|
1
|
---
|
|
2
|
kind: Namespace
|
|
3
|
apiVersion: v1
|
|
4
|
metadata:
|
|
5
|
name: kube-flannel
|
|
6
|
labels:
|
|
7
|
k8s-app: flannel
|
|
8
|
pod-security.kubernetes.io/enforce: privileged
|
|
9
|
---
|
|
10
|
kind: ClusterRole
|
|
11
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
12
|
metadata:
|
|
13
|
labels:
|
|
14
|
k8s-app: flannel
|
|
15
|
name: flannel
|
|
16
|
rules:
|
|
17
|
- apiGroups:
|
|
18
|
- ""
|
|
19
|
resources:
|
|
20
|
- pods
|
|
21
|
verbs:
|
|
22
|
- get
|
|
23
|
- apiGroups:
|
|
24
|
- ""
|
|
25
|
resources:
|
|
26
|
- nodes
|
|
27
|
verbs:
|
|
28
|
- get
|
|
29
|
- list
|
|
30
|
- watch
|
|
31
|
- apiGroups:
|
|
32
|
- ""
|
|
33
|
resources:
|
|
34
|
- nodes/status
|
|
35
|
verbs:
|
|
36
|
- patch
|
|
37
|
---
|
|
38
|
kind: ClusterRoleBinding
|
|
39
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
40
|
metadata:
|
|
41
|
labels:
|
|
42
|
k8s-app: flannel
|
|
43
|
name: flannel
|
|
44
|
roleRef:
|
|
45
|
apiGroup: rbac.authorization.k8s.io
|
|
46
|
kind: ClusterRole
|
|
47
|
name: flannel
|
|
48
|
subjects:
|
|
49
|
- kind: ServiceAccount
|
|
50
|
name: flannel
|
|
51
|
namespace: kube-flannel
|
|
52
|
---
|
|
53
|
apiVersion: v1
|
|
54
|
kind: ServiceAccount
|
|
55
|
metadata:
|
|
56
|
labels:
|
|
57
|
k8s-app: flannel
|
|
58
|
name: flannel
|
|
59
|
namespace: kube-flannel
|
|
60
|
---
|
|
61
|
kind: ConfigMap
|
|
62
|
apiVersion: v1
|
|
63
|
metadata:
|
|
64
|
name: kube-flannel-cfg
|
|
65
|
namespace: kube-flannel
|
|
66
|
labels:
|
|
67
|
tier: node
|
|
68
|
k8s-app: flannel
|
|
69
|
app: flannel
|
|
70
|
data:
|
|
71
|
cni-conf.json: |
|
|
72
|
{
|
|
73
|
"name": "cbr0",
|
|
74
|
"cniVersion": "0.3.1",
|
|
75
|
"plugins": [
|
|
76
|
{
|
|
77
|
"type": "flannel",
|
|
78
|
"delegate": {
|
|
79
|
"hairpinMode": true,
|
|
80
|
"isDefaultGateway": true
|
|
81
|
}
|
|
82
|
},
|
|
83
|
{
|
|
84
|
"type": "portmap",
|
|
85
|
"capabilities": {
|
|
86
|
"portMappings": true
|
|
87
|
}
|
|
88
|
}
|
|
89
|
]
|
|
90
|
}
|
|
91
|
net-conf.json: |
|
|
92
|
{
|
|
93
|
"Network": "10.244.0.0/16",
|
|
94
|
"EnableNFTables": false,
|
|
95
|
"Backend": {
|
|
96
|
"Type": "vxlan"
|
|
97
|
}
|
|
98
|
}
|
|
99
|
---
|
|
100
|
apiVersion: apps/v1
|
|
101
|
kind: DaemonSet
|
|
102
|
metadata:
|
|
103
|
name: kube-flannel-ds
|
|
104
|
namespace: kube-flannel
|
|
105
|
labels:
|
|
106
|
tier: node
|
|
107
|
app: flannel
|
|
108
|
k8s-app: flannel
|
|
109
|
spec:
|
|
110
|
selector:
|
|
111
|
matchLabels:
|
|
112
|
app: flannel
|
|
113
|
template:
|
|
114
|
metadata:
|
|
115
|
labels:
|
|
116
|
tier: node
|
|
117
|
app: flannel
|
|
118
|
spec:
|
|
119
|
affinity:
|
|
120
|
nodeAffinity:
|
|
121
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
122
|
nodeSelectorTerms:
|
|
123
|
- matchExpressions:
|
|
124
|
- key: kubernetes.io/os
|
|
125
|
operator: In
|
|
126
|
values:
|
|
127
|
- linux
|
|
128
|
hostNetwork: true
|
|
129
|
priorityClassName: system-node-critical
|
|
130
|
tolerations:
|
|
131
|
- operator: Exists
|
|
132
|
effect: NoSchedule
|
|
133
|
serviceAccountName: flannel
|
|
134
|
initContainers:
|
|
135
|
- name: install-cni-plugin
|
|
136
|
image: ghcr.io/flannel-io/flannel-cni-plugin:v1.8.0-flannel1
|
|
137
|
command:
|
|
138
|
- cp
|
|
139
|
args:
|
|
140
|
- -f
|
|
141
|
- /flannel
|
|
142
|
- /opt/cni/bin/flannel
|
|
143
|
volumeMounts:
|
|
144
|
- name: cni-plugin
|
|
145
|
mountPath: /opt/cni/bin
|
|
146
|
- name: install-cni
|
|
147
|
image: ghcr.io/flannel-io/flannel:v0.27.4
|
|
148
|
command:
|
|
149
|
- cp
|
|
150
|
args:
|
|
151
|
- -f
|
|
152
|
- /etc/kube-flannel/cni-conf.json
|
|
153
|
- /etc/cni/net.d/10-flannel.conflist
|
|
154
|
volumeMounts:
|
|
155
|
- name: cni
|
|
156
|
mountPath: /etc/cni/net.d
|
|
157
|
- name: flannel-cfg
|
|
158
|
mountPath: /etc/kube-flannel/
|
|
159
|
containers:
|
|
160
|
- name: kube-flannel
|
|
161
|
image: ghcr.io/flannel-io/flannel:v0.27.4
|
|
162
|
command:
|
|
163
|
- /opt/bin/flanneld
|
|
164
|
args:
|
|
165
|
- --ip-masq
|
|
166
|
- --kube-subnet-mgr
|
|
167
|
resources:
|
|
168
|
requests:
|
|
169
|
cpu: "100m"
|
|
170
|
memory: "50Mi"
|
|
171
|
securityContext:
|
|
172
|
privileged: false
|
|
173
|
capabilities:
|
|
174
|
add: ["NET_ADMIN", "NET_RAW"]
|
|
175
|
env:
|
|
176
|
- name: POD_NAME
|
|
177
|
valueFrom:
|
|
178
|
fieldRef:
|
|
179
|
fieldPath: metadata.name
|
|
180
|
- name: POD_NAMESPACE
|
|
181
|
valueFrom:
|
|
182
|
fieldRef:
|
|
183
|
fieldPath: metadata.namespