forked from contiv/install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
contiv.yaml
195 lines (192 loc) · 5.69 KB
/
contiv.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
# This manifest installs contiv-netplugin container, as well
# as the Contiv CNI plugins and network config on
# each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-netplugin
namespace: kube-system
labels:
k8s-app: contiv-netplugin
spec:
selector:
matchLabels:
k8s-app: contiv-netplugin
template:
metadata:
labels:
k8s-app: contiv-netplugin
spec:
hostNetwork: true
hostPID: true
containers:
# Runs netplugin container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: contiv-netplugin
image: contiv/netplugin:__CONTIV_VERSION__
args:
- -pkubernetes
- -x
env:
- name: VLAN_IF
value: __VLAN_IF__
- name: VTEP_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CONTIV_ETCD
valueFrom:
configMapKeyRef:
name: contiv-config
key: cluster_store
- name: CONTIV_CNI_CONFIG
valueFrom:
configMapKeyRef:
name: contiv-config
key: cni_config
- name: CONTIV_CONFIG
valueFrom:
configMapKeyRef:
name: contiv-config
key: config
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/openvswitch
name: etc-openvswitch
readOnly: false
- mountPath: /lib/modules
name: lib-modules
readOnly: false
- mountPath: /var/run
name: var-run
readOnly: false
- mountPath: /var/contiv
name: var-contiv
readOnly: false
- mountPath: /etc/kubernetes/pki
name: etc-kubernetes-pki
readOnly: false
- mountPath: /etc/kubernetes/ssl
name: etc-kubernetes-ssl
readOnly: false
- mountPath: /opt/cni/bin
name: cni-bin-dir
readOnly: false
- mountPath: /etc/cni/net.d/
name: etc-cni-dir
readOnly: false
volumes:
# Used by contiv-netplugin
- name: etc-openvswitch
hostPath:
path: /etc/openvswitch
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run
hostPath:
path: /var/run
- name: var-contiv
hostPath:
path: /var/contiv
- name: etc-kubernetes-pki
hostPath:
path: /etc/kubernetes/pki
- name: etc-kubernetes-ssl
hostPath:
path: /etc/kubernetes/ssl
# Used to install CNI.
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: etc-cni-dir
hostPath:
path: /etc/cni/net.d/
---
# This manifest deploys the Contiv API Server on Kubernetes.
apiVersion: extensions/v1beta1
kind: ReplicaSet
metadata:
name: contiv-netmaster
namespace: kube-system
labels:
k8s-app: contiv-netmaster
spec:
# The netmaster should have 1, 3, 5 nodes of which one is active at any given time.
# More nodes are desired in a production environment for HA.
replicas: 1
template:
metadata:
name: contiv-netmaster
namespace: kube-system
labels:
k8s-app: contiv-netmaster
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: |
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" },
{"key":"CriticalAddonsOnly", "operator":"Exists"}]
spec:
# Only run this pod on the master.
nodeSelector:
kubeadm.alpha.kubernetes.io/role: master
# The netmaster must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working.
hostNetwork: true
hostPID: true
containers:
- name: contiv-netmaster
image: contiv/netplugin:__CONTIV_VERSION__
args:
- -m
- -pkubernetes
env:
- name: CONTIV_ETCD
valueFrom:
configMapKeyRef:
name: contiv-config
key: cluster_store
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/openvswitch
name: etc-openvswitch
readOnly: false
- mountPath: /lib/modules
name: lib-modules
readOnly: false
- mountPath: /var/run
name: var-run
readOnly: false
- mountPath: /var/contiv
name: var-contiv
readOnly: false
- mountPath: /etc/kubernetes/ssl
name: etc-kubernetes-ssl
readOnly: false
- mountPath: /opt/cni/bin
name: cni-bin-dir
readOnly: false
volumes:
# Used by contiv-netmaster
- name: etc-openvswitch
hostPath:
path: /etc/openvswitch
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run
hostPath:
path: /var/run
- name: var-contiv
hostPath:
path: /var/contiv
- name: etc-kubernetes-ssl
hostPath:
path: /etc/kubernetes/ssl
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
---