Created
January 26, 2018 21:23
-
-
Save abhi/9a3842f24015edf2bfe4e549e3c5978b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Calico Version v2.6.3 | |
# https://docs.projectcalico.org/v2.6/releases#v2.6.3 | |
# This manifest includes the following component versions: | |
# calico/node:v2.6.3 | |
# calico/cni:v1.11.1 | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: calico-node | |
namespace: kube-system | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
rules: | |
- apiGroups: [""] | |
resources: | |
- namespaces | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: [""] | |
resources: | |
- pods/status | |
verbs: | |
- update | |
- apiGroups: [""] | |
resources: | |
- pods | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: [""] | |
resources: | |
- nodes | |
verbs: | |
- get | |
- list | |
- update | |
- watch | |
- apiGroups: ["extensions"] | |
resources: | |
- networkpolicies | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: ["crd.projectcalico.org"] | |
resources: | |
- globalfelixconfigs | |
- bgppeers | |
- globalbgpconfigs | |
- ippools | |
- globalnetworkpolicies | |
verbs: | |
- create | |
- get | |
- list | |
- update | |
- watch | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: calico-node | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: calico-node | |
subjects: | |
- kind: ServiceAccount | |
name: calico-node | |
namespace: kube-system | |
--- | |
kind: ConfigMap | |
apiVersion: v1 | |
metadata: | |
name: calico-config | |
namespace: kube-system | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
data: | |
cni_network_config: |- | |
{ | |
"name": "k8s-pod-network", | |
"cniVersion": "0.1.0", | |
"type": "calico", | |
"log_level": "info", | |
"datastore_type": "kubernetes", | |
"nodename": "__KUBERNETES_NODE_NAME__", | |
"mtu": 1500, | |
"ipam": { | |
"type": "azure-vnet-ipam", | |
"subnet": "172.16.11.0/24" | |
}, | |
"policy": { | |
"type": "k8s", | |
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" | |
}, | |
"kubernetes": { | |
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__", | |
"kubeconfig": "__KUBECONFIG_FILEPATH__" | |
} | |
} | |
--- | |
kind: DaemonSet | |
apiVersion: extensions/v1beta1 | |
metadata: | |
name: calico-node | |
namespace: kube-system | |
labels: | |
k8s-app: calico-node | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
spec: | |
selector: | |
matchLabels: | |
k8s-app: calico-node | |
template: | |
metadata: | |
labels: | |
k8s-app: calico-node | |
annotations: | |
scheduler.alpha.kubernetes.io/critical-pod: '' | |
spec: | |
hostNetwork: true | |
serviceAccountName: calico-node | |
tolerations: | |
- key: node-role.kubernetes.io/master | |
operator: Equal | |
value: "true" | |
effect: NoSchedule | |
- key: CriticalAddonsOnly | |
operator: Exists | |
containers: | |
- name: calico-node | |
image: quay.io/calico/node:v2.6.3 | |
env: | |
- name: DATASTORE_TYPE | |
value: "kubernetes" | |
- name: FELIX_LOGSEVERITYSCREEN | |
value: "info" | |
- name: CALICO_NETWORKING_BACKEND | |
value: "none" | |
- name: CLUSTER_TYPE | |
value: "k8s,acse" | |
- name: CALICO_DISABLE_FILE_LOGGING | |
value: "true" | |
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION | |
value: "ACCEPT" | |
- name: FELIX_IPV6SUPPORT | |
value: "false" | |
- name: WAIT_FOR_DATASTORE | |
value: "true" | |
- name: CALICO_IPV4POOL_CIDR | |
value: "172.16.11.0/24" | |
- name: CALICO_IPV4POOL_IPIP | |
value: "off" | |
- name: FELIX_IPTABLESREFRESHINTERVAL | |
value: "60" | |
- name: NODENAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
- name: IP | |
value: "" | |
- name: FELIX_HEALTHENABLED | |
value: "true" | |
- name: FELIX_IPINIPENABLED | |
value: "false" | |
securityContext: | |
privileged: true | |
resources: | |
requests: | |
cpu: 250m | |
livenessProbe: | |
httpGet: | |
path: /liveness | |
port: 9099 | |
periodSeconds: 10 | |
initialDelaySeconds: 10 | |
failureThreshold: 6 | |
readinessProbe: | |
httpGet: | |
path: /readiness | |
port: 9099 | |
periodSeconds: 10 | |
volumeMounts: | |
- mountPath: /lib/modules | |
name: lib-modules | |
readOnly: true | |
- mountPath: /var/run/calico | |
name: var-run-calico | |
readOnly: false | |
- name: install-cni | |
image: quay.io/calico/cni:v1.11.1 | |
command: ["/install-cni.sh"] | |
env: | |
- name: CNI_NETWORK_CONFIG | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: cni_network_config | |
- name: KUBERNETES_NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
volumeMounts: | |
- mountPath: /host/opt/cni/bin | |
name: cni-bin-dir | |
- mountPath: /host/etc/cni/net.d | |
name: cni-net-dir | |
volumes: | |
- name: lib-modules | |
hostPath: | |
path: /lib/modules | |
- name: var-run-calico | |
hostPath: | |
path: /var/run/calico | |
- name: cni-bin-dir | |
hostPath: | |
path: /opt/cni/bin | |
- name: cni-net-dir | |
hostPath: | |
path: /etc/cni/net.d | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
description: Calico Global Felix Configuration | |
kind: CustomResourceDefinition | |
metadata: | |
name: globalfelixconfigs.crd.projectcalico.org | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
spec: | |
scope: Cluster | |
group: crd.projectcalico.org | |
version: v1 | |
names: | |
kind: GlobalFelixConfig | |
plural: globalfelixconfigs | |
singular: globalfelixconfig | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
description: Calico Global BGP Configuration | |
kind: CustomResourceDefinition | |
metadata: | |
name: globalbgpconfigs.crd.projectcalico.org | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
spec: | |
scope: Cluster | |
group: crd.projectcalico.org | |
version: v1 | |
names: | |
kind: GlobalBGPConfig | |
plural: globalbgpconfigs | |
singular: globalbgpconfig | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
description: Calico IP Pools | |
kind: CustomResourceDefinition | |
metadata: | |
name: ippools.crd.projectcalico.org | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
spec: | |
scope: Cluster | |
group: crd.projectcalico.org | |
version: v1 | |
names: | |
kind: IPPool | |
plural: ippools | |
singular: ippool | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
description: Calico Global Network Policies | |
kind: CustomResourceDefinition | |
metadata: | |
name: globalnetworkpolicies.crd.projectcalico.org | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" | |
spec: | |
scope: Cluster | |
group: crd.projectcalico.org | |
version: v1 | |
names: | |
kind: GlobalNetworkPolicy | |
plural: globalnetworkpolicies | |
singular: globalnetworkpolicy | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: calico-node | |
namespace: kube-system | |
labels: | |
addonmanager.kubernetes.io/mode: "EnsureExists" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment