Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 1 | # Deploy hosted calico with its own etcd. |
| 2 | |
| 3 | local kube = import "../../../kube/kube.libsonnet"; |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 4 | local crdYaml = (std.native("parseYaml"))(importstr "./calico_crd.yml"); |
| 5 | local crdMap = { |
| 6 | [x.metadata.name]: x |
| 7 | for x in crdYaml if x != null |
| 8 | }; |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 9 | |
| 10 | local bindServiceAccountClusterRole(sa, cr) = kube.ClusterRoleBinding(cr.metadata.name) { |
| 11 | roleRef: { |
| 12 | apiGroup: "rbac.authorization.k8s.io", |
| 13 | kind: "ClusterRole", |
| 14 | name: cr.metadata.name, |
| 15 | }, |
| 16 | subjects: [ |
| 17 | { |
| 18 | kind: "ServiceAccount", |
| 19 | name: sa.metadata.name, |
| 20 | namespace: sa.metadata.namespace, |
| 21 | }, |
| 22 | ], |
| 23 | }; |
| 24 | |
| 25 | { |
| 26 | Environment: { |
| 27 | local env = self, |
| 28 | local cfg = env.cfg, |
| 29 | cfg:: { |
| 30 | namespace: "kube-system", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 31 | version: "v3.15.5", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 32 | imageController: "calico/kube-controllers:" + cfg.version, |
| 33 | imageCNI: "calico/cni:" + cfg.version, |
| 34 | imageNode: "calico/node:" + cfg.version, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 35 | }, |
| 36 | |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 37 | crds: crdMap, |
| 38 | |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 39 | cm: kube.ConfigMap("calico-config") { |
| 40 | local cm = self, |
| 41 | secretPrefix:: "/calico-secrets/", |
| 42 | |
| 43 | metadata+: { |
| 44 | namespace: cfg.namespace, |
| 45 | }, |
| 46 | |
| 47 | data: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 48 | calico_backend: "bird", |
| 49 | veth_mtu: "1440", |
| 50 | |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 51 | typha_service_name: "none", |
| 52 | |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 53 | cni_network_config: ||| |
| 54 | { |
| 55 | "name": "k8s-pod-network", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 56 | "cniVersion": "0.3.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 57 | "plugins": [ |
| 58 | { |
| 59 | "type": "calico", |
| 60 | "log_level": "info", |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 61 | "datastore_type": "kubernetes", |
| 62 | "nodename": "__KUBERNETES_NODE_NAME__", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 63 | "mtu": __CNI_MTU__, |
| 64 | "ipam": { |
| 65 | "type": "calico-ipam" |
| 66 | }, |
| 67 | "policy": { |
| 68 | "type": "k8s" |
| 69 | }, |
| 70 | "kubernetes": { |
| 71 | "kubeconfig": "__KUBECONFIG_FILEPATH__" |
| 72 | } |
| 73 | }, |
| 74 | { |
| 75 | "type": "portmap", |
| 76 | "snat": true, |
| 77 | "capabilities": {"portMappings": true} |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 78 | }, |
| 79 | { |
| 80 | "type": "bandwidth", |
| 81 | "capabilities": {"bandwidth": true} |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 82 | } |
| 83 | ] |
| 84 | } |
| 85 | ||| |
| 86 | }, |
| 87 | }, |
| 88 | |
| 89 | secrets: kube.Secret("calico-secrets") { |
| 90 | metadata+: { |
| 91 | namespace: cfg.namespace, |
| 92 | }, |
| 93 | |
| 94 | data_: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 95 | }, |
| 96 | }, |
| 97 | |
| 98 | saNode: kube.ServiceAccount("calico-node") { |
| 99 | metadata+: { |
| 100 | namespace: cfg.namespace, |
| 101 | }, |
| 102 | }, |
| 103 | |
| 104 | crNode: kube.ClusterRole("calico-node") { |
| 105 | rules: [ |
| 106 | { |
| 107 | apiGroups: [""], |
| 108 | resources: ["pods", "nodes", "namespaces"], |
| 109 | verbs: ["get"], |
| 110 | }, |
| 111 | { |
| 112 | apiGroups: [""], |
| 113 | resources: ["endpoints", "services"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 114 | verbs: ["watch", "list", "get"], |
| 115 | }, |
| 116 | { |
| 117 | apiGroups: [""], |
| 118 | resources: ["configmaps"], |
| 119 | verbs: ["get"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 120 | }, |
| 121 | { |
| 122 | apiGroups: [""], |
| 123 | resources: ["nodes/status"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 124 | verbs: ["patch", "update"], |
| 125 | }, |
| 126 | { |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 127 | apiGroups: ["networking.k8s.io"], |
| 128 | resources: ["networkpolicies"], |
