Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 1 | # Deploy hosted calico with its own etcd. |
| 2 | |
| 3 | local kube = import "../../../kube/kube.libsonnet"; |
| 4 | |
| 5 | local bindServiceAccountClusterRole(sa, cr) = kube.ClusterRoleBinding(cr.metadata.name) { |
| 6 | roleRef: { |
| 7 | apiGroup: "rbac.authorization.k8s.io", |
| 8 | kind: "ClusterRole", |
| 9 | name: cr.metadata.name, |
| 10 | }, |
| 11 | subjects: [ |
| 12 | { |
| 13 | kind: "ServiceAccount", |
| 14 | name: sa.metadata.name, |
| 15 | namespace: sa.metadata.namespace, |
| 16 | }, |
| 17 | ], |
| 18 | }; |
| 19 | |
| 20 | { |
| 21 | Environment: { |
| 22 | local env = self, |
| 23 | local cfg = env.cfg, |
| 24 | cfg:: { |
| 25 | namespace: "kube-system", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 26 | version: "v3.15.5", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 27 | imageController: "calico/kube-controllers:" + cfg.version, |
| 28 | imageCNI: "calico/cni:" + cfg.version, |
| 29 | imageNode: "calico/node:" + cfg.version, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 30 | // TODO(implr): migrate calico from etcd to apiserver |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 31 | etcd: { |
| 32 | endpoints: ["https://bc01n%02d.hswaw.net:2379" % n for n in std.range(1, 3)], |
Sergiusz Bazanski | 73cef11 | 2019-04-07 00:06:23 +0200 | [diff] [blame] | 33 | ca: importstr "../../certs/ca-etcd.crt", |
| 34 | cert: importstr "../../certs/etcd-calico.cert", |
| 35 | key: importstr "../../secrets/plain/etcd-calico.key", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 36 | }, |
| 37 | }, |
| 38 | |
| 39 | cm: kube.ConfigMap("calico-config") { |
| 40 | local cm = self, |
| 41 | secretPrefix:: "/calico-secrets/", |
| 42 | |
| 43 | metadata+: { |
| 44 | namespace: cfg.namespace, |
| 45 | }, |
| 46 | |
| 47 | data: { |
| 48 | etcd_endpoints: std.join(",", cfg.etcd.endpoints), |
| 49 | |
| 50 | etcd_ca: cm.secretPrefix + "etcd-ca", |
| 51 | etcd_cert: cm.secretPrefix + "etcd-cert", |
| 52 | etcd_key: cm.secretPrefix + "etcd-key", |
| 53 | |
| 54 | calico_backend: "bird", |
| 55 | veth_mtu: "1440", |
| 56 | |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 57 | typha_service_name: "none", |
| 58 | |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 59 | cni_network_config: ||| |
| 60 | { |
| 61 | "name": "k8s-pod-network", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 62 | "cniVersion": "0.3.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 63 | "plugins": [ |
| 64 | { |
| 65 | "type": "calico", |
| 66 | "log_level": "info", |
| 67 | "etcd_endpoints": "__ETCD_ENDPOINTS__", |
| 68 | "etcd_key_file": "__ETCD_KEY_FILE__", |
| 69 | "etcd_cert_file": "__ETCD_CERT_FILE__", |
| 70 | "etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 71 | "datastore_type": "etcdv3", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 72 | "mtu": __CNI_MTU__, |
| 73 | "ipam": { |
| 74 | "type": "calico-ipam" |
| 75 | }, |
| 76 | "policy": { |
| 77 | "type": "k8s" |
| 78 | }, |
| 79 | "kubernetes": { |
| 80 | "kubeconfig": "__KUBECONFIG_FILEPATH__" |
| 81 | } |
| 82 | }, |
| 83 | { |
| 84 | "type": "portmap", |
| 85 | "snat": true, |
| 86 | "capabilities": {"portMappings": true} |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 87 | }, |
| 88 | { |
| 89 | "type": "bandwidth", |
| 90 | "capabilities": {"bandwidth": true} |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 91 | } |
| 92 | ] |
| 93 | } |
| 94 | ||| |
| 95 | }, |
| 96 | }, |
| 97 | |
| 98 | secrets: kube.Secret("calico-secrets") { |
| 99 | metadata+: { |
| 100 | namespace: cfg.namespace, |
| 101 | }, |
| 102 | |
| 103 | data_: { |
| 104 | "etcd-ca": cfg.etcd.ca, |
| 105 | "etcd-cert": cfg.etcd.cert, |
| 106 | "etcd-key": cfg.etcd.key, |
| 107 | }, |
| 108 | }, |
| 109 | |
| 110 | saNode: kube.ServiceAccount("calico-node") { |
| 111 | metadata+: { |
| 112 | namespace: cfg.namespace, |
| 113 | }, |
| 114 | }, |
| 115 | |
| 116 | crNode: kube.ClusterRole("calico-node") { |
| 117 | rules: [ |
| 118 | { |
| 119 | apiGroups: [""], |
| 120 | resources: ["pods", "nodes", "namespaces"], |
