github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/weave/templates/weave.yaml (about) 1 apiVersion: v1 2 kind: List 3 items: 4 - apiVersion: v1 5 kind: ServiceAccount 6 metadata: 7 name: weave-net 8 labels: 9 tier: control-plane 10 name: weave-net 11 namespace: kube-system 12 - apiVersion: rbac.authorization.k8s.io/v1 13 kind: ClusterRole 14 metadata: 15 name: weave-net 16 labels: 17 tier: control-plane 18 name: weave-net 19 rules: 20 - apiGroups: 21 - '' 22 resources: 23 - pods 24 - namespaces 25 - nodes 26 verbs: 27 - get 28 - list 29 - watch 30 - apiGroups: 31 - networking.k8s.io 32 resources: 33 - networkpolicies 34 verbs: 35 - get 36 - list 37 - watch 38 - apiVersion: rbac.authorization.k8s.io/v1 39 kind: ClusterRoleBinding 40 metadata: 41 name: weave-net 42 labels: 43 tier: control-plane 44 name: weave-net 45 roleRef: 46 kind: ClusterRole 47 name: weave-net 48 apiGroup: rbac.authorization.k8s.io 49 subjects: 50 - kind: ServiceAccount 51 name: weave-net 52 namespace: kube-system 53 - apiVersion: rbac.authorization.k8s.io/v1 54 kind: Role 55 metadata: 56 name: weave-net 57 annotations: 58 labels: 59 name: weave-net 60 namespace: kube-system 61 rules: 62 - apiGroups: 63 - '' 64 resourceNames: 65 - weave-net 66 resources: 67 - configmaps 68 verbs: 69 - get 70 - update 71 - apiGroups: 72 - '' 73 resources: 74 - configmaps 75 verbs: 76 - create 77 - apiVersion: rbac.authorization.k8s.io/v1 78 kind: RoleBinding 79 metadata: 80 name: weave-net 81 annotations: 82 labels: 83 name: weave-net 84 namespace: kube-system 85 roleRef: 86 kind: Role 87 name: weave-net 88 apiGroup: rbac.authorization.k8s.io 89 subjects: 90 - kind: ServiceAccount 91 name: weave-net 92 namespace: kube-system 93 - apiVersion: apps/v1 94 kind: DaemonSet 95 metadata: 96 name: weave-net 97 labels: 98 tier: control-plane 99 name: weave-net 100 k8s-app: weave-net 101 namespace: kube-system 102 spec: 103 minReadySeconds: 5 104 template: 105 metadata: 106 labels: 107 name: weave-net 108 k8s-app: weave-net 109 annotations: 110 scheduler.alpha.kubernetes.io/critical-pod: '' 111 spec: 112 containers: 113 - name: weave 114 command: 115 - /home/weave/launch.sh 116 env: 117 - name: HOSTNAME 118 valueFrom: 119 fieldRef: 120 apiVersion: v1 121 fieldPath: spec.nodeName 122 - name: IPALLOC_RANGE 123 value: "{{ kubernetes_pods_cidr }}" 124 - name: WEAVE_PASSWORD 125 value: "{{ cni.options.weave.password }}" 126 image: '{{ images.weave }}' 127 imagePullPolicy: IfNotPresent 128 livenessProbe: 129 httpGet: 130 host: 127.0.0.1 131 path: /status 132 port: 6784 133 initialDelaySeconds: 30 134 resources: 135 requests: 136 cpu: 10m 137 securityContext: 138 privileged: true 139 volumeMounts: 140 - name: weavedb 141 mountPath: /weavedb 142 - name: cni-bin 143 mountPath: /host/opt 144 - name: cni-bin2 145 mountPath: /host/home 146 - name: cni-conf 147 mountPath: /host/etc 148 - name: dbus 149 mountPath: /host/var/lib/dbus 150 - name: lib-modules 151 mountPath: /lib/modules 152 - name: xtables-lock 153 mountPath: /run/xtables.lock 154 - name: weave-npc 155 env: 156 - name: HOSTNAME 157 valueFrom: 158 fieldRef: 159 apiVersion: v1 160 fieldPath: spec.nodeName 161 image: '{{ images.weave_npc }}' 162 imagePullPolicy: IfNotPresent 163 resources: 164 requests: 165 cpu: 10m 166 securityContext: 167 privileged: true 168 volumeMounts: 169 - name: xtables-lock 170 mountPath: /run/xtables.lock 171 hostNetwork: true 172 hostPID: true 173 restartPolicy: Always 174 securityContext: 175 seLinuxOptions: {} 176 serviceAccountName: weave-net 177 tolerations: 178 - effect: NoSchedule 179 operator: Exists 180 volumes: 181 - name: weavedb 182 hostPath: 183 path: /var/lib/weave 184 - name: cni-bin 185 hostPath: 186 path: /opt 187 - name: cni-bin2 188 hostPath: 189 path: /home 190 - name: cni-conf 191 hostPath: 192 path: /etc 193 - name: dbus 194 hostPath: 195 path: /var/lib/dbus 196 - name: lib-modules 197 hostPath: 198 path: /lib/modules 199 - name: xtables-lock 200 hostPath: 201 path: /run/xtables.lock