diff --git a/prog/weave-kube/weave-daemonset-k8s-HEAD.yaml b/prog/weave-kube/weave-daemonset-k8s-HEAD.yaml deleted file mode 100644 index 0433982abb..0000000000 --- a/prog/weave-kube/weave-daemonset-k8s-HEAD.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# -# WARNING: This YAML file applies to Kubernetes at HEAD (currently around v1.6.0-alpha.2) -# -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: weave-net -rules: -- apiGroups: - - "" - resources: - - pods - - namespaces - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - networkpolicies - verbs: - - get - - list - - watch ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: weave-net - namespace: kube-system ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: weave-net -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: weave-net -subjects: -- kind: ServiceAccount - name: weave-net - namespace: kube-system ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: weave-net - namespace: kube-system -spec: - template: - metadata: - labels: - name: weave-net - annotations: - # TODO: Move this field to the Tolerations property of PodSpec once it's possible - scheduler.alpha.kubernetes.io/tolerations: | - [ - { - "key": "dedicated", - "operator": "Equal", - "value": "master", - "effect": "NoSchedule" - } - ] - spec: - hostNetwork: true - hostPID: true - containers: - - name: weave - image: weaveworks/weave-kube:latest - imagePullPolicy: Always - command: - - /home/weave/launch.sh - livenessProbe: - initialDelaySeconds: 30 - httpGet: - host: 127.0.0.1 - path: /status - port: 6784 - securityContext: - privileged: true - volumeMounts: - - name: weavedb - mountPath: /weavedb - - name: cni-bin - mountPath: /host/opt - - name: cni-bin2 - mountPath: /host/home - - name: cni-conf - mountPath: /host/etc - - name: dbus - mountPath: /host/var/lib/dbus - resources: - requests: - cpu: 10m - - name: weave-npc - image: weaveworks/weave-npc:latest - imagePullPolicy: Always - resources: - requests: - cpu: 10m - securityContext: - privileged: true - restartPolicy: Always - serviceAccountName: weave-net - securityContext: - seLinuxOptions: - type: spc_t - volumes: - - name: weavedb - emptyDir: {} - - name: cni-bin - hostPath: - path: /opt - - name: cni-bin2 - hostPath: - path: /home - - name: cni-conf - hostPath: - path: /etc - - name: dbus - hostPath: - path: /var/lib/dbus diff --git a/prog/weave-kube/weave-daemonset.yaml b/prog/weave-kube/weave-daemonset.yaml index 15140679ff..0433982abb 100644 --- a/prog/weave-kube/weave-daemonset.yaml +++ b/prog/weave-kube/weave-daemonset.yaml @@ -1,3 +1,49 @@ +# +# WARNING: This YAML file applies to Kubernetes at HEAD (currently around v1.6.0-alpha.2) +# +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: weave-net +rules: +- apiGroups: + - "" + resources: + - pods + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - networkpolicies + verbs: + - get + - list + - watch +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: weave-net + namespace: kube-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: weave-net +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: weave-net +subjects: +- kind: ServiceAccount + name: weave-net + namespace: kube-system +--- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: @@ -9,6 +55,7 @@ spec: labels: name: weave-net annotations: + # TODO: Move this field to the Tolerations property of PodSpec once it's possible scheduler.alpha.kubernetes.io/tolerations: | [ { @@ -58,6 +105,10 @@ spec: securityContext: privileged: true restartPolicy: Always + serviceAccountName: weave-net + securityContext: + seLinuxOptions: + type: spc_t volumes: - name: weavedb emptyDir: {}