| 121 | verbs: ["get"], |
| 122 | }, |
| 123 | { |
| 124 | apiGroups: [""], |
| 125 | resources: ["endpoints", "services"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 126 | verbs: ["watch", "list", "get"], |
| 127 | }, |
| 128 | { |
| 129 | apiGroups: [""], |
| 130 | resources: ["configmaps"], |
| 131 | verbs: ["get"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 132 | }, |
| 133 | { |
| 134 | apiGroups: [""], |
| 135 | resources: ["nodes/status"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 136 | verbs: ["patch", "update"], |
| 137 | }, |
| 138 | { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 139 | apiGroups: [""], |
| 140 | resources: ["pods/status"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 141 | verbs: ["patch"], |
| 142 | }, |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 143 | { |
| 144 | apiGroups: [""], |
| 145 | resources: ["nodes"], |
| 146 | verbs: ["get", "list", "watch"], |
| 147 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 148 | ], |
| 149 | }, |
| 150 | |
| 151 | crbNode: bindServiceAccountClusterRole(env.saNode, env.crNode), |
| 152 | |
| 153 | saController: kube.ServiceAccount("calico-kube-controllers") { |
| 154 | metadata+: { |
| 155 | namespace: cfg.namespace, |
| 156 | }, |
| 157 | }, |
| 158 | |
| 159 | crController: kube.ClusterRole("calico-kube-controllers") { |
| 160 | rules: [ |
| 161 | { |
| 162 | apiGroups: [""], |
Sergiusz Bazanski | e55493f | 2020-05-30 17:57:05 +0200 | [diff] [blame] | 163 | resources: ["nodes", "pods", "namespaces", "serviceaccounts"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 164 | verbs: ["watch", "list", "get"], |
| 165 | }, |
| 166 | { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 167 | apiGroups: ["networking.k8s.io"], |
| 168 | resources: ["networkpolicies"], |
| 169 | verbs: ["watch", "list"], |
| 170 | }, |
| 171 | ], |
| 172 | }, |
| 173 | |
| 174 | crbController: bindServiceAccountClusterRole(env.saController, env.crController), |
| 175 | |
| 176 | controller: kube.Deployment("calico-kube-controllers") { |
| 177 | metadata+: { |
| 178 | namespace: cfg.namespace, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 179 | labels+: { |
| 180 | "k8s-app": "calico-kube-controllers", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 181 | }, |
| 182 | }, |
| 183 | spec+: { |
| 184 | replicas: 1, |
| 185 | strategy: { type: "Recreate" }, |
| 186 | template+: { |
| 187 | spec+: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 188 | nodeSelector: { |
| 189 | "kubernetes.io/os": "linux" |
| 190 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 191 | tolerations: [ |
| 192 | { key: "CriticalAddonsOnly", operator: "Exists" }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 193 | { key: "node-role.kubernetes.io/master", effect: "NoSchedule" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 194 | ], |
| 195 | serviceAccountName: env.saController.metadata.name, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 196 | priorityClassName: "system-cluster-critical", |
| 197 | hostNetwork: true, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 198 | containers_: { |
| 199 | "calico-kube-controllers": kube.Container("calico-kube-controllers") { |
| 200 | image: cfg.imageController, |
| 201 | env_: { |
| 202 | ETCD_ENDPOINTS: kube.ConfigMapRef(env.cm, "etcd_endpoints"), |
| 203 | ETCD_CA_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_ca"), |
| 204 | ETCD_KEY_FILE: kube.ConfigMapRef(env.cm, "etcd_key"), |
| 205 | ETCD_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_cert"), |
| 206 | ENABLED_CONTROLLERS: "policy,namespace,serviceaccount,workloadendpoint,node", |
| 207 | }, |
| 208 | volumeMounts_: { |
| 209 | secrets: { |
| 210 | mountPath: env.cm.secretPrefix, |
| 211 | }, |
| 212 | }, |
| 213 | readinessProbe: { |
| 214 | exec: { |
| 215 | command: [ "/usr/bin/check-status", "-r" ], |
| 216 | }, |
| 217 | }, |
| 218 | }, |
| 219 | }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 220 | volumes_: { |
| 221 | secrets: kube.SecretVolume(env.secrets), |
| 222 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 223 | }, |
