }} |
|
|
|
@ -68,6 +72,8 @@ spec: |
|
|
|
- name: DATASTORE_TYPE |
|
|
|
value: kubernetes |
|
|
|
{% else %} |
|
|
|
- name: ENABLED_CONTROLLERS |
|
|
|
value: policy,namespace,serviceaccount,workloadendpoint,node |
|
|
|
- name: ETCD_ENDPOINTS |
|
|
|
value: "{{ etcd_access_addresses }}" |
|
|
|
- name: ETCD_CA_CERT_FILE |
|
|
|
|
|
|
|
@ -19,19 +19,6 @@ rules: |
|
|
|
- watch |
|
|
|
- list |
|
|
|
- get |
|
|
|
- apiGroups: |
|
|
|
- "" |
|
|
|
resources: |
|
|
|
- nodes |
|
|
|
verbs: |
|
|
|
- get |
|
|
|
- apiGroups: |
|
|
|
- networking.k8s.io |
|
|
|
resources: |
|
|
|
- networkpolicies |
|
|
|
verbs: |
|
|
|
- watch |
|
|
|
- list |
|
|
|
{% elif calico_datastore == "kdd" %} |
|
|
|
# Nodes are watched to monitor for deletions. |
|
|
|
- apiGroups: [""] |
|
|
|
@ -67,6 +54,7 @@ rules: |
|
|
|
- blockaffinities |
|
|
|
- ipamblocks |
|
|
|
- ipamhandles |
|
|
|
- tiers |
|
|
|
verbs: |
|
|
|
- get |
|
|
|
- list |
|
|
|
|
