Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 1 | # Deploy hosted calico with its own etcd. |
| 2 | |
| 3 | local kube = import "../../../kube/kube.libsonnet"; |
| 4 | |
| 5 | local bindServiceAccountClusterRole(sa, cr) = kube.ClusterRoleBinding(cr.metadata.name) { |
| 6 | roleRef: { |
| 7 | apiGroup: "rbac.authorization.k8s.io", |
| 8 | kind: "ClusterRole", |
| 9 | name: cr.metadata.name, |
| 10 | }, |
| 11 | subjects: [ |
| 12 | { |
| 13 | kind: "ServiceAccount", |
| 14 | name: sa.metadata.name, |
| 15 | namespace: sa.metadata.namespace, |
| 16 | }, |
| 17 | ], |
| 18 | }; |
| 19 | |
| 20 | { |
| 21 | Environment: { |
| 22 | local env = self, |
| 23 | local cfg = env.cfg, |
| 24 | cfg:: { |
| 25 | namespace: "kube-system", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 26 | version: "v3.15.5", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 27 | imageController: "calico/kube-controllers:" + cfg.version, |
| 28 | imageCNI: "calico/cni:" + cfg.version, |
| 29 | imageNode: "calico/node:" + cfg.version, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 30 | // TODO(implr): migrate calico from etcd to apiserver |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 31 | etcd: { |
Serge Bazanski | b0e3693 | 2022-04-04 18:28:35 +0000 | [diff] [blame^] | 32 | endpoints: [ |
| 33 | "https://bc01n01.hswaw.net:2379", |
| 34 | "https://bc01n02.hswaw.net:2379", |
| 35 | "https://dcr01s22.hswaw.net:2379", |
| 36 | "https://dcr01s24.hswaw.net:2379", |
| 37 | ], |
Sergiusz Bazanski | 73cef11 | 2019-04-07 00:06:23 +0200 | [diff] [blame] | 38 | ca: importstr "../../certs/ca-etcd.crt", |
| 39 | cert: importstr "../../certs/etcd-calico.cert", |
| 40 | key: importstr "../../secrets/plain/etcd-calico.key", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 41 | }, |
| 42 | }, |
| 43 | |
| 44 | cm: kube.ConfigMap("calico-config") { |
| 45 | local cm = self, |
| 46 | secretPrefix:: "/calico-secrets/", |
| 47 | |
| 48 | metadata+: { |
| 49 | namespace: cfg.namespace, |
| 50 | }, |
| 51 | |
| 52 | data: { |
| 53 | etcd_endpoints: std.join(",", cfg.etcd.endpoints), |
| 54 | |
| 55 | etcd_ca: cm.secretPrefix + "etcd-ca", |
| 56 | etcd_cert: cm.secretPrefix + "etcd-cert", |
| 57 | etcd_key: cm.secretPrefix + "etcd-key", |
| 58 | |
| 59 | calico_backend: "bird", |
| 60 | veth_mtu: "1440", |
| 61 | |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 62 | typha_service_name: "none", |
| 63 | |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 64 | cni_network_config: ||| |
| 65 | { |
| 66 | "name": "k8s-pod-network", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 67 | "cniVersion": "0.3.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 68 | "plugins": [ |
| 69 | { |
| 70 | "type": "calico", |
| 71 | "log_level": "info", |
| 72 | "etcd_endpoints": "__ETCD_ENDPOINTS__", |
| 73 | "etcd_key_file": "__ETCD_KEY_FILE__", |
| 74 | "etcd_cert_file": "__ETCD_CERT_FILE__", |
| 75 | "etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 76 | "datastore_type": "etcdv3", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 77 | "mtu": __CNI_MTU__, |
| 78 | "ipam": { |
| 79 | "type": "calico-ipam" |
| 80 | }, |
| 81 | "policy": { |
| 82 | "type": "k8s" |
| 83 | }, |
| 84 | "kubernetes": { |
| 85 | "kubeconfig": "__KUBECONFIG_FILEPATH__" |
| 86 | } |
| 87 | }, |
| 88 | { |
| 89 | "type": "portmap", |
| 90 | "snat": true, |
| 91 | "capabilities": {"portMappings": true} |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 92 | }, |
| 93 | { |
| 94 | "type": "bandwidth", |
| 95 | "capabilities": {"bandwidth": true} |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 96 | } |
| 97 | ] |
| 98 | } |
| 99 | ||| |
| 100 | }, |
| 101 | }, |
| 102 | |
| 103 | secrets: kube.Secret("calico-secrets") { |
| 104 | metadata+: { |
| 105 | namespace: cfg.namespace, |
| 106 | }, |
| 107 | |
| 108 | data_: { |
| 109 | "etcd-ca": cfg.etcd.ca, |
| 110 | "etcd-cert": cfg.etcd.cert, |
| 111 | "etcd-key": cfg.etcd.key, |
| 112 | }, |
| 113 | }, |
| 114 | |
| 115 | saNode: kube.ServiceAccount("calico-node") { |
| 116 | metadata+: { |
| 117 | namespace: cfg.namespace, |
| 118 | }, |
| 119 | }, |
| 120 | |
| 121 | crNode: kube.ClusterRole("calico-node") { |
| 122 | rules: [ |
| 123 | { |
| 124 | apiGroups: [""], |
| 125 | resources: ["pods", "nodes", "namespaces"], |
| 126 | verbs: ["get"], |
| 127 | }, |
| 128 | { |
| 129 | apiGroups: [""], |
| 130 | resources: ["endpoints", "services"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 131 | verbs: ["watch", "list", "get"], |
| 132 | }, |
| 133 | { |
| 134 | apiGroups: [""], |
| 135 | resources: ["configmaps"], |
| 136 | verbs: ["get"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 137 | }, |
| 138 | { |
| 139 | apiGroups: [""], |
| 140 | resources: ["nodes/status"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 141 | verbs: ["patch", "update"], |
| 142 | }, |
| 143 | { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 144 | apiGroups: [""], |
| 145 | resources: ["pods/status"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 146 | verbs: ["patch"], |
| 147 | }, |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 148 | { |
| 149 | apiGroups: [""], |
| 150 | resources: ["nodes"], |
| 151 | verbs: ["get", "list", "watch"], |
| 152 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 153 | ], |
| 154 | }, |
| 155 | |
| 156 | crbNode: bindServiceAccountClusterRole(env.saNode, env.crNode), |
| 157 | |
| 158 | saController: kube.ServiceAccount("calico-kube-controllers") { |
| 159 | metadata+: { |
| 160 | namespace: cfg.namespace, |
| 161 | }, |
| 162 | }, |
| 163 | |
| 164 | crController: kube.ClusterRole("calico-kube-controllers") { |
| 165 | rules: [ |
| 166 | { |
| 167 | apiGroups: [""], |
Sergiusz Bazanski | e55493f | 2020-05-30 17:57:05 +0200 | [diff] [blame] | 168 | resources: ["nodes", "pods", "namespaces", "serviceaccounts"], |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 169 | verbs: ["watch", "list", "get"], |
| 170 | }, |
| 171 | { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 172 | apiGroups: ["networking.k8s.io"], |
| 173 | resources: ["networkpolicies"], |
| 174 | verbs: ["watch", "list"], |
| 175 | }, |
| 176 | ], |
| 177 | }, |
| 178 | |
| 179 | crbController: bindServiceAccountClusterRole(env.saController, env.crController), |
| 180 | |
| 181 | controller: kube.Deployment("calico-kube-controllers") { |
| 182 | metadata+: { |
| 183 | namespace: cfg.namespace, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 184 | labels+: { |
| 185 | "k8s-app": "calico-kube-controllers", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 186 | }, |
| 187 | }, |
| 188 | spec+: { |
| 189 | replicas: 1, |
| 190 | strategy: { type: "Recreate" }, |
| 191 | template+: { |
| 192 | spec+: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 193 | nodeSelector: { |
| 194 | "kubernetes.io/os": "linux" |
| 195 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 196 | tolerations: [ |
| 197 | { key: "CriticalAddonsOnly", operator: "Exists" }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 198 | { key: "node-role.kubernetes.io/master", effect: "NoSchedule" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 199 | ], |
| 200 | serviceAccountName: env.saController.metadata.name, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 201 | priorityClassName: "system-cluster-critical", |
| 202 | hostNetwork: true, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 203 | containers_: { |
| 204 | "calico-kube-controllers": kube.Container("calico-kube-controllers") { |
| 205 | image: cfg.imageController, |
| 206 | env_: { |
| 207 | ETCD_ENDPOINTS: kube.ConfigMapRef(env.cm, "etcd_endpoints"), |
| 208 | ETCD_CA_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_ca"), |
| 209 | ETCD_KEY_FILE: kube.ConfigMapRef(env.cm, "etcd_key"), |
| 210 | ETCD_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_cert"), |
| 211 | ENABLED_CONTROLLERS: "policy,namespace,serviceaccount,workloadendpoint,node", |
| 212 | }, |
| 213 | volumeMounts_: { |
| 214 | secrets: { |
| 215 | mountPath: env.cm.secretPrefix, |
| 216 | }, |
| 217 | }, |
| 218 | readinessProbe: { |
| 219 | exec: { |
| 220 | command: [ "/usr/bin/check-status", "-r" ], |
| 221 | }, |
| 222 | }, |
| 223 | }, |
| 224 | }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 225 | volumes_: { |
| 226 | secrets: kube.SecretVolume(env.secrets), |
| 227 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 228 | }, |
| 229 | }, |
| 230 | }, |
| 231 | }, |
| 232 | |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 233 | # ConfigMap that holds overriden bird.cfg.template and bird_ipam.cfg.template. |
| 234 | calicoMetallbBird: kube.ConfigMap("calico-metallb-bird") { |
| 235 | metadata+: { |
| 236 | namespace: cfg.namespace, |
| 237 | }, |
| 238 | data: { |
| 239 | "bird.cfg.template": (importstr "calico-bird.cfg.template"), |
| 240 | "bird_ipam.cfg.template": (importstr "calico-bird-ipam.cfg.template"), |
| 241 | }, |
| 242 | }, |
| 243 | |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 244 | nodeDaemon: kube.DaemonSet("calico-node") { |
| 245 | metadata+: { |
| 246 | namespace: cfg.namespace, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 247 | labels+: { |
| 248 | "k8s-app": "calico-node", |
| 249 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 250 | }, |
| 251 | spec+: { |
| 252 | template+: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 253 | spec+: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 254 | nodeSelector: { |
| 255 | "kubernetes.io/os": "linux" |
| 256 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 257 | hostNetwork: true, |
| 258 | tolerations: [ |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 259 | { effect: "NoSchedule", operator: "Exists" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 260 | { key: "CriticalAddonsOnly", operator: "Exists" }, |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 261 | { effect: "NoExecute", operator: "Exists" }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 262 | ], |
| 263 | serviceAccountName: env.saNode.metadata.name, |
| 264 | terminationGracePeriodSeconds: 0, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 265 | priorityClassName: "system-cluster-critical", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 266 | volumes_: { |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 267 | lib_modules: kube.HostPathVolume("/run/current-system/kernel-modules/lib/modules"), |
| 268 | var_run_calico: kube.HostPathVolume("/var/run/calico"), |
| 269 | var_lib_calico: kube.HostPathVolume("/var/lib/calico"), |
| 270 | xtables_lock: kube.HostPathVolume("/run/xtables.lock"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 271 | cni_bin: kube.HostPathVolume("/opt/cni/bin"), |
| 272 | cni_config: kube.HostPathVolume("/opt/cni/conf"), |
| 273 | secrets: kube.SecretVolume(env.secrets), |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 274 | bird_cfg_template: kube.ConfigMapVolume(env.calicoMetallbBird), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 275 | # TODO flexvol-driver-host, policysync |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 276 | }, |
| 277 | initContainers_: { |
| 278 | installCNI: kube.Container("install-cni") { |
| 279 | image: cfg.imageCNI, |
| 280 | command: ["/install-cni.sh"], |
| 281 | env_: { |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 282 | CNI_CONF_NAME: "10-calico.conflist", |
| 283 | CNI_NETWORK_CONFIG: kube.ConfigMapRef(env.cm, "cni_network_config"), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 284 | ETCD_ENDPOINTS: kube.ConfigMapRef(env.cm, "etcd_endpoints"), |
| 285 | CNI_MTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Bartosz Stebel | eca1e08 | 2021-11-27 01:04:31 +0100 | [diff] [blame] | 286 | # Important: our directory is changed from the default (/etc/cni/net.d) |
| 287 | # to inside /opt/ above in the cni_config HostPathVolume. |
| 288 | # See projectcalico/cni-plugin//k8s-install/scripts/install-cni.sh:24 for reference. |
| 289 | CNI_NET_DIR: "/opt/cni/conf", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 290 | # TODO(implr) needed? |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 291 | CNI_CONF_ETCD_CA_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_ca"), |
| 292 | CNI_CONF_ETCD_KEY_FILE: kube.ConfigMapRef(env.cm, "etcd_key"), |
| 293 | CNI_CONF_ETCD_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_cert"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 294 | SLEEP: "false", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 295 | KUBERNETES_NODE_NAME: { fieldRef: { fieldPath: "spec.nodeName" } }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 296 | }, |
| 297 | volumeMounts_: { |
| 298 | cni_bin: { mountPath: "/host/opt/cni/bin" }, |
| 299 | cni_config: { mountPath: "/host/etc/cni/net.d" }, |
| 300 | secrets: { mountPath: env.cm.secretPrefix }, |
| 301 | }, |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 302 | securityContext: { |
| 303 | privileged: true, |
| 304 | }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 305 | }, |
| 306 | }, |
| 307 | containers_: { |
| 308 | calicoNode: kube.Container("calico-node") { |
| 309 | image: cfg.imageNode, |
| 310 | env_: { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 311 | DATASTORE_TYPE: "etcdv3", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 312 | ETCD_ENDPOINTS: kube.ConfigMapRef(env.cm, "etcd_endpoints"), |
| 313 | ETCD_CA_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_ca"), |
| 314 | ETCD_KEY_FILE: kube.ConfigMapRef(env.cm, "etcd_key"), |
| 315 | ETCD_CERT_FILE: kube.ConfigMapRef(env.cm, "etcd_cert"), |
| 316 | CALICO_K8S_NODE_REF: kube.FieldRef("spec.nodeName"), |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 317 | CALICO_NETWORKING_BACKEND: kube.ConfigMapRef(env.cm, "calico_backend"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 318 | CLUSTER_TYPE: "k8s,bgp", |
Sergiusz Bazanski | e3af1eb | 2019-01-18 09:39:57 +0100 | [diff] [blame] | 319 | IP: "autodetect", |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 320 | IP_AUTODETECTION_METHOD: "can-reach=185.236.240.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 321 | CALICO_IPV4POOL_IPIP: "Always", |
| 322 | FELIX_IPINIPMTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 323 | FELIX_WIREGUARDMTU: kube.ConfigMapRef(env.cm, "veth_mtu"), |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 324 | CALICO_IPV4POOL_CIDR: "10.10.24.0/21", |
| 325 | CALICO_DISABLE_FILE_LOGGING: "true", |
| 326 | FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 327 | FELIX_LOGSEVERITYSCREEN: "info", |
Bartosz Stebel | 12f176c | 2021-06-18 13:12:41 +0200 | [diff] [blame] | 328 | FELIX_IPV6SUPPORT: "false", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 329 | FELIX_HEALTHENABLED: "true", |
Serge Bazanski | d493ab6 | 2019-10-31 17:07:19 +0100 | [diff] [blame] | 330 | FELIX_HEALTHHOST: "127.0.0.1", |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 331 | CALICO_ADVERTISE_CLUSTER_IPS: "10.10.12.0/24", |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 332 | KUBERNETES_NODE_NAME: { fieldRef: { fieldPath: "spec.nodeName" } }, |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 333 | }, |
| 334 | securityContext: { |
| 335 | privileged: true, |
| 336 | }, |
| 337 | resources: { |
| 338 | requests: { cpu: "250m" }, |
| 339 | }, |
| 340 | livenessProbe: { |
Sergiusz Bazanski | d81bf72 | 2020-05-28 16:38:52 +0200 | [diff] [blame] | 341 | exec: { |
| 342 | command: ["/bin/calico-node", "-bird-live", "-felix-live"], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 343 | }, |
| 344 | periodSeconds: 10, |
| 345 | initialDelaySeconds: 10, |
| 346 | failureThreshold: 6, |
| 347 | }, |
| 348 | readinessProbe: { |
| 349 | exec: { |
| 350 | command: ["/bin/calico-node", "-bird-ready", "-felix-ready"], |
| 351 | }, |
| 352 | periodSeconds: 10, |
| 353 | }, |
| 354 | volumeMounts_: { |
| 355 | lib_modules: { mountPath: "/lib/modules" }, |
| 356 | xtables_lock: { mountPath: "/run/xtables.lock" }, |
| 357 | var_run_calico: { mountPath: "/var/run/calico" }, |
| 358 | var_lib_calico: { mountPath: "/var/lib/calico" }, |
| 359 | secrets: { mountPath: env.cm.secretPrefix }, |
| 360 | }, |
Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 361 | volumeMounts+: [ |
| 362 | { name: "bird-cfg-template", |
| 363 | mountPath: "/etc/calico/confd/templates/bird.cfg.template", |
| 364 | subPath: "bird.cfg.template" |
| 365 | }, |
| 366 | { name: "bird-cfg-template", |
| 367 | mountPath: "/etc/calico/confd/templates/bird_ipam.cfg.template", |
| 368 | subPath: "bird_ipam.cfg.template" |
| 369 | }, |
| 370 | ], |
Sergiusz Bazanski | af3be42 | 2019-01-17 18:57:19 +0100 | [diff] [blame] | 371 | }, |
| 372 | }, |
| 373 | }, |
| 374 | }, |
| 375 | }, |
| 376 | }, |
| 377 | }, |
| 378 | } |