richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

3 Commits
45140b5582 ... f3354ce2c9

Author SHA1 Message Date
k8s-infra-cherrypick-robot f3354ce2c9
calico: update calico-kube-controller manifest (#12481)
1 month ago
k8s-infra-cherrypick-robot 7cb6b07c44
Fix: Change "empty" definition for PodSecurity Admission configuration (#12476)
1 month ago
ChengHao Yang 9505e74d6e
Fix: pre-commit failing test (#12484)
1 month ago
4 changed files with 9 additions and 14 deletions
Split View
Diff Options
Show Stats
  1. 1
      .pre-commit-config.yaml
  2. 6
      roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
  3. 14
      roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
  4. 2
      roles/kubernetes/control-plane/templates/podsecurity.yaml.j2

1
.pre-commit-config.yaml
View File

@ -39,6 +39,7 @@ repos:
hooks:
- id: ansible-lint
additional_dependencies:
- ansible
- jmespath==1.0.1
- netaddr==1.3.0
- distlib

6
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
View File

@ -30,6 +30,8 @@ spec:
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
{% if policy_controller_extra_tolerations is defined %}
{{ policy_controller_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }}
{% endif %}
@ -59,6 +61,8 @@ spec:
- /usr/bin/check-status
- -r
periodSeconds: 10
securityContext:
runAsNonRoot: true
env:
- name: LOG_LEVEL
value: {{ calico_policy_controller_log_level }}
@ -68,6 +72,8 @@ spec:
- name: DATASTORE_TYPE
value: kubernetes
{% else %}
- name: ENABLED_CONTROLLERS
value: policy,namespace,serviceaccount,workloadendpoint,node
- name: ETCD_ENDPOINTS
value: "{{ etcd_access_addresses }}"
- name: ETCD_CA_CERT_FILE

14
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
View File

@ -19,19 +19,6 @@ rules:
- watch
- list
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- watch
- list
{% elif calico_datastore == "kdd" %}
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
@ -67,6 +54,7 @@ rules:
- blockaffinities
- ipamblocks
- ipamhandles
- tiers
verbs:
- get
- list

2
roles/kubernetes/control-plane/templates/podsecurity.yaml.j2
View File

@ -1,6 +1,6 @@
{% if kube_pod_security_use_default %}
apiVersion: pod-security.admission.config.k8s.io/v1
kind: PodSecurityConfiguration
{% if kube_pod_security_use_default %}
defaults:
enforce: "{{ kube_pod_security_default_enforce }}"
enforce-version: "{{ kube_pod_security_default_enforce_version }}"

Write Preview
Loading…
Cancel
Save