| 129 | verbs: ["watch", "list"], |
| 130 | }, |
| 131 | { |
| 132 | apiGroups: [""], |
| 133 | resources: ["pods", "namespaces", "serviceaccounts"], |
| 134 | verbs: ["list", "watch"], |
| 135 | }, |
| 136 | { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 137 | apiGroups: [""], |
| 138 | resources: ["pods/status"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 139 | verbs: ["patch"], |
| 140 | }, |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 141 | { |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 142 | apiGroups: ["crd.projectcalico.org"], |
| 143 | resources: ["globalfelixconfigs", "felixconfigurations", "bgppeers", "globalbgpconfigs", "bgpconfigurations", "ippools", "ipamblocks", "globalnetworkpolicies", "globalnetworksets", "networkpolicies", "networksets", "clusterinformations", "hostendpoints", "blockaffinities"], |
| 144 | verbs: ["get", "list", "watch"], |
| 145 | }, |
| 146 | { |
| 147 | apiGroups: ["crd.projectcalico.org"], |
| 148 | resources: ["ippools", "felixconfigurations", "clusterinformations"], |
| 149 | verbs: ["create", "update"], |
| 150 | }, |
| 151 | { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 152 | apiGroups: [""], |
| 153 | resources: ["nodes"], |
| 154 | verbs: ["get", "list", "watch"], |
| 155 | }, |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 156 | { |
| 157 | apiGroups: ["crd.projectcalico.org"], |
| 158 | resources: ["blockaffinities", "ipamblocks", "ipamhandles"], |
| 159 | verbs: ["get", "list", "create", "update", "delete"], |
| 160 | }, |
| 161 | { |
| 162 | apiGroups: ["crd.projectcalico.org"], |
| 163 | resources: ["ipamconfigs"], |
| 164 | verbs: ["get"], |
| 165 | }, |
| 166 | { |
| 167 | apiGroups: ["crd.projectcalico.org"], |
| 168 | resources: ["blockaffinities"], |
| 169 | verbs: ["watch"], |
| 170 | }, |
| 171 | { |
| 172 | apiGroups: ["apps"], |
| 173 | resources: ["daemonsets"], |
| 174 | verbs: ["get"], |
| 175 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 176 | ], |
| 177 | }, |
| 178 | |
| 179 | crbNode: bindServiceAccountClusterRole(env.saNode, env.crNode), |
| 180 | |
| 181 | saController: kube.ServiceAccount("calico-kube-controllers") { |
| 182 | metadata+: { |
| 183 | namespace: cfg.namespace, |
| 184 | }, |
| 185 | }, |
| 186 | |
| 187 | crController: kube.ClusterRole("calico-kube-controllers") { |
| 188 | rules: [ |
| 189 | { |
| 190 | apiGroups: [""], |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 191 | resources: ["nodes"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 192 | verbs: ["watch", "list", "get"], |
| 193 | }, |
| 194 | { |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 195 | apiGroups: [""], |
| 196 | resources: ["pods"], |
| 197 | verbs: ["get"], |
| 198 | }, |
| 199 | { |
| 200 | apiGroups: ["crd.projectcalico.org"], |
| 201 | resources: ["ippools"], |
| 202 | verbs: ["list"], |
| 203 | }, |
| 204 | { |
| 205 | apiGroups: ["crd.projectcalico.org"], |
| 206 | resources: ["blockaffinities", "ipamblocks", "ipamhandles"], |
| 207 | verbs: ["get", "list", "create", "update", "delete"], |
| 208 | }, |
| 209 | { |
| 210 | apiGroups: ["crd.projectcalico.org"], |
| 211 | resources: ["hostendpoints"], |
| 212 | verbs: ["get", "list", "create", "update", "delete"], |
| 213 | }, |
| 214 | { |
| 215 | apiGroups: ["crd.projectcalico.org"], |
| 216 | resources: ["clusterinformations"], |
| 217 | verbs: ["get", "create", "update"], |
| 218 | }, |
| 219 | { |
| 220 | apiGroups: ["crd.projectcalico.org"], |
| 221 | resources: ["kubecontrollersconfigurations"], |
| 222 | verbs: ["get", "create", "update", "watch"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 223 | }, |
| 224 | ], |
| 225 | }, |
| 226 | |
| 227 | crbController: bindServiceAccountClusterRole(env.saController, env.crController), |
| 228 | |
| 229 | controller: kube.Deployment("calico-kube-controllers") { |
| 230 | metadata+: { |
| 231 | namespace: cfg.namespace, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 232 | labels+: { |
| 233 | "k8s-app": "calico-kube-controllers", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 234 | }, |
| 235 | }, |
| 236 | spec+: { |
| 237 | replicas: 1, |
| 238 | strategy: { type: "Recreate" }, |
| 239 | template+: { |
| 240 | spec+: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 241 | nodeSelector: { |
| 242 | "kubernetes.io/os": "linux" |
| 243 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 244 | tolerations: [ |
