github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/contiv/templates/netplugin.yaml (about) 1 --- 2 apiVersion: rbac.authorization.k8s.io/v1 3 kind: ClusterRoleBinding 4 metadata: 5 name: contiv-netplugin 6 roleRef: 7 apiGroup: rbac.authorization.k8s.io 8 kind: ClusterRole 9 name: contiv-netplugin 10 subjects: 11 - kind: ServiceAccount 12 name: contiv-netplugin 13 namespace: kube-system 14 --- 15 kind: ClusterRole 16 apiVersion: rbac.authorization.k8s.io/v1 17 metadata: 18 name: contiv-netplugin 19 namespace: kube-system 20 rules: 21 - apiGroups: 22 - "" 23 resources: 24 - pods 25 verbs: 26 - get 27 - apiGroups: 28 - "" 29 resources: 30 - services 31 - endpoints 32 verbs: 33 - watch 34 --- 35 apiVersion: v1 36 kind: ServiceAccount 37 metadata: 38 name: contiv-netplugin 39 namespace: kube-system 40 --- 41 # This manifest installs contiv-netplugin container, as well 42 # as the Contiv CNI plugins and network config on 43 # each master and worker node in a Kubernetes cluster. 44 kind: DaemonSet 45 apiVersion: apps/v1 46 metadata: 47 name: contiv-netplugin 48 namespace: kube-system 49 labels: 50 k8s-app: contiv-netplugin 51 spec: 52 selector: 53 matchLabels: 54 k8s-app: contiv-netplugin 55 template: 56 metadata: 57 labels: 58 k8s-app: contiv-netplugin 59 annotations: 60 scheduler.alpha.kubernetes.io/critical-pod: '' 61 spec: 62 hostNetwork: true 63 hostPID: true 64 # Not using tolerations until we implement our taints/tolerations strategy. 65 # tolerations: 66 # - key: node-role.kubernetes.io/master 67 # effect: NoSchedule 68 serviceAccountName: contiv-netplugin 69 containers: 70 # Runs netplugin container on each Kubernetes node. This 71 # container programs network policy and routes on each 72 # host. 73 - name: contiv-netplugin 74 image: "{{ images.contiv_netplugin }}" 75 args: 76 - -pkubernetes 77 env: 78 - name: VLAN_IF 79 valueFrom: 80 configMapKeyRef: 81 name: contiv-config 82 key: vlan_if 83 - name: VTEP_IP 84 valueFrom: 85 fieldRef: 86 fieldPath: status.podIP 87 - name: CONTIV_ETCD 88 valueFrom: 89 configMapKeyRef: 90 name: contiv-config 91 key: cluster_store 92 - name: CONTIV_CNI_CONFIG 93 valueFrom: 94 configMapKeyRef: 95 name: contiv-config 96 key: cni_config 97 - name: CONTIV_CONFIG 98 valueFrom: 99 configMapKeyRef: 100 name: contiv-config 101 key: config 102 securityContext: 103 privileged: true 104 volumeMounts: 105 - mountPath: /etc/openvswitch 106 name: etc-openvswitch 107 readOnly: false 108 - mountPath: /lib/modules 109 name: lib-modules 110 readOnly: false 111 - mountPath: /var/run 112 name: var-run 113 readOnly: false 114 - mountPath: /var/contiv 115 name: var-contiv 116 readOnly: false 117 - mountPath: /opt/cni/bin 118 name: cni-bin-dir 119 readOnly: false 120 - mountPath: /etc/cni/net.d/ 121 name: etc-cni-dir 122 readOnly: false 123 volumes: 124 # Used by contiv-netplugin 125 - name: etc-openvswitch 126 hostPath: 127 path: /etc/openvswitch 128 - name: lib-modules 129 hostPath: 130 path: /lib/modules 131 - name: var-run 132 hostPath: 133 path: /var/run 134 - name: var-contiv 135 hostPath: 136 path: /var/contiv 137 # Used to install Contiv CNI plugin 138 - name: cni-bin-dir 139 hostPath: 140 path: /opt/cni/bin 141 - name: etc-cni-dir 142 hostPath: 143 path: /etc/cni/net.d/