1kind: DaemonSet
2apiVersion: apps/v1
3metadata:
4 name: calico-node
5 namespace: kube-system
6 labels:
7 addonmanager.kubernetes.io/mode: Reconcile
8 k8s-app: calico-node
9spec:
10 selector:
11 matchLabels:
12 k8s-app: calico-node
13 updateStrategy:
14 type: RollingUpdate
15 template:
16 metadata:
17 labels:
18 k8s-app: calico-node
19 spec:
20 priorityClassName: system-node-critical
21 nodeSelector:
22 projectcalico.org/ds-ready: "true"
23 hostNetwork: true
24 serviceAccountName: calico
25 # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
26 # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
27 terminationGracePeriodSeconds: 0
28 initContainers:
29 - name: install-cni
30 image: gcr.io/projectcalico-org/cni:v3.19.1
31 command: ["/opt/cni/bin/install"]
32 env:
33 - name: CNI_CONF_NAME
34 value: "10-calico.conflist"
35 - name: CNI_NETWORK_CONFIG
36 value: |-
37 {
38 "name": "k8s-pod-network",
39 "cniVersion": "0.3.1",
40 "plugins": [
41 {
42 "type": "calico",
43 "log_level": "info",
44 "datastore_type": "kubernetes",
45 "nodename": "__KUBERNETES_NODE_NAME__",
46 "ipam": {
47 "type": "host-local",
48 "subnet": "usePodCidr"
49 },
50 "policy": {
51 "type": "k8s"
52 },
53 "kubernetes": {
54 "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
55 }
56 },
57 {
58 "type": "portmap",
59 "capabilities": {"portMappings": true},
60 "snat": true
61 }
62 ]
63 }
64 - name: KUBERNETES_NODE_NAME
65 valueFrom:
66 fieldRef:
67 fieldPath: spec.nodeName
68 # Prevents the container from sleeping forever.
69 - name: SLEEP
70 value: "false"
71 volumeMounts:
72 - mountPath: /host/opt/cni/bin
73 name: cni-bin-dir
74 - mountPath: /host/etc/cni/net.d
75 name: cni-net-dir
76 containers:
77 # Runs calico/node container on each Kubernetes node. This
78 # container programs network policy and routes on each
79 # host.
80 - name: calico-node
81 image: gcr.io/projectcalico-org/node:v3.19.1
82 env:
83 - name: CALICO_MANAGE_CNI
84 value: "true"
85 - name: CALICO_DISABLE_FILE_LOGGING
86 value: "true"
87 - name: CALICO_NETWORKING_BACKEND
88 value: "none"
89 - name: DATASTORE_TYPE
90 value: "kubernetes"
91 - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
92 value: "ACCEPT"
93 - name: FELIX_HEALTHENABLED
94 value: "true"
95 - name: FELIX_IPV6SUPPORT
96 value: "false"
97 - name: FELIX_LOGSEVERITYSYS
98 value: "none"
99 - name: FELIX_LOGSEVERITYSCREEN
100 value: "info"
101 - name: FELIX_PROMETHEUSMETRICSENABLED
102 value: "true"
103 - name: FELIX_REPORTINGINTERVALSECS
104 value: "0"
105 - name: FELIX_TYPHAK8SSERVICENAME
106 value: "calico-typha"
107 - name: FELIX_ROUTETABLERANGE
108 value: "10-250"
109 - name: USE_POD_CIDR
110 value: "true"
111 - name: IP
112 value: "autodetect"
113 - name: NO_DEFAULT_POOLS
114 value: "true"
115 - name: NODENAME
116 valueFrom:
117 fieldRef:
118 fieldPath: spec.nodeName
119 - name: WAIT_FOR_DATASTORE
120 value: "true"
121 securityContext:
122 privileged: true
123 livenessProbe:
124 httpGet:
125 path: /liveness
126 port: 9099
127 host: localhost
128 periodSeconds: 10
129 initialDelaySeconds: 10
130 failureThreshold: 6
131 readinessProbe:
132 httpGet:
133 path: /readiness
134 port: 9099
135 host: localhost
136 periodSeconds: 10
137 volumeMounts:
138 - mountPath: /host/etc/cni/net.d
139 name: cni-net-dir
140 - mountPath: /lib/modules
141 name: lib-modules
142 readOnly: true
143 - mountPath: /etc/calico
144 name: etc-calico
145 readOnly: true
146 - mountPath: /var/run/calico
147 name: var-run-calico
148 readOnly: false
149 - mountPath: /var/lib/calico
150 name: var-lib-calico
151 readOnly: false
152 - mountPath: /run/xtables.lock
153 name: xtables-lock
154 readOnly: false
155 volumes:
156 # Used to ensure proper kmods are installed.
157 - name: lib-modules
158 hostPath:
159 path: /lib/modules
160 # Mount in the Felix config file from the host.
161 - name: etc-calico
162 hostPath:
163 path: /etc/calico
164 # Used to install CNI binaries.
165 - name: cni-bin-dir
166 hostPath:
167 path: __CALICO_CNI_DIR__
168 # Used to install CNI network config.
169 - name: cni-net-dir
170 hostPath:
171 path: /etc/cni/net.d
172 - name: var-run-calico
173 hostPath:
174 path: /var/run/calico
175 - name: var-lib-calico
176 hostPath:
177 path: /var/lib/calico
178 - name: xtables-lock
179 hostPath:
180 path: /run/xtables.lock
181 type: FileOrCreate
182 tolerations:
183 # Make sure calico/node gets scheduled on all nodes.
184 - effect: NoSchedule
185 operator: Exists
186 - effect: NoExecute
187 operator: Exists
188 - key: CriticalAddonsOnly
189 operator: Exists
View as plain text