k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml (about) 1 kind: DaemonSet 2 apiVersion: apps/v1 3 metadata: 4 name: calico-node 5 namespace: kube-system 6 labels: 7 addonmanager.kubernetes.io/mode: Reconcile 8 k8s-app: calico-node 9 spec: 10 selector: 11 matchLabels: 12 k8s-app: calico-node 13 updateStrategy: 14 type: RollingUpdate 15 template: 16 metadata: 17 labels: 18 k8s-app: calico-node 19 spec: 20 priorityClassName: system-node-critical 21 nodeSelector: 22 projectcalico.org/ds-ready: "true" 23 hostNetwork: true 24 serviceAccountName: calico 25 # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force 26 # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. 27 terminationGracePeriodSeconds: 0 28 initContainers: 29 - name: install-cni 30 image: gcr.io/projectcalico-org/cni:v3.19.1 31 command: ["/opt/cni/bin/install"] 32 env: 33 - name: CNI_CONF_NAME 34 value: "10-calico.conflist" 35 - name: CNI_NETWORK_CONFIG 36 value: |- 37 { 38 "name": "k8s-pod-network", 39 "cniVersion": "0.3.1", 40 "plugins": [ 41 { 42 "type": "calico", 43 "log_level": "info", 44 "datastore_type": "kubernetes", 45 "nodename": "__KUBERNETES_NODE_NAME__", 46 "ipam": { 47 "type": "host-local", 48 "subnet": "usePodCidr" 49 }, 50 "policy": { 51 "type": "k8s" 52 }, 53 "kubernetes": { 54 "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" 55 } 56 }, 57 { 58 "type": "portmap", 59 "capabilities": {"portMappings": true}, 60 "snat": true 61 } 62 ] 63 } 64 - name: KUBERNETES_NODE_NAME 65 valueFrom: 66 fieldRef: 67 fieldPath: spec.nodeName 68 # Prevents the container from sleeping forever. 69 - name: SLEEP 70 value: "false" 71 volumeMounts: 72 - mountPath: /host/opt/cni/bin 73 name: cni-bin-dir 74 - mountPath: /host/etc/cni/net.d 75 name: cni-net-dir 76 containers: 77 # Runs calico/node container on each Kubernetes node. This 78 # container programs network policy and routes on each 79 # host. 80 - name: calico-node 81 image: gcr.io/projectcalico-org/node:v3.19.1 82 env: 83 - name: CALICO_MANAGE_CNI 84 value: "true" 85 - name: CALICO_DISABLE_FILE_LOGGING 86 value: "true" 87 - name: CALICO_NETWORKING_BACKEND 88 value: "none" 89 - name: DATASTORE_TYPE 90 value: "kubernetes" 91 - name: FELIX_DEFAULTENDPOINTTOHOSTACTION 92 value: "ACCEPT" 93 - name: FELIX_HEALTHENABLED 94 value: "true" 95 - name: FELIX_IPV6SUPPORT 96 value: "false" 97 - name: FELIX_LOGSEVERITYSYS 98 value: "none" 99 - name: FELIX_LOGSEVERITYSCREEN 100 value: "info" 101 - name: FELIX_PROMETHEUSMETRICSENABLED 102 value: "true" 103 - name: FELIX_REPORTINGINTERVALSECS 104 value: "0" 105 - name: FELIX_TYPHAK8SSERVICENAME 106 value: "calico-typha" 107 - name: FELIX_ROUTETABLERANGE 108 value: "10-250" 109 - name: USE_POD_CIDR 110 value: "true" 111 - name: IP 112 value: "autodetect" 113 - name: NO_DEFAULT_POOLS 114 value: "true" 115 - name: NODENAME 116 valueFrom: 117 fieldRef: 118 fieldPath: spec.nodeName 119 - name: WAIT_FOR_DATASTORE 120 value: "true" 121 securityContext: 122 privileged: true 123 livenessProbe: 124 httpGet: 125 path: /liveness 126 port: 9099 127 host: localhost 128 periodSeconds: 10 129 initialDelaySeconds: 10 130 failureThreshold: 6 131 readinessProbe: 132 httpGet: 133 path: /readiness 134 port: 9099 135 host: localhost 136 periodSeconds: 10 137 volumeMounts: 138 - mountPath: /host/etc/cni/net.d 139 name: cni-net-dir 140 - mountPath: /lib/modules 141 name: lib-modules 142 readOnly: true 143 - mountPath: /etc/calico 144 name: etc-calico 145 readOnly: true 146 - mountPath: /var/run/calico 147 name: var-run-calico 148 readOnly: false 149 - mountPath: /var/lib/calico 150 name: var-lib-calico 151 readOnly: false 152 - mountPath: /run/xtables.lock 153 name: xtables-lock 154 readOnly: false 155 volumes: 156 # Used to ensure proper kmods are installed. 157 - name: lib-modules 158 hostPath: 159 path: /lib/modules 160 # Mount in the Felix config file from the host. 161 - name: etc-calico 162 hostPath: 163 path: /etc/calico 164 # Used to install CNI binaries. 165 - name: cni-bin-dir 166 hostPath: 167 path: __CALICO_CNI_DIR__ 168 # Used to install CNI network config. 169 - name: cni-net-dir 170 hostPath: 171 path: /etc/cni/net.d 172 - name: var-run-calico 173 hostPath: 174 path: /var/run/calico 175 - name: var-lib-calico 176 hostPath: 177 path: /var/lib/calico 178 - name: xtables-lock 179 hostPath: 180 path: /run/xtables.lock 181 type: FileOrCreate 182 tolerations: 183 # Make sure calico/node gets scheduled on all nodes. 184 - effect: NoSchedule 185 operator: Exists 186 - effect: NoExecute 187 operator: Exists 188 - key: CriticalAddonsOnly 189 operator: Exists