message
This commit is contained in:
sandervanvugt
parent
50bf7f4975
commit
e8cdf3c2dd
74
calico.yaml
74
calico.yaml
@ -1,8 +1,6 @@
|
|||||||
---
|
---
|
||||||
# Source: calico/templates/calico-kube-controllers.yaml
|
# Source: calico/templates/calico-kube-controllers.yaml
|
||||||
# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
|
# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
|
||||||
#
|
|
||||||
# this is where this comes from: https://github.com/projectcalico/calico/blob/master/manifests/calico.yaml
|
|
||||||
|
|
||||||
apiVersion: policy/v1
|
apiVersion: policy/v1
|
||||||
kind: PodDisruptionBudget
|
kind: PodDisruptionBudget
|
||||||
@ -31,6 +29,13 @@ metadata:
|
|||||||
name: calico-node
|
name: calico-node
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
---
|
---
|
||||||
|
# Source: calico/templates/calico-node.yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: calico-cni-plugin
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
# Source: calico/templates/calico-config.yaml
|
# Source: calico/templates/calico-config.yaml
|
||||||
# This ConfigMap is used to configure a self-hosted Calico installation.
|
# This ConfigMap is used to configure a self-hosted Calico installation.
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@ -1015,7 +1020,7 @@ spec:
|
|||||||
description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
|
description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
|
||||||
with BPF programs regardless of what is the per-interfaces or global
|
with BPF programs regardless of what is the per-interfaces or global
|
||||||
setting. Possible values are Disabled, Strict or Loose. [Default:
|
setting. Possible values are Disabled, Strict or Loose. [Default:
|
||||||
Strict]'
|
Loose]'
|
||||||
type: string
|
type: string
|
||||||
bpfExtToServiceConnmark:
|
bpfExtToServiceConnmark:
|
||||||
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
|
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
|
||||||
@ -4356,7 +4361,7 @@ rules:
|
|||||||
resources:
|
resources:
|
||||||
- serviceaccounts/token
|
- serviceaccounts/token
|
||||||
resourceNames:
|
resourceNames:
|
||||||
- calico-node
|
- calico-cni-plugin
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
# The CNI plugin needs to get pods, nodes, and namespaces.
|
# The CNI plugin needs to get pods, nodes, and namespaces.
|
||||||
@ -4373,7 +4378,7 @@ rules:
|
|||||||
resources:
|
resources:
|
||||||
- endpointslices
|
- endpointslices
|
||||||
verbs:
|
verbs:
|
||||||
- watch
|
- watch
|
||||||
- list
|
- list
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources:
|
resources:
|
||||||
@ -4511,6 +4516,41 @@ rules:
|
|||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
---
|
---
|
||||||
|
# Source: calico/templates/calico-node-rbac.yaml
|
||||||
|
# CNI cluster role
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: calico-cni-plugin
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- nodes
|
||||||
|
- namespaces
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- pods/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
|
- apiGroups: ["crd.projectcalico.org"]
|
||||||
|
resources:
|
||||||
|
- blockaffinities
|
||||||
|
- ipamblocks
|
||||||
|
- ipamhandles
|
||||||
|
- clusterinformations
|
||||||
|
- ippools
|
||||||
|
- ipreservations
|
||||||
|
- ipamconfigs
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- delete
|
||||||
|
---
|
||||||
# Source: calico/templates/calico-kube-controllers-rbac.yaml
|
# Source: calico/templates/calico-kube-controllers-rbac.yaml
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
@ -4539,6 +4579,20 @@ subjects:
|
|||||||
name: calico-node
|
name: calico-node
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
---
|
---
|
||||||
|
# Source: calico/templates/calico-node-rbac.yaml
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: calico-cni-plugin
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: calico-cni-plugin
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: calico-cni-plugin
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
# Source: calico/templates/calico-node.yaml
|
# Source: calico/templates/calico-node.yaml
|
||||||
# This manifest installs the calico-node container, as well
|
# This manifest installs the calico-node container, as well
|
||||||
# as the CNI plugins and network config on
|
# as the CNI plugins and network config on
|
||||||
@ -4585,7 +4639,7 @@ spec:
|
|||||||
# It can be deleted if this is a fresh installation, or if you have already
|
# It can be deleted if this is a fresh installation, or if you have already
|
||||||
# upgraded to use calico-ipam.
|
# upgraded to use calico-ipam.
|
||||||
- name: upgrade-ipam
|
- name: upgrade-ipam
|
||||||
image: docker.io/calico/cni:master
|
image: docker.io/calico/cni:v3.26.0
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
|
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
|
||||||
envFrom:
|
envFrom:
|
||||||
@ -4613,7 +4667,7 @@ spec:
|
|||||||
# This container installs the CNI binaries
|
# This container installs the CNI binaries
|
||||||
# and CNI network config file on each node.
|
# and CNI network config file on each node.
|
||||||
- name: install-cni
|
- name: install-cni
|
||||||
image: docker.io/calico/cni:master
|
image: docker.io/calico/cni:v3.26.0
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["/opt/cni/bin/install"]
|
command: ["/opt/cni/bin/install"]
|
||||||
envFrom:
|
envFrom:
|
||||||
@ -4656,7 +4710,7 @@ spec:
|
|||||||
# i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
|
# i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
|
||||||
# in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
|
# in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
|
||||||
- name: "mount-bpffs"
|
- name: "mount-bpffs"
|
||||||
image: docker.io/calico/node:master
|
image: docker.io/calico/node:v3.26.0
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["calico-node", "-init", "-best-effort"]
|
command: ["calico-node", "-init", "-best-effort"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -4682,7 +4736,7 @@ spec:
|
|||||||
# container programs network policy and routes on each
|
# container programs network policy and routes on each
|
||||||
# host.
|
# host.
|
||||||
- name: calico-node
|
- name: calico-node
|
||||||
image: docker.io/calico/node:master
|
image: docker.io/calico/node:v3.26.0
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
@ -4899,7 +4953,7 @@ spec:
|
|||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
containers:
|
containers:
|
||||||
- name: calico-kube-controllers
|
- name: calico-kube-controllers
|
||||||
image: docker.io/calico/kube-controllers:master
|
image: docker.io/calico/kube-controllers:v3.26.0
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
env:
|
env:
|
||||||
# Choose which controllers to run.
|
# Choose which controllers to run.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user