github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/contiv/templates/netmaster.yaml (about) 1 --- 2 apiVersion: rbac.authorization.k8s.io/v1 3 kind: ClusterRoleBinding 4 metadata: 5 name: contiv-netmaster 6 roleRef: 7 apiGroup: rbac.authorization.k8s.io 8 kind: ClusterRole 9 name: contiv-netmaster 10 subjects: 11 - kind: ServiceAccount 12 name: contiv-netmaster 13 namespace: kube-system 14 --- 15 kind: ClusterRole 16 apiVersion: rbac.authorization.k8s.io/v1 17 metadata: 18 name: contiv-netmaster 19 namespace: kube-system 20 rules: 21 - apiGroups: 22 - "" 23 - extensions 24 resources: 25 - pods 26 - nodes 27 - namespaces 28 - networkpolicies 29 verbs: 30 - watch 31 - list 32 - update 33 --- 34 apiVersion: v1 35 kind: ServiceAccount 36 metadata: 37 name: contiv-netmaster 38 namespace: kube-system 39 --- 40 # This manifest deploys the Contiv API Server on Kubernetes. 41 apiVersion: apps/v1 42 kind: DaemonSet 43 metadata: 44 name: contiv-netmaster 45 namespace: kube-system 46 labels: 47 k8s-app: contiv-netmaster 48 spec: 49 # The netmaster should have 1, 3, 5 nodes of which one is active at any given time. 50 # More nodes are desired in a production environment for HA. 51 template: 52 metadata: 53 name: contiv-netmaster 54 namespace: kube-system 55 labels: 56 k8s-app: contiv-netmaster 57 annotations: 58 scheduler.alpha.kubernetes.io/critical-pod: '' 59 spec: 60 # The netmaster must run in the host network namespace so that 61 # it isn't governed by policy that would prevent it from working. 62 hostNetwork: true 63 # Not using tolerations until we implement our taints/tolerations strategy. 64 # tolerations: 65 # - key: node-role.kubernetes.io/master 66 # effect: NoSchedule 67 nodeSelector: 68 node-role.kubernetes.io/master: "" 69 serviceAccountName: contiv-netmaster 70 containers: 71 - name: contiv-netmaster 72 image: "{{ images.contiv_netplugin }}" 73 args: 74 - -m 75 - -pkubernetes 76 env: 77 - name: CONTIV_ETCD 78 valueFrom: 79 configMapKeyRef: 80 name: contiv-config 81 key: cluster_store 82 - name: CONTIV_CONFIG 83 valueFrom: 84 configMapKeyRef: 85 name: contiv-config 86 key: config 87 volumeMounts: 88 - mountPath: /var/contiv 89 name: var-contiv 90 readOnly: false 91 - name: contiv-api-proxy 92 image: "{{ images.contiv_authproxy }}" 93 args: 94 - --tls-key-file=/var/contiv/certs/tls.key 95 - --tls-certificate=/var/contiv/certs/tls.crt 96 - --data-store-address=$(CONTIV_ETCD) 97 - --netmaster-address=localhost:9999 98 env: 99 - name: NO_NETMASTER_STARTUP_CHECK 100 value: "0" 101 - name: CONTIV_ETCD 102 valueFrom: 103 configMapKeyRef: 104 name: contiv-config 105 key: cluster_store 106 securityContext: 107 privileged: false 108 volumeMounts: 109 - mountPath: /var/contiv 110 name: var-contiv 111 readOnly: false 112 - mountPath: /var/contiv/certs 113 name: contiv-certs 114 readOnly: true 115 volumes: 116 # Used by contiv-netmaster 117 - name: contiv-certs 118 secret: 119 secretName: "{{ contiv.proxy_server_certs_secret_name }}" 120 - name: var-contiv 121 hostPath: 122 path: /var/contiv