github.com/zhyoulun/cilium@v1.6.12/tests/k8s/cluster/cilium/cilium-lb-ds.yaml.sed

github.com/zhyoulun/cilium@v1.6.12/tests/k8s/cluster/cilium/cilium-lb-ds.yaml.sed (about)

     1  apiVersion: extensions/v1beta1
     2  kind: DaemonSet
     3  metadata:
     4    name: cilium-lb
     5    namespace: kube-system
     6  spec:
     7    template:
     8      metadata:
     9        labels:
    10          k8s-app: cilium
    11          kubernetes.io/cluster-service: "true"
    12        annotations:
    13         # This annotation plus the CriticalAddonsOnly toleration makes
    14         # cilium to be a critical pod in the cluster, which ensures cilium
    15         # gets priority scheduling.
    16         # https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
    17          scheduler.alpha.kubernetes.io/critical-pod: ''
    18  
    19      spec:
    20        serviceAccountName: cilium
    21        containers:
    22        - image: cilium/cilium:local_build
    23          imagePullPolicy: Never
    24          name: cilium-agent
    25          command: [ "cilium-agent" ]
    26          args:
    27            - "--debug"
    28            - "--lb"
    29            - "$(IFACE)"
    30            - "-d"
    31            - "$(IFACE)"
    32            - "--kvstore"
    33            - "etcd"
    34            - "--kvstore-opt"
    35            - "etcd.config=/var/lib/cilium/etcd-config.yml"
    36            - "--k8s-kubeconfig-path"
    37            - "/var/lib/cilium/kubeconfig"
    38          lifecycle:
    39            postStart:
    40              exec:
    41                command:
    42                  - "/cni-install.sh"
    43            preStop:
    44              exec:
    45                command:
    46                  - "/cni-uninstall.sh"
    47          env:
    48            - name: "K8S_NODE_NAME"
    49              valueFrom:
    50                fieldRef:
    51                  fieldPath: spec.nodeName
    52            - name: "IFACE"
    53              value: "$iface"
    54            - name: "DISABLE_IPV4"
    55              value: "$disable_ipv4"
    56          volumeMounts:
    57            - name: bpf-maps
    58              mountPath: /sys/fs/bpf
    59            - name: cilium-run
    60              mountPath: /var/run/cilium
    61            - name: cilium-lib
    62              mountPath: /var/lib/cilium
    63            - name: cni-path
    64              mountPath: /host/opt/cni/bin
    65            - name: etc-cni-netd
    66              mountPath: /host/etc/cni/net.d
    67            - name: docker-socket
    68              mountPath: /var/run/docker.sock
    69              readOnly: true
    70          securityContext:
    71            capabilities:
    72              add:
    73                - "NET_ADMIN"
    74            privileged: true
    75        hostNetwork: true
    76        volumes:
    77          - name: cilium-run
    78            hostPath:
    79              path: /var/run/cilium
    80          - name: cilium-lib
    81            hostPath:
    82              path: /var/lib/cilium
    83          - name: cni-path
    84            hostPath:
    85              path: /opt/cni/bin
    86          - name: bpf-maps
    87            hostPath:
    88              path: /sys/fs/bpf
    89          - name: docker-socket
    90            hostPath:
    91              path: /var/run/docker.sock
    92          - name: etc-cni-netd
    93            hostPath:
    94                path: /etc/cni/net.d
    95        tolerations:
    96        # Mark cilium's pod as critical for rescheduling
    97        - key: CriticalAddonsOnly
    98          operator: "Exists"