diff --git a/data/data.json b/data/data.json index e7ed13763..bd56b5907 100644 --- a/data/data.json +++ b/data/data.json @@ -6561,8 +6561,8 @@ "nginxingress-v1.15.12": "\n# this template is intended for use by \u003e= nginx-0.32.0\napiVersion: v1\nkind: Namespace\nmetadata:\n name: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: nginx-configuration\n namespace: ingress-nginx\n labels:\n app: ingress-nginx\ndata:\n{{ range $k,$v := .Options }}\n {{ $k }}: \"{{ $v }}\"\n{{ end }}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: tcp-services\n namespace: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: udp-services\n namespace: ingress-nginx\n{{if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: nginx-ingress-clusterrole\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - nodes\n - pods\n - secrets\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - services\n verbs:\n - get\n - list\n - update\n - watch\n - apiGroups:\n - extensions\n - \"networking.k8s.io\" # k8s 1.14+\n resources:\n - ingresses\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n - apiGroups:\n - extensions\n - \"networking.k8s.io\" # k8s 1.14+\n resources:\n - ingresses/status\n verbs:\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: nginx-ingress-role\n namespace: ingress-nginx\nrules:\n - apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - pods\n - secrets\n - endpoints\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - services\n verbs:\n - get\n - list\n - update\n - watch\n - apiGroups:\n - extensions\n - \"networking.k8s.io\" # k8s 1.14+\n resources:\n - ingresses\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - extensions\n - \"networking.k8s.io\" # k8s 1.14+\n resources:\n - ingresses/status\n verbs:\n - update\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n resourceNames:\n # Defaults to \"\u003celection-id\u003e-\u003cingress-class\u003e\"\n # Here: \"\u003cingress-controller-leader\u003e-\u003cnginx\u003e\"\n # This has to be adapted if you change either parameter\n # when launching the nginx-ingress-controller.\n - ingress-controller-leader-nginx\n verbs:\n - get\n - update\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - create\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n verbs:\n - create\n - get\n - update\n - apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: nginx-ingress-role-nisa-binding\n namespace: ingress-nginx\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: nginx-ingress-role\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: nginx-ingress-clusterrole-nisa-binding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: nginx-ingress-clusterrole\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n{{ end }}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: nginx-ingress-controller\n namespace: ingress-nginx\nspec:\n selector:\n matchLabels:\n app: ingress-nginx\n{{if .UpdateStrategy}}\n updateStrategy:\n{{ toYaml .UpdateStrategy | indent 4}}\n{{end}}\n template:\n metadata:\n labels:\n app: ingress-nginx\n annotations:\n prometheus.io/port: '10254'\n prometheus.io/scrape: 'true'\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n {{- if eq .NetworkMode \"hostNetwork\"}}\n hostNetwork: true\n {{- end}}\n {{if .DNSPolicy}}\n dnsPolicy: {{.DNSPolicy}}\n {{end}}\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: nginx-ingress-serviceaccount\n {{ end }}\n terminationGracePeriodSeconds: 60\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: nginx-ingress-controller\n image: {{.IngressImage}}\n args:\n - /nginx-ingress-controller\n - --default-backend-service=$(POD_NAMESPACE)/default-http-backend\n - --configmap=$(POD_NAMESPACE)/nginx-configuration\n - --election-id=ingress-controller-leader\n - --ingress-class=nginx\n - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services\n - --udp-services-configmap=$(POD_NAMESPACE)/udp-services\n - --annotations-prefix=nginx.ingress.kubernetes.io\n {{ range $k, $v := .ExtraArgs }}\n - --{{ $k }}{{if ne $v \"\" }}={{ $v }}{{end}}\n {{ end }}\n securityContext:\n {{- if ne .NetworkMode \"none\" }}\n capabilities:\n drop:\n - ALL\n add:\n - NET_BIND_SERVICE\n {{- end }}\n runAsUser: 101\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n{{if .ExtraEnvs}}\n{{ toYaml .ExtraEnvs | indent 12}}\n{{end}}\n ports:\n - name: http\n {{- if eq .NetworkMode \"hostNetwork\"}}\n containerPort: 80\n {{- else if or (eq .NetworkMode \"hostPort\") (eq .NetworkMode \"none\")}}\n containerPort: {{with (index .ExtraArgs \"http-port\")}}{{.}}{{else}}80{{end}}\n {{- if eq .NetworkMode \"hostPort\"}}\n hostPort: {{.HTTPPort}}\n {{- end }}\n {{- end }}\n - name: https\n {{- if eq .NetworkMode \"hostNetwork\"}}\n containerPort: 443\n {{- else if or (eq .NetworkMode \"hostPort\") (eq .NetworkMode \"none\")}}\n containerPort: {{with (index .ExtraArgs \"https-port\")}}{{.}}{{else}}443{{end}}\n {{- if eq .NetworkMode \"hostPort\"}}\n hostPort: {{.HTTPSPort}}\n {{- end }}\n {{- end }}\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n readinessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n{{if .ExtraVolumeMounts}}\n volumeMounts:\n{{ toYaml .ExtraVolumeMounts | indent 12}}\n{{end}}\n{{if .ExtraVolumes}}\n volumes:\n{{ toYaml .ExtraVolumes | indent 8}}\n{{end}}\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: default-http-backend\n labels:\n app: default-http-backend\n namespace: ingress-nginx\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: default-http-backend\n template:\n metadata:\n labels:\n app: default-http-backend\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n terminationGracePeriodSeconds: 60\n{{- if .Tolerations}}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n{{- end }}\n containers:\n - name: default-http-backend\n # Any image is permissable as long as:\n # 1. It serves a 404 page at /\n # 2. It serves 200 on a /healthz endpoint\n image: {{.IngressBackend}}\n livenessProbe:\n httpGet:\n path: /healthz\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n ports:\n - containerPort: 8080\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 10m\n memory: 20Mi\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: default-http-backend\n namespace: ingress-nginx\n labels:\n app: default-http-backend\nspec:\n ports:\n - port: 80\n targetPort: 8080\n selector:\n app: default-http-backend\n", "nginxingress-v1.8": "\napiVersion: v1\nkind: Namespace\nmetadata:\n name: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: nginx-configuration\n namespace: ingress-nginx\n labels:\n app: ingress-nginx\ndata:\n{{ range $k,$v := .Options }}\n {{ $k }}: \"{{ $v }}\"\n{{ end }}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: tcp-services\n namespace: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: udp-services\n namespace: ingress-nginx\n{{if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: nginx-ingress-clusterrole\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - nodes\n - pods\n - secrets\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - services\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"extensions\"\n resources:\n - ingresses\n - daemonsets\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n - apiGroups:\n - \"extensions\"\n resources:\n - ingresses/status\n verbs:\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: nginx-ingress-role\n namespace: ingress-nginx\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - pods\n - secrets\n - namespaces\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n resourceNames:\n # Defaults to \"\u003celection-id\u003e-\u003cingress-class\u003e\"\n # Here: \"\u003cingress-controller-leader\u003e-\u003cnginx\u003e\"\n # This has to be adapted if you change either parameter\n # when launching the nginx-ingress-controller.\n - \"ingress-controller-leader-nginx\"\n verbs:\n - get\n - update\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - create\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: nginx-ingress-role-nisa-binding\n namespace: ingress-nginx\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: nginx-ingress-role\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: nginx-ingress-clusterrole-nisa-binding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: nginx-ingress-clusterrole\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n{{ end }}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: nginx-ingress-controller\n namespace: ingress-nginx\nspec:\n selector:\n matchLabels:\n app: ingress-nginx\n{{if .UpdateStrategy}}\n updateStrategy:\n{{ toYaml .UpdateStrategy | indent 4}}\n{{end}}\n template:\n metadata:\n labels:\n app: ingress-nginx\n annotations:\n prometheus.io/port: '10254'\n prometheus.io/scrape: 'true'\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n hostNetwork: true\n {{if .DNSPolicy}}\n dnsPolicy: {{.DNSPolicy}}\n {{end}}\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: nginx-ingress-serviceaccount\n {{ end }}\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n {{- if ne .AlpineImage \"\"}}\n initContainers:\n - command:\n - sh\n - -c\n - sysctl -w net.core.somaxconn=32768; sysctl -w net.ipv4.ip_local_port_range=\"1024 65535\"\n image: {{.AlpineImage}}\n imagePullPolicy: IfNotPresent\n name: sysctl\n securityContext:\n privileged: true\n {{- end }}\n containers:\n - name: nginx-ingress-controller\n image: {{.IngressImage}}\n args:\n - /nginx-ingress-controller\n - --default-backend-service=$(POD_NAMESPACE)/default-http-backend\n - --configmap=$(POD_NAMESPACE)/nginx-configuration\n - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services\n - --udp-services-configmap=$(POD_NAMESPACE)/udp-services\n - --annotations-prefix=nginx.ingress.kubernetes.io\n {{ range $k, $v := .ExtraArgs }}\n - --{{ $k }}{{if ne $v \"\" }}={{ $v }}{{end}}\n {{ end }}\n {{- if eq .AlpineImage \"\"}}\n securityContext:\n capabilities:\n drop:\n - ALL\n add:\n - NET_BIND_SERVICE\n runAsUser: 33\n {{- end }}\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n{{if .ExtraEnvs}}\n{{ toYaml .ExtraEnvs | indent 12}}\n{{end}}\n ports:\n - name: http\n containerPort: 80\n - name: https\n containerPort: 443\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n readinessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n{{if .ExtraVolumeMounts}}\n volumeMounts:\n{{ toYaml .ExtraVolumeMounts | indent 12}}\n{{end}}\n{{if .ExtraVolumes}}\n volumes:\n{{ toYaml .ExtraVolumes | indent 8}}\n{{end}}\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: default-http-backend\n labels:\n app: default-http-backend\n namespace: ingress-nginx\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: default-http-backend\n template:\n metadata:\n labels:\n app: default-http-backend\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n terminationGracePeriodSeconds: 60\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: default-http-backend\n # Any image is permissable as long as:\n # 1. It serves a 404 page at /\n # 2. It serves 200 on a /healthz endpoint\n image: {{.IngressBackend}}\n livenessProbe:\n httpGet:\n path: /healthz\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n ports:\n - containerPort: 8080\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 10m\n memory: 20Mi\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: default-http-backend\n namespace: ingress-nginx\n labels:\n app: default-http-backend\nspec:\n ports:\n - port: 80\n targetPort: 8080\n selector:\n app: default-http-backend\n", "nodelocal-v1.15": "\n{{- if eq .RBACConfig \"rbac\"}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: node-local-dns\n namespace: kube-system\n labels:\n kubernetes.io/cluster-service: \"true\"\n addonmanager.kubernetes.io/mode: Reconcile\n{{- end }}\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: kube-dns-upstream\n namespace: kube-system\n labels:\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n addonmanager.kubernetes.io/mode: Reconcile\n kubernetes.io/name: \"KubeDNSUpstream\"\nspec:\n ports:\n - name: dns\n port: 53\n protocol: UDP\n targetPort: 53\n - name: dns-tcp\n port: 53\n protocol: TCP\n targetPort: 53\n selector:\n k8s-app: kube-dns\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: node-local-dns\n namespace: kube-system\n labels:\n addonmanager.kubernetes.io/mode: Reconcile\ndata:\n Corefile: |\n {{.ClusterDomain}}:53 {\n errors\n cache {\n success 9984 30\n denial 9984 5\n }\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__CLUSTER__DNS__ {\n force_tcp\n }\n prometheus :9253\n health {{.IPAddress}}:8080\n }\n in-addr.arpa:53 {\n errors\n cache 30\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__CLUSTER__DNS__ {\n force_tcp\n }\n prometheus :9253\n }\n ip6.arpa:53 {\n errors\n cache 30\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__CLUSTER__DNS__ {\n force_tcp\n }\n prometheus :9253\n }\n .:53 {\n errors\n cache 30\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__UPSTREAM__SERVERS__ {\n force_tcp\n }\n prometheus :9253\n }\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: node-local-dns\n namespace: kube-system\n labels:\n k8s-app: node-local-dns\n kubernetes.io/cluster-service: \"true\"\n addonmanager.kubernetes.io/mode: Reconcile\nspec:\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n selector:\n matchLabels:\n k8s-app: node-local-dns\n template:\n metadata:\n labels:\n k8s-app: node-local-dns\n spec:\n priorityClassName: system-node-critical\n{{- if eq .RBACConfig \"rbac\"}}\n serviceAccountName: node-local-dns\n{{- end }}\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n dnsPolicy: Default # Don't use cluster DNS.\n tolerations:\n - operator: Exists\n containers:\n - name: node-cache\n image: {{.NodelocalImage}}\n resources:\n requests:\n cpu: 25m\n memory: 5Mi\n args: [ \"-localip\", \"{{.IPAddress}},{{.ClusterDNSServer}}\", \"-conf\", \"/etc/Corefile\", \"-upstreamsvc\", \"kube-dns-upstream\" ]\n securityContext:\n privileged: true\n ports:\n - containerPort: 53\n name: dns\n protocol: UDP\n - containerPort: 53\n name: dns-tcp\n protocol: TCP\n - containerPort: 9253\n name: metrics\n protocol: TCP\n livenessProbe:\n httpGet:\n host: {{.IPAddress}}\n path: /health\n port: 8080\n initialDelaySeconds: 60\n timeoutSeconds: 5\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: config-volume\n mountPath: /etc/coredns\n - name: kube-dns-config\n mountPath: /etc/kube-dns\n volumes:\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n - name: kube-dns-config\n configMap:\n name: kube-dns\n optional: true\n - name: config-volume\n configMap:\n name: node-local-dns\n items:\n - key: Corefile\n path: Corefile.base\n", - "weave-v1.16": "\n---\n# This ConfigMap can be used to configure a self-hosted Weave Net installation.\napiVersion: v1\nkind: List\nitems:\n - apiVersion: v1\n kind: ServiceAccount\n metadata:\n name: weave-net\n namespace: kube-system\n - apiVersion: apps/v1\n kind: DaemonSet\n metadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n spec:\n selector:\n matchLabels:\n name: weave-net\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n scheduler.alpha.kubernetes.io/tolerations: \u003e-\n [{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"master\",\"effect\":\"NoSchedule\"}]\n labels:\n name: weave-net\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n containers:\n - name: weave\n command:\n - /home/weave/launch.sh\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: IPALLOC_RANGE\n value: \"{{.ClusterCIDR}}\"\n {{- if .WeavePassword}}\n - name: WEAVE_PASSWORD\n value: \"{{.WeavePassword}}\"\n {{- end}}\n {{- if .MTU }}\n {{- if ne .MTU 0 }}\n - name: WEAVE_MTU\n value: \"{{.MTU}}\"\n {{- end }}\n {{- end }}\n image: {{.Image}}\n readinessProbe:\n httpGet:\n host: 127.0.0.1\n path: /status\n port: 6784\n initialDelaySeconds: 30\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: weavedb\n mountPath: /weavedb\n - name: cni-bin\n mountPath: /host/opt\n - name: cni-bin2\n mountPath: /host/home\n - name: cni-conf\n mountPath: /host/etc\n - name: dbus\n mountPath: /host/var/lib/dbus\n - name: lib-modules\n mountPath: /lib/modules\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-npc\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n image: {{.CNIImage}}\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-plugins\n command:\n - /opt/rke-tools/weave-plugins-cni.sh\n image: {{.WeaveLoopbackImage}}\n securityContext:\n privileged: true\n volumeMounts:\n - name: cni-bin\n mountPath: /opt\n hostNetwork: true\n hostPID: true\n restartPolicy: Always\n securityContext:\n seLinuxOptions: {}\n serviceAccountName: weave-net\n tolerations:\n - operator: Exists\n effect: NoSchedule\n - operator: Exists\n effect: NoExecute\n volumes:\n - name: weavedb\n hostPath:\n path: /var/lib/weave\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-bin2\n hostPath:\n path: /home\n - name: cni-conf\n hostPath:\n path: /etc\n - name: dbus\n hostPath:\n path: /var/lib/dbus\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 8}}\n{{end}}\n type: RollingUpdate\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nrules:\n - apiGroups:\n - ''\n resources:\n - pods\n - namespaces\n - nodes\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - networking.k8s.io\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - ''\n resources:\n - nodes/status\n verbs:\n - patch\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nroleRef:\n kind: ClusterRole\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nrules:\n - apiGroups:\n - ''\n resourceNames:\n - weave-net\n resources:\n - configmaps\n verbs:\n - get\n - update\n - apiGroups:\n - ''\n resources:\n - configmaps\n verbs:\n - create\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nroleRef:\n kind: Role\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n{{- end}}\n", - "weave-v1.8": "\n---\n# This ConfigMap can be used to configure a self-hosted Weave Net installation.\napiVersion: v1\nkind: List\nitems:\n - apiVersion: v1\n kind: ServiceAccount\n metadata:\n name: weave-net\n namespace: kube-system\n - apiVersion: extensions/v1beta1\n kind: DaemonSet\n metadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n spec:\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n scheduler.alpha.kubernetes.io/tolerations: \u003e-\n [{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"master\",\"effect\":\"NoSchedule\"}]\n labels:\n name: weave-net\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n containers:\n - name: weave\n command:\n - /home/weave/launch.sh\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: IPALLOC_RANGE\n value: \"{{.ClusterCIDR}}\"\n {{- if .WeavePassword}}\n - name: WEAVE_PASSWORD\n value: \"{{.WeavePassword}}\"\n {{- end}}\n {{- if .MTU }}\n {{- if ne .MTU 0 }}\n - name: WEAVE_MTU\n value: \"{{.MTU}}\"\n {{- end }}\n {{- end }}\n image: {{.Image}}\n readinessProbe:\n httpGet:\n host: 127.0.0.1\n path: /status\n port: 6784\n initialDelaySeconds: 30\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: weavedb\n mountPath: /weavedb\n - name: cni-bin\n mountPath: /host/opt\n - name: cni-bin2\n mountPath: /host/home\n - name: cni-conf\n mountPath: /host/etc\n - name: dbus\n mountPath: /host/var/lib/dbus\n - name: lib-modules\n mountPath: /lib/modules\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-npc\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n image: {{.CNIImage}}\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-plugins\n command:\n - /opt/rke-tools/weave-plugins-cni.sh\n image: {{.WeaveLoopbackImage}}\n securityContext:\n privileged: true\n volumeMounts:\n - name: cni-bin\n mountPath: /opt\n hostNetwork: true\n hostPID: true\n restartPolicy: Always\n securityContext:\n seLinuxOptions: {}\n serviceAccountName: weave-net\n tolerations:\n - operator: Exists\n effect: NoSchedule\n - operator: Exists\n effect: NoExecute\n volumes:\n - name: weavedb\n hostPath:\n path: /var/lib/weave\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-bin2\n hostPath:\n path: /home\n - name: cni-conf\n hostPath:\n path: /etc\n - name: dbus\n hostPath:\n path: /var/lib/dbus\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 8}}\n{{end}}\n type: RollingUpdate\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nrules:\n - apiGroups:\n - ''\n resources:\n - pods\n - namespaces\n - nodes\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - networking.k8s.io\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - ''\n resources:\n - nodes/status\n verbs:\n - patch\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nroleRef:\n kind: ClusterRole\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nrules:\n - apiGroups:\n - ''\n resourceNames:\n - weave-net\n resources:\n - configmaps\n verbs:\n - get\n - update\n - apiGroups:\n - ''\n resources:\n - configmaps\n verbs:\n - create\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nroleRef:\n kind: Role\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n{{- end}}\n" + "weave-v1.16": "\n---\n# This ConfigMap can be used to configure a self-hosted Weave Net installation.\napiVersion: v1\nkind: List\nitems:\n - apiVersion: v1\n kind: ServiceAccount\n metadata:\n name: weave-net\n namespace: kube-system\n - apiVersion: apps/v1\n kind: DaemonSet\n metadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n spec:\n selector:\n matchLabels:\n name: weave-net\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n scheduler.alpha.kubernetes.io/tolerations: \u003e-\n [{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"master\",\"effect\":\"NoSchedule\"}]\n labels:\n name: weave-net\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n containers:\n - name: weave\n command:\n - /home/weave/launch.sh\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: IPALLOC_RANGE\n value: \"{{.ClusterCIDR}}\"\n {{- if .WeavePassword}}\n - name: WEAVE_PASSWORD\n value: \"{{.WeavePassword}}\"\n {{- end}}\n {{- if .MTU }}\n {{- if ne .MTU 0 }}\n - name: WEAVE_MTU\n value: \"{{.MTU}}\"\n {{- end }}\n {{- end }}\n image: {{.Image}}\n readinessProbe:\n httpGet:\n host: 127.0.0.1\n path: /status\n port: 6784\n initialDelaySeconds: 30\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: weavedb\n mountPath: /weavedb\n - name: cni-bin\n mountPath: /host/opt\n - name: cni-bin2\n mountPath: /host/home\n - name: cni-conf\n mountPath: /host/etc\n - name: dbus\n mountPath: /host/var/lib/dbus\n - name: lib-modules\n mountPath: /lib/modules\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-npc\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: EXTRA_ARGS\n value: --log-level=info\n image: {{.CNIImage}}\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-plugins\n command:\n - /opt/rke-tools/weave-plugins-cni.sh\n image: {{.WeaveLoopbackImage}}\n securityContext:\n privileged: true\n volumeMounts:\n - name: cni-bin\n mountPath: /opt\n hostNetwork: true\n hostPID: true\n restartPolicy: Always\n securityContext:\n seLinuxOptions: {}\n serviceAccountName: weave-net\n tolerations:\n - operator: Exists\n effect: NoSchedule\n - operator: Exists\n effect: NoExecute\n volumes:\n - name: weavedb\n hostPath:\n path: /var/lib/weave\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-bin2\n hostPath:\n path: /home\n - name: cni-conf\n hostPath:\n path: /etc\n - name: dbus\n hostPath:\n path: /var/lib/dbus\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 8}}\n{{end}}\n type: RollingUpdate\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nrules:\n - apiGroups:\n - ''\n resources:\n - pods\n - namespaces\n - nodes\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - networking.k8s.io\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - ''\n resources:\n - nodes/status\n verbs:\n - patch\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nroleRef:\n kind: ClusterRole\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nrules:\n - apiGroups:\n - ''\n resourceNames:\n - weave-net\n resources:\n - configmaps\n verbs:\n - get\n - update\n - apiGroups:\n - ''\n resources:\n - configmaps\n verbs:\n - create\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nroleRef:\n kind: Role\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n{{- end}}\n", + "weave-v1.8": "\n---\n# This ConfigMap can be used to configure a self-hosted Weave Net installation.\napiVersion: v1\nkind: List\nitems:\n - apiVersion: v1\n kind: ServiceAccount\n metadata:\n name: weave-net\n namespace: kube-system\n - apiVersion: extensions/v1beta1\n kind: DaemonSet\n metadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n spec:\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n scheduler.alpha.kubernetes.io/tolerations: \u003e-\n [{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"master\",\"effect\":\"NoSchedule\"}]\n labels:\n name: weave-net\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n containers:\n - name: weave\n command:\n - /home/weave/launch.sh\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: IPALLOC_RANGE\n value: \"{{.ClusterCIDR}}\"\n {{- if .WeavePassword}}\n - name: WEAVE_PASSWORD\n value: \"{{.WeavePassword}}\"\n {{- end}}\n {{- if .MTU }}\n {{- if ne .MTU 0 }}\n - name: WEAVE_MTU\n value: \"{{.MTU}}\"\n {{- end }}\n {{- end }}\n image: {{.Image}}\n readinessProbe:\n httpGet:\n host: 127.0.0.1\n path: /status\n port: 6784\n initialDelaySeconds: 30\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: weavedb\n mountPath: /weavedb\n - name: cni-bin\n mountPath: /host/opt\n - name: cni-bin2\n mountPath: /host/home\n - name: cni-conf\n mountPath: /host/etc\n - name: dbus\n mountPath: /host/var/lib/dbus\n - name: lib-modules\n mountPath: /lib/modules\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-npc\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: EXTRA_ARGS\n value: --log-level=info\n image: {{.CNIImage}}\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-plugins\n command:\n - /opt/rke-tools/weave-plugins-cni.sh\n image: {{.WeaveLoopbackImage}}\n securityContext:\n privileged: true\n volumeMounts:\n - name: cni-bin\n mountPath: /opt\n hostNetwork: true\n hostPID: true\n restartPolicy: Always\n securityContext:\n seLinuxOptions: {}\n serviceAccountName: weave-net\n tolerations:\n - operator: Exists\n effect: NoSchedule\n - operator: Exists\n effect: NoExecute\n volumes:\n - name: weavedb\n hostPath:\n path: /var/lib/weave\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-bin2\n hostPath:\n path: /home\n - name: cni-conf\n hostPath:\n path: /etc\n - name: dbus\n hostPath:\n path: /var/lib/dbus\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 8}}\n{{end}}\n type: RollingUpdate\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nrules:\n - apiGroups:\n - ''\n resources:\n - pods\n - namespaces\n - nodes\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - networking.k8s.io\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - ''\n resources:\n - nodes/status\n verbs:\n - patch\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nroleRef:\n kind: ClusterRole\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nrules:\n - apiGroups:\n - ''\n resourceNames:\n - weave-net\n resources:\n - configmaps\n verbs:\n - get\n - update\n - apiGroups:\n - ''\n resources:\n - configmaps\n verbs:\n - create\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nroleRef:\n kind: Role\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n{{- end}}\n" }, "weave": { "\u003e=1.16.0-alpha": "weave-v1.16", diff --git a/rke/templates/weave.go b/rke/templates/weave.go index 49679635b..afe02f248 100644 --- a/rke/templates/weave.go +++ b/rke/templates/weave.go @@ -99,6 +99,8 @@ items: fieldRef: apiVersion: v1 fieldPath: spec.nodeName + - name: EXTRA_ARGS + value: --log-level=info image: {{.CNIImage}} resources: requests: @@ -357,6 +359,8 @@ items: fieldRef: apiVersion: v1 fieldPath: spec.nodeName + - name: EXTRA_ARGS + value: --log-level=info image: {{.CNIImage}} resources: requests: