diff --git a/templates/flannel-net.j2 b/templates/flannel-net.j2 index 631775f5..c6f9c679 100644 --- a/templates/flannel-net.j2 +++ b/templates/flannel-net.j2 @@ -1,14 +1,25 @@ --- -kind: Namespace apiVersion: v1 +kind: Namespace metadata: - name: kube-flannel labels: + k8s-app: flannel pod-security.kubernetes.io/enforce: privileged + name: kube-flannel +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: flannel + name: flannel + namespace: kube-flannel --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: + labels: + k8s-app: flannel name: flannel rules: - apiGroups: @@ -22,6 +33,7 @@ rules: resources: - nodes verbs: + - get - list - watch - apiGroups: @@ -30,10 +42,19 @@ rules: - nodes/status verbs: - patch +- apiGroups: + - networking.k8s.io + resources: + - clustercidrs + verbs: + - list + - watch --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: + labels: + k8s-app: flannel name: flannel roleRef: apiGroup: rbac.authorization.k8s.io @@ -45,19 +66,6 @@ subjects: namespace: kube-flannel --- apiVersion: v1 -kind: ServiceAccount -metadata: - name: flannel - namespace: kube-flannel ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: kube-flannel-cfg - namespace: kube-flannel - labels: - tier: node - app: flannel data: cni-conf.json: | { @@ -86,24 +94,35 @@ data: "Type": "vxlan" } } +kind: ConfigMap +metadata: + labels: + app: flannel + k8s-app: flannel + tier: node + name: kube-flannel-cfg + namespace: kube-flannel --- apiVersion: apps/v1 kind: DaemonSet metadata: - name: kube-flannel-ds - namespace: kube-flannel labels: - tier: node app: flannel + k8s-app: flannel + tier: node + name: kube-flannel-ds + namespace: kube-flannel spec: selector: matchLabels: app: flannel + k8s-app: flannel template: metadata: labels: - tier: node app: flannel + k8s-app: flannel + tier: node spec: affinity: nodeAffinity: @@ -114,62 +133,15 @@ spec: operator: In values: - linux - hostNetwork: true - priorityClassName: system-node-critical - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: flannel - initContainers: - - name: install-cni-plugin - #image: flannelcni/flannel-cni-plugin:v1.1.0 for ppc64le and mips64le (dockerhub limitations may apply) - image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0 - command: - - cp - args: - - -f - - /flannel - - /opt/cni/bin/flannel - volumeMounts: - - name: cni-plugin - mountPath: /opt/cni/bin - - name: install-cni - #image: flannelcni/flannel:v0.19.2 for ppc64le and mips64le (dockerhub limitations may apply) - image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.2 - command: - - cp - args: - - -f - - /etc/kube-flannel/cni-conf.json - - /etc/cni/net.d/10-flannel.conflist - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ containers: - - name: kube-flannel - #image: flannelcni/flannel:v0.19.2 for ppc64le and mips64le (dockerhub limitations may apply) - image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.2 - command: - - /opt/bin/flanneld - args: + - args: - --ip-masq - --kube-subnet-mgr {% for arg in kube_flanneld_extra_args %} - {{ arg }} {% endfor %} - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: false - capabilities: - add: ["NET_ADMIN", "NET_RAW"] + command: + - /opt/bin/flanneld env: - name: POD_NAME valueFrom: @@ -181,27 +153,70 @@ spec: fieldPath: metadata.namespace - name: EVENT_QUEUE_DEPTH value: "5000" + image: docker.io/flannel/flannel:v0.24.2 + name: kube-flannel + resources: + requests: + cpu: 100m + memory: 50Mi + securityContext: + capabilities: + add: + - NET_ADMIN + - NET_RAW + privileged: false + volumeMounts: + - mountPath: /run/flannel + name: run + - mountPath: /etc/kube-flannel/ + name: flannel-cfg + - mountPath: /run/xtables.lock + name: xtables-lock + hostNetwork: true + initContainers: + - args: + - -f + - /flannel + - /opt/cni/bin/flannel + command: + - cp + image: docker.io/flannel/flannel-cni-plugin:v1.4.0-flannel1 + name: install-cni-plugin + volumeMounts: + - mountPath: /opt/cni/bin + name: cni-plugin + - args: + - -f + - /etc/kube-flannel/cni-conf.json + - /etc/cni/net.d/10-flannel.conflist + command: + - cp + image: docker.io/flannel/flannel:v0.24.2 + name: install-cni volumeMounts: - - name: run - mountPath: /run/flannel - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - - name: xtables-lock - mountPath: /run/xtables.lock + - mountPath: /etc/cni/net.d + name: cni + - mountPath: /etc/kube-flannel/ + name: flannel-cfg + priorityClassName: system-node-critical + serviceAccountName: flannel + tolerations: + - effect: NoSchedule + operator: Exists volumes: - - name: run - hostPath: + - hostPath: path: /run/flannel - - name: cni-plugin - hostPath: + name: run + - hostPath: path: /opt/cni/bin - - name: cni - hostPath: + name: cni-plugin + - hostPath: path: /etc/cni/net.d - - name: flannel-cfg - configMap: + name: cni + - configMap: name: kube-flannel-cfg - - name: xtables-lock - hostPath: + name: flannel-cfg + - hostPath: path: /run/xtables.lock - type: FileOrCreate \ No newline at end of file + type: FileOrCreate + name: xtables-lock