kubespray/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2

88 lines
2.7 KiB
Django/Jinja

apiVersion: apps/v1
kind: Deployment
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
k8s-app: calico-kube-controllers
template:
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
spec:
nodeSelector:
{{ calico_policy_controller_deployment_nodeselector }}
{% if calico_datastore == "etcd" %}
hostNetwork: true
{% endif %}
serviceAccountName: calico-kube-controllers
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
{% if policy_controller_extra_tolerations is defined %}
{{ policy_controller_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }}
{% endif %}
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
limits:
cpu: {{ calico_policy_controller_cpu_limit }}
memory: {{ calico_policy_controller_memory_limit }}
requests:
cpu: {{ calico_policy_controller_cpu_requests }}
memory: {{ calico_policy_controller_memory_requests }}
livenessProbe:
exec:
command:
- /usr/bin/check-status
- -l
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
exec:
command:
- /usr/bin/check-status
- -r
periodSeconds: 10
env:
- name: LOG_LEVEL
value: {{ calico_policy_controller_log_level }}
{% if calico_datastore == "kdd" %}
- name: ENABLED_CONTROLLERS
value: node
- name: DATASTORE_TYPE
value: kubernetes
{% else %}
- name: ETCD_ENDPOINTS
value: "{{ etcd_access_addresses }}"
- name: ETCD_CA_CERT_FILE
value: "{{ calico_cert_dir }}/ca_cert.crt"
- name: ETCD_CERT_FILE
value: "{{ calico_cert_dir }}/cert.crt"
- name: ETCD_KEY_FILE
value: "{{ calico_cert_dir }}/key.pem"
volumeMounts:
- mountPath: {{ calico_cert_dir }}
name: etcd-certs
readOnly: true
volumes:
- hostPath:
path: {{ calico_cert_dir }}
name: etcd-certs
{% endif %}