You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

90 lines
2.6 KiB

# This manifest deploys the Contiv API Server on Kubernetes.
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-netmaster
namespace: {{ system_namespace }}
labels:
k8s-app: contiv-netmaster
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
name: contiv-netmaster
namespace: {{ system_namespace }}
labels:
k8s-app: contiv-netmaster
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
# The netmaster must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
hostPID: true
nodeSelector:
node-role.kubernetes.io/master: "true"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
{% if rbac_enabled %}
serviceAccountName: contiv-netmaster
{% endif %}
containers:
- name: contiv-netmaster
image: {{ contiv_image_repo }}:{{ contiv_image_tag }}
args:
- -m
- -pkubernetes
env:
- name: CONTIV_ETCD
valueFrom:
configMapKeyRef:
name: contiv-config
key: cluster_store
- name: CONTIV_CONFIG
valueFrom:
configMapKeyRef:
name: contiv-config
key: config
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/openvswitch
name: etc-openvswitch
readOnly: false
- mountPath: /lib/modules
name: lib-modules
readOnly: false
- mountPath: /var/run
name: var-run
readOnly: false
- mountPath: /var/contiv
name: var-contiv
readOnly: false
- mountPath: /etc/kubernetes/ssl
name: etc-kubernetes-ssl
readOnly: false
- mountPath: /opt/cni/bin
name: cni-bin-dir
readOnly: false
volumes:
# Used by contiv-netmaster
- name: etc-openvswitch
hostPath:
path: /etc/openvswitch
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run
hostPath:
path: /var/run
- name: var-contiv
hostPath:
path: /var/contiv
- name: etc-kubernetes-ssl
hostPath:
path: /etc/kubernetes/ssl
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin