88 lines
2.7 KiB
Django/Jinja
88 lines
2.7 KiB
Django/Jinja
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: calico-kube-controllers
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: calico-kube-controllers
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: calico-kube-controllers
|
|
template:
|
|
metadata:
|
|
name: calico-kube-controllers
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: calico-kube-controllers
|
|
spec:
|
|
nodeSelector:
|
|
{{ calico_policy_controller_deployment_nodeselector }}
|
|
{% if calico_datastore == "etcd" %}
|
|
hostNetwork: true
|
|
{% endif %}
|
|
serviceAccountName: calico-kube-controllers
|
|
tolerations:
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
- key: node-role.kubernetes.io/control-plane
|
|
effect: NoSchedule
|
|
{% if policy_controller_extra_tolerations is defined %}
|
|
{{ policy_controller_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }}
|
|
{% endif %}
|
|
priorityClassName: system-cluster-critical
|
|
containers:
|
|
- name: calico-kube-controllers
|
|
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
|
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
|
resources:
|
|
limits:
|
|
cpu: {{ calico_policy_controller_cpu_limit }}
|
|
memory: {{ calico_policy_controller_memory_limit }}
|
|
requests:
|
|
cpu: {{ calico_policy_controller_cpu_requests }}
|
|
memory: {{ calico_policy_controller_memory_requests }}
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /usr/bin/check-status
|
|
- -l
|
|
periodSeconds: 10
|
|
initialDelaySeconds: 10
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /usr/bin/check-status
|
|
- -r
|
|
periodSeconds: 10
|
|
env:
|
|
- name: LOG_LEVEL
|
|
value: {{ calico_policy_controller_log_level }}
|
|
{% if calico_datastore == "kdd" %}
|
|
- name: ENABLED_CONTROLLERS
|
|
value: node
|
|
- name: DATASTORE_TYPE
|
|
value: kubernetes
|
|
{% else %}
|
|
- name: ETCD_ENDPOINTS
|
|
value: "{{ etcd_access_addresses }}"
|
|
- name: ETCD_CA_CERT_FILE
|
|
value: "{{ calico_cert_dir }}/ca_cert.crt"
|
|
- name: ETCD_CERT_FILE
|
|
value: "{{ calico_cert_dir }}/cert.crt"
|
|
- name: ETCD_KEY_FILE
|
|
value: "{{ calico_cert_dir }}/key.pem"
|
|
volumeMounts:
|
|
- mountPath: {{ calico_cert_dir }}
|
|
name: etcd-certs
|
|
readOnly: true
|
|
volumes:
|
|
- hostPath:
|
|
path: {{ calico_cert_dir }}
|
|
name: etcd-certs
|
|
{% endif %}
|