github.com/fafucoder/cilium@v1.6.11/install/kubernetes/cilium/charts/nodeinit/templates/daemonset.yaml (about) 1 kind: DaemonSet 2 apiVersion: apps/v1 3 metadata: 4 name: cilium-node-init 5 namespace: {{ .Release.Namespace }} 6 labels: 7 app: cilium-node-init 8 spec: 9 selector: 10 matchLabels: 11 app: cilium-node-init 12 template: 13 metadata: 14 labels: 15 app: cilium-node-init 16 spec: 17 tolerations: 18 - operator: Exists 19 hostPID: true 20 hostNetwork: true 21 containers: 22 - name: node-init 23 image: gcr.io/google-containers/startup-script:v1 24 imagePullPolicy: IfNotPresent 25 securityContext: 26 privileged: true 27 env: 28 # STARTUP_SCRIPT is the script run on node bootstrap. Node 29 # bootstrapping can be customized in this script. 30 - name: STARTUP_SCRIPT 31 value: | 32 #!/bin/bash 33 34 set -o errexit 35 set -o pipefail 36 set -o nounset 37 38 mount | grep "/sys/fs/bpf type bpf" || { 39 # Mount the filesystem until next reboot 40 echo "Mounting BPF filesystem..." 41 mount bpffs /sys/fs/bpf -t bpf 42 43 # Configure systemd to mount after next boot 44 echo "Installing BPF filesystem mount" 45 cat >/tmp/sys-fs-bpf.mount <<EOF 46 [Unit] 47 Description=Mount BPF filesystem (Cilium) 48 Documentation=http://docs.cilium.io/ 49 DefaultDependencies=no 50 Before=local-fs.target umount.target 51 After=swap.target 52 53 [Mount] 54 What=bpffs 55 Where=/sys/fs/bpf 56 Type=bpf 57 58 [Install] 59 WantedBy=multi-user.target 60 EOF 61 62 if [ -d "/etc/systemd/system/" ]; then 63 mv /tmp/sys-fs-bpf.mount /etc/systemd/system/ 64 echo "Installed sys-fs-bpf.mount to /etc/systemd/system/" 65 elif [ -d "/lib/systemd/system/" ]; then 66 mv /tmp/sys-fs-bpf.mount /lib/systemd/system/ 67 echo "Installed sys-fs-bpf.mount to /lib/systemd/system/" 68 fi 69 70 # Ensure that filesystem gets mounted on next reboot 71 systemctl enable sys-fs-bpf.mount 72 systemctl start sys-fs-bpf.mount 73 } 74 75 echo "Link information:" 76 ip link 77 78 echo "Routing table:" 79 ip route 80 81 echo "Addressing:" 82 ip -4 a 83 ip -6 a 84 85 {{- if .Values.azure }} 86 # Azure specific: Transparent bridge mode is required in order 87 # for proxy-redirection to work 88 until [ -f /var/run/azure-vnet.json ]; do 89 echo waiting for azure-vnet to be created 90 sleep 1s 91 done 92 if [ -f /var/run/azure-vnet.json ]; then 93 sed -i 's/"Mode": "bridge",/"Mode": "transparent",/g' /var/run/azure-vnet.json 94 fi 95 {{- end }} 96 97 {{- if .Values.removeCbrBridge }} 98 if ip link show cbr0; then 99 echo "Detected cbr0 bridge. Deleting interface..." 100 ip link del cbr0 101 fi 102 {{- end }} 103 104 {{- if .Values.restartPods }} 105 echo "Restarting kubenet managed pods" 106 if grep -q 'docker' /etc/crictl.yaml; then 107 # Works for COS, ubuntu 108 for f in `find /var/lib/cni/networks/ -type f ! -name lock ! -name last_reserved_ip.0`; do docker rm -f $(cat $f) || true; done 109 else 110 # COS-beta (with containerd) 111 for f in `find /var/lib/cni/networks/ -type f ! -name lock ! -name last_reserved_ip.0`; do crictl stopp $(cat $f) || true; done 112 fi 113 {{- end }} 114 115 {{- if .Values.reconfigureKubelet }} 116 # GKE: Alter the kubelet configuration to run in CNI mode 117 echo "Changing kubelet configuration to --network-plugin=cni --cni-bin-dir={{ .Values.global.cni.binPath }}" 118 mkdir -p {{ .Values.global.cni.binPath }} 119 sed -i "s:--network-plugin=kubenet:--network-plugin=cni\ --cni-bin-dir={{ .Values.global.cni.binPath }}:g" /etc/default/kubelet 120 echo "Restarting kubelet..." 121 systemctl restart kubelet 122 {{- end }} 123 124 {{- if not (eq .Values.global.nodeinit.bootstrapFile "") }} 125 date > {{ .Values.global.nodeinit.bootstrapFile }} 126 {{- end }} 127 echo "Node initialization complete"