github.com/fafucoder/cilium@v1.6.11/install/kubernetes/cilium/charts/preflight/templates/daemonset.yaml (about) 1 apiVersion: apps/v1 2 kind: DaemonSet 3 metadata: 4 name: cilium-pre-flight-check 5 namespace: {{ .Release.Namespace }} 6 spec: 7 selector: 8 matchLabels: 9 k8s-app: cilium-pre-flight-check 10 kubernetes.io/cluster-service: "true" 11 template: 12 metadata: 13 labels: 14 k8s-app: cilium-pre-flight-check 15 kubernetes.io/cluster-service: "true" 16 spec: 17 affinity: 18 podAffinity: 19 requiredDuringSchedulingIgnoredDuringExecution: 20 - labelSelector: 21 matchExpressions: 22 - key: "k8s-app" 23 operator: In 24 values: 25 - cilium 26 topologyKey: "kubernetes.io/hostname" 27 initContainers: 28 - name: clean-cilium-state 29 {{- if contains "/" .Values.image }} 30 image: "{{ .Values.image }}" 31 {{- else }} 32 image: "{{ .Values.global.registry }}/{{ .Values.image }}:{{ .Values.global.tag }}" 33 {{- end }} 34 imagePullPolicy: {{ .Values.global.pullPolicy }} 35 command: ["/bin/echo"] 36 args: 37 - "hello" 38 containers: 39 {{- if contains "/" .Values.image }} 40 - image: "{{ .Values.image }}" 41 {{- else }} 42 - image: "{{ .Values.global.registry }}/{{ .Values.image }}:{{ .Values.global.tag }}" 43 {{- end }} 44 imagePullPolicy: {{ .Values.global.pullPolicy }} 45 name: cilium-pre-flight-check 46 command: ["/bin/sh"] 47 args: 48 - -c 49 - "touch /tmp/ready; sleep 1h" 50 livenessProbe: 51 exec: 52 command: 53 - cat 54 - /tmp/ready 55 initialDelaySeconds: 5 56 periodSeconds: 5 57 readinessProbe: 58 exec: 59 command: 60 - cat 61 - /tmp/ready 62 initialDelaySeconds: 5 63 periodSeconds: 5 64 volumeMounts: 65 - mountPath: /var/run/cilium 66 name: cilium-run 67 {{- if .Values.global.etcd.enabled }} 68 - mountPath: /var/lib/etcd-config 69 name: etcd-config-path 70 readOnly: true 71 {{- if or .Values.global.etcd.ssl .Values.global.etcd.managed }} 72 - mountPath: /var/lib/etcd-secrets 73 name: etcd-secrets 74 readOnly: true 75 {{- end }} 76 {{- end }} 77 78 {{- if ne .Values.tofqdnsPreCache "" }} 79 {{- if contains "/" .Values.image }} 80 - image: "{{ .Values.image }}" 81 {{- else }} 82 - image: "{{ .Values.global.registry }}/{{ .Values.image }}:{{ .Values.global.tag }}" 83 {{- end }} 84 imagePullPolicy: {{ .Values.global.pullPolicy }} 85 name: cilium-pre-flight-check 86 command: ["/bin/sh"] 87 args: 88 - -c 89 - "cilium preflight fqdn-poller --tofqdns-pre-cache {{ .Values.tofqdnsPreCache }} && touch /tmp/ready-tofqdns-precache" 90 livenessProbe: 91 exec: 92 command: 93 - cat 94 - /tmp/read-tofqdns-precachey 95 initialDelaySeconds: 5 96 periodSeconds: 5 97 readinessProbe: 98 exec: 99 command: 100 - cat 101 - /tmp/read-tofqdns-precachey 102 initialDelaySeconds: 5 103 periodSeconds: 5 104 env: 105 {{- if .Values.global.k8sServiceHost }} 106 - name: KUBERNETES_SERVICE_HOST 107 value: {{ .Values.global.k8sServiceHost | quote }} 108 {{- end }} 109 {{- if .Values.global.k8sServicePort }} 110 - name: KUBERNETES_SERVICE_PORT 111 value: {{ .Values.global.k8sServicePort | quote }} 112 {{- end }} 113 volumeMounts: 114 - mountPath: /var/run/cilium 115 name: cilium-run 116 {{- if .Values.global.etcd.enabled }} 117 - mountPath: /var/lib/etcd-config 118 name: etcd-config-path 119 readOnly: true 120 {{- if or .Values.global.etcd.ssl .Values.global.etcd.managed }} 121 - mountPath: /var/lib/etcd-secrets 122 name: etcd-secrets 123 readOnly: true 124 {{- end }} 125 {{- end }} 126 {{- end }} 127 hostNetwork: true 128 # This is here to seamlessly allow migrate-identity to work with 129 # etcd-operator setups. The assumption is that other cases would also 130 # work since the cluster DNS would forward the request on. 131 # This differs from the cilium-agent daemonset, where this is only 132 # enabled when global.etcd.managed=true 133 dnsPolicy: ClusterFirstWithHostNet 134 restartPolicy: Always 135 serviceAccount: cilium 136 serviceAccountName: cilium 137 tolerations: 138 - effect: NoSchedule 139 key: node.kubernetes.io/not-ready 140 - effect: NoSchedule 141 key: node-role.kubernetes.io/master 142 - effect: NoSchedule 143 key: node.cloudprovider.kubernetes.io/uninitialized 144 value: "true" 145 - key: CriticalAddonsOnly 146 operator: "Exists" 147 volumes: 148 # To keep state between restarts / upgrades 149 - hostPath: 150 path: /var/run/cilium 151 type: DirectoryOrCreate 152 name: cilium-run 153 - hostPath: 154 path: /sys/fs/bpf 155 type: DirectoryOrCreate 156 name: bpf-maps 157 {{- if .Values.global.etcd.enabled }} 158 # To read the etcd config stored in config maps 159 - configMap: 160 defaultMode: 420 161 items: 162 - key: etcd-config 163 path: etcd.config 164 name: cilium-config 165 name: etcd-config-path 166 # To read the k8s etcd secrets in case the user might want to use TLS 167 {{- if or .Values.global.etcd.ssl .Values.global.etcd.managed }} 168 - name: etcd-secrets 169 secret: 170 defaultMode: 420 171 optional: true 172 secretName: cilium-etcd-secrets 173 {{- end }} 174 {{- end }}