| 224 | }, |
| 225 | }, |
| 226 | }, |
| 227 | |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 228 | # ConfigMap that holds overriden bird.cfg.template and bird_ipam.cfg.template. |
| 229 | calicoMetallbBird: kube.ConfigMap("calico-metallb-bird") { |
| 230 | metadata+: { |
| 231 | namespace: cfg.namespace, |
| 232 | }, |
| 233 | data: { |
| 234 | "bird.cfg.template": (importstr "calico-bird.cfg.template"), |
| 235 | "bird_ipam.cfg.template": (importstr "calico-bird-ipam.cfg.template"), |
| 236 | }, |
| 237 | }, |
| 238 | |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 239 | nodeDaemon: kube.DaemonSet("calico-node") { |
| 240 | metadata+: { |
| 241 | namespace: cfg.namespace, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 242 | labels+: { |
| 243 | "k8s-app": "calico-node", |
| 244 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 245 | }, |
| 246 | spec+: { |
| 247 | template+: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 248 | spec+: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 249 | nodeSelector: { |
| 250 | "kubernetes.io/os": "linux" |
| 251 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 252 | hostNetwork: true, |
| 253 | tolerations: [ |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 254 | { effect: "NoSchedule", operator: "Exists" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 255 | { key: "CriticalAddonsOnly", operator: "Exists" }, |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 256 | { effect: "NoExecute", operator: "Exists" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 257 | ], |
| 258 | serviceAccountName: env.saNode.metadata.name, |
| 259 | terminationGracePeriodSeconds: 0, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 260 | priorityClassName: "system-cluster-critical", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 261 | volumes_: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 262 | lib_modules: kube.HostPathVolume("/run/current-system/kernel-modules/lib/modules"), |
| 263 | var_run_calico: kube.HostPathVolume("/var/run/calico"), |
| 264 | var_lib_calico: kube.HostPathVolume("/var/lib/calico"), |
| 265 | xtables_lock: kube.HostPathVolume("/run/xtables.lock"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 266 | cni_bin: kube.HostPathVolume("/opt/cni/bin"), |
| 267 | cni_config: kube.HostPathVolume("/opt/cni/conf"), |
| 268 | secrets: kube.SecretVolume(env.secrets), |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 269 | bird_cfg_template: kube.ConfigMapVolume(env.calicoMetallbBird), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 270 | # TODO flexvol-driver-host, policysync |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 271 | }, |
| 272 | initContainers_: { |
| 273 | installCNI: kube.Container("install-cni") { |
| 274 | image: cfg.imageCNI, |
| 275 | command: ["/install-cni.sh"], |
| 276 | env_: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 277 | CNI_CONF_NAME: "10-calico.conflist", |
| 278 | CNI_NETWORK_CONFIG: kube.ConfigMapRef(env.cm, "cni_network_config"), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 279 | ETCD_ENDPOINTS: kube.ConfigMapRef(env.cm, "etcd_endpoints"), |
| 280 | CNI_MTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Bartosz Stebel | eca1e08 | 2021-11-27 01:04:31 +0100 | [diff] [blame] | 281 | # Important: our directory is changed from the default (/etc/cni/net.d) |
| 282 | # to inside /opt/ above in the cni_config HostPathVolume. |
| 283 | # See projectcalico/cni-plugin//k8s-install/scripts/install-cni.sh:24 for reference. |
| 284 | CNI_NET_DIR: "/opt/cni/conf", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 285 | # TODO(implr) needed? |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 286 | CNI_CONF_ETCD_CA_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_ca"), |
| 287 | CNI_CONF_ETCD_KEY_FILE: kube.ConfigMapRef(env.cm, "etcd_key"), |
| 288 | CNI_CONF_ETCD_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_cert"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 289 | SLEEP: "false", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 290 | KUBERNETES_NODE_NAME: { fieldRef: { fieldPath: "spec.nodeName" } }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 291 | }, |
| 292 | volumeMounts_: { |
| 293 | cni_bin: { mountPath: "/host/opt/cni/bin" }, |
| 294 | cni_config: { mountPath: "/host/etc/cni/net.d" }, |
| 295 | secrets: { mountPath: env.cm.secretPrefix }, |
| 296 | }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 297 | securityContext: { |
| 298 | privileged: true, |
| 299 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 300 | }, |
| 301 | }, |
| 302 | containers_: { |
| 303 | calicoNode: kube.Container("calico-node") { |
| 304 | image: cfg.imageNode, |
| 305 | env_: { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 306 | DATASTORE_TYPE: "etcdv3", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 307 | ETCD_ENDPOINTS: kube.ConfigMapRef(env.cm, "etcd_endpoints"), |
| 308 | ETCD_CA_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_ca"), |
| 309 | ETCD_KEY_FILE: kube.ConfigMapRef(env.cm, "etcd_key"), |
| 310 | ETCD_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_cert"), |
| 311 | CALICO_K8S_NODE_REF: kube.FieldRef("spec.nodeName"), |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 312 | CALICO_NETWORKING_BACKEND: kube.ConfigMapRef(env.cm, "calico_backend"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 313 | CLUSTER_TYPE: "k8s,bgp", |
Sergiusz Bazanski | e3af1eb | 2019-01-18 09:39:57 +0100 | [diff] [blame] | 314 | IP: "autodetect", |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 315 | IP_AUTODETECTION_METHOD: "can-reach=185.236.240.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 316 | CALICO_IPV4POOL_IPIP: "Always", |
| 317 | FELIX_IPINIPMTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 318 | FELIX_WIREGUARDMTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 319 | CALICO_IPV4POOL_CIDR: "10.10.24.0/21", |
| 320 | CALICO_DISABLE_FILE_LOGGING: "true", |
| 321 | FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 322 | FELIX_LOGSEVERITYSCREEN: "info", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 323 | FELIX_IPV6SUPPORT: "false", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 324 | FELIX_HEALTHENABLED: "true", |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 325 | FELIX_HEALTHHOST: "127.0.0.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 326 | CALICO_ADVERTISE_CLUSTER_IPS: "10.10.12.0/24", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 327 | KUBERNETES_NODE_NAME: { fieldRef: { fieldPath: "spec.nodeName" } }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 328 | }, |
| 329 | securityContext: { |
| 330 | privileged: true, |
| 331 | }, |
| 332 | resources: { |
| 333 | requests: { cpu: "250m" }, |
| 334 | }, |
| 335 | livenessProbe: { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 336 | exec: { |
| 337 | command: ["/bin/calico-node", "-bird-live", "-felix-live"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 338 | }, |
| 339 | periodSeconds: 10, |
| 340 | initialDelaySeconds: 10, |
| 341 | failureThreshold: 6, |
| 342 | }, |
| 343 | readinessProbe: { |
| 344 | exec: { |
| 345 | command: ["/bin/calico-node", "-bird-ready", "-felix-ready"], |
| 346 | }, |
| 347 | periodSeconds: 10, |
| 348 | }, |
| 349 | volumeMounts_: { |
| 350 | lib_modules: { mountPath: "/lib/modules" }, |
| 351 | xtables_lock: { mountPath: "/run/xtables.lock" }, |
| 352 | var_run_calico: { mountPath: "/var/run/calico" }, |
| 353 | var_lib_calico: { mountPath: "/var/lib/calico" }, |
| 354 | secrets: { mountPath: env.cm.secretPrefix }, |
| 355 | }, |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 356 | volumeMounts+: [ |
| 357 | { name: "bird-cfg-template", |
| 358 | mountPath: "/etc/calico/confd/templates/bird.cfg.template", |
| 359 | subPath: "bird.cfg.template" |
| 360 | }, |
| 361 | { name: "bird-cfg-template", |
| 362 | mountPath: "/etc/calico/confd/templates/bird_ipam.cfg.template", |
| 363 | subPath: "bird_ipam.cfg.template" |
| 364 | }, |
| 365 | ], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 366 | }, |
| 367 | }, |
| 368 | }, |
| 369 | }, |
| 370 | }, |
| 371 | }, |
| 372 | }, |
| 373 | } |