| 245 | { key: "CriticalAddonsOnly", operator: "Exists" }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 246 | { key: "node-role.kubernetes.io/master", effect: "NoSchedule" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 247 | ], |
| 248 | serviceAccountName: env.saController.metadata.name, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 249 | priorityClassName: "system-cluster-critical", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 250 | containers_: { |
| 251 | "calico-kube-controllers": kube.Container("calico-kube-controllers") { |
| 252 | image: cfg.imageController, |
| 253 | env_: { |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 254 | DATASTORE_TYPE: "kubernetes", |
| 255 | ENABLED_CONTROLLERS: "node", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 256 | }, |
| 257 | volumeMounts_: { |
| 258 | secrets: { |
| 259 | mountPath: env.cm.secretPrefix, |
| 260 | }, |
| 261 | }, |
| 262 | readinessProbe: { |
| 263 | exec: { |
| 264 | command: [ "/usr/bin/check-status", "-r" ], |
| 265 | }, |
| 266 | }, |
| 267 | }, |
| 268 | }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 269 | volumes_: { |
| 270 | secrets: kube.SecretVolume(env.secrets), |
| 271 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 272 | }, |
| 273 | }, |
| 274 | }, |
| 275 | }, |
| 276 | |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 277 | # ConfigMap that holds overriden bird.cfg.template and bird_ipam.cfg.template. |
| 278 | calicoMetallbBird: kube.ConfigMap("calico-metallb-bird") { |
| 279 | metadata+: { |
| 280 | namespace: cfg.namespace, |
| 281 | }, |
| 282 | data: { |
| 283 | "bird.cfg.template": (importstr "calico-bird.cfg.template"), |
| 284 | "bird_ipam.cfg.template": (importstr "calico-bird-ipam.cfg.template"), |
| 285 | }, |
| 286 | }, |
| 287 | |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 288 | nodeDaemon: kube.DaemonSet("calico-node") { |
| 289 | metadata+: { |
| 290 | namespace: cfg.namespace, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 291 | labels+: { |
| 292 | "k8s-app": "calico-node", |
| 293 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 294 | }, |
| 295 | spec+: { |
| 296 | template+: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 297 | spec+: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 298 | nodeSelector: { |
| 299 | "kubernetes.io/os": "linux" |
| 300 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 301 | hostNetwork: true, |
| 302 | tolerations: [ |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 303 | { effect: "NoSchedule", operator: "Exists" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 304 | { key: "CriticalAddonsOnly", operator: "Exists" }, |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 305 | { effect: "NoExecute", operator: "Exists" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 306 | ], |
| 307 | serviceAccountName: env.saNode.metadata.name, |
| 308 | terminationGracePeriodSeconds: 0, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 309 | priorityClassName: "system-cluster-critical", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 310 | volumes_: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 311 | lib_modules: kube.HostPathVolume("/run/current-system/kernel-modules/lib/modules"), |
| 312 | var_run_calico: kube.HostPathVolume("/var/run/calico"), |
| 313 | var_lib_calico: kube.HostPathVolume("/var/lib/calico"), |
| 314 | xtables_lock: kube.HostPathVolume("/run/xtables.lock"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 315 | cni_bin: kube.HostPathVolume("/opt/cni/bin"), |
| 316 | cni_config: kube.HostPathVolume("/opt/cni/conf"), |
| 317 | secrets: kube.SecretVolume(env.secrets), |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 318 | bird_cfg_template: kube.ConfigMapVolume(env.calicoMetallbBird), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 319 | # TODO flexvol-driver-host, policysync |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 320 | }, |
| 321 | initContainers_: { |
| 322 | installCNI: kube.Container("install-cni") { |
| 323 | image: cfg.imageCNI, |
| 324 | command: ["/install-cni.sh"], |
| 325 | env_: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 326 | CNI_CONF_NAME: "10-calico.conflist", |
| 327 | CNI_NETWORK_CONFIG: kube.ConfigMapRef(env.cm, "cni_network_config"), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 328 | CNI_MTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Bartosz Stebel | eca1e08 | 2021-11-27 01:04:31 +0100 | [diff] [blame] | 329 | # Important: our directory is changed from the default (/etc/cni/net.d) |
| 330 | # to inside /opt/ above in the cni_config HostPathVolume. |
| 331 | # See projectcalico/cni-plugin//k8s-install/scripts/install-cni.sh:24 for reference. |
| 332 | CNI_NET_DIR: "/opt/cni/conf", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 333 | SLEEP: "false", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 334 | KUBERNETES_NODE_NAME: { fieldRef: { fieldPath: "spec.nodeName" } }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 335 | }, |
| 336 | volumeMounts_: { |
| 337 | cni_bin: { mountPath: "/host/opt/cni/bin" }, |
| 338 | cni_config: { mountPath: "/host/etc/cni/net.d" }, |
| 339 | secrets: { mountPath: env.cm.secretPrefix }, |
| 340 | }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 341 | securityContext: { |
| 342 | privileged: true, |
| 343 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 344 | }, |
| 345 | }, |
| 346 | containers_: { |
| 347 | calicoNode: kube.Container("calico-node") { |
| 348 | image: cfg.imageNode, |
| 349 | env_: { |
Bartosz Stebel | 4d98cf5 | 2021-12-01 00:36:02 +0100 | [diff] [blame] | 350 | WAIT_FOR_DATASTORE: "true", |
| 351 | NODENAME: kube.FieldRef("spec.nodeName"), |
| 352 | DATASTORE_TYPE: "kubernetes", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 353 | CALICO_NETWORKING_BACKEND: kube.ConfigMapRef(env.cm, "calico_backend"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 354 | CLUSTER_TYPE: "k8s,bgp", |
Sergiusz Bazanski | e3af1eb | 2019-01-18 09:39:57 +0100 | [diff] [blame] | 355 | IP: "autodetect", |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 356 | IP_AUTODETECTION_METHOD: "can-reach=185.236.240.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 357 | CALICO_IPV4POOL_IPIP: "Always", |
| 358 | FELIX_IPINIPMTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 359 | FELIX_WIREGUARDMTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 360 | CALICO_IPV4POOL_CIDR: "10.10.24.0/21", |
| 361 | CALICO_DISABLE_FILE_LOGGING: "true", |
| 362 | FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 363 | FELIX_LOGSEVERITYSCREEN: "info", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 364 | FELIX_IPV6SUPPORT: "false", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 365 | FELIX_HEALTHENABLED: "true", |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 366 | FELIX_HEALTHHOST: "127.0.0.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 367 | CALICO_ADVERTISE_CLUSTER_IPS: "10.10.12.0/24", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 368 | KUBERNETES_NODE_NAME: { fieldRef: { fieldPath: "spec.nodeName" } }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 369 | }, |
| 370 | securityContext: { |
| 371 | privileged: true, |
| 372 | }, |
| 373 | resources: { |
| 374 | requests: { cpu: "250m" }, |
| 375 | }, |
| 376 | livenessProbe: { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 377 | exec: { |
| 378 | command: ["/bin/calico-node", "-bird-live", "-felix-live"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 379 | }, |
| 380 | periodSeconds: 10, |
| 381 | initialDelaySeconds: 10, |
| 382 | failureThreshold: 6, |
| 383 | }, |
| 384 | readinessProbe: { |
| 385 | exec: { |
| 386 | command: ["/bin/calico-node", "-bird-ready", "-felix-ready"], |
| 387 | }, |
| 388 | periodSeconds: 10, |
| 389 | }, |
| 390 | volumeMounts_: { |
| 391 | lib_modules: { mountPath: "/lib/modules" }, |
| 392 | xtables_lock: { mountPath: "/run/xtables.lock" }, |
| 393 | var_run_calico: { mountPath: "/var/run/calico" }, |
| 394 | var_lib_calico: { mountPath: "/var/lib/calico" }, |
| 395 | secrets: { mountPath: env.cm.secretPrefix }, |
| 396 | }, |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 397 | volumeMounts+: [ |
| 398 | { name: "bird-cfg-template", |
| 399 | mountPath: "/etc/calico/confd/templates/bird.cfg.template", |
| 400 | subPath: "bird.cfg.template" |
| 401 | }, |
| 402 | { name: "bird-cfg-template", |
| 403 | mountPath: "/etc/calico/confd/templates/bird_ipam.cfg.template", |
| 404 | subPath: "bird_ipam.cfg.template" |
| 405 | }, |
| 406 | ], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 407 | }, |
| 408 | }, |
| 409 | }, |
| 410 | }, |
| 411 | }, |
| 412 | }, |
| 413 | }, |
| 414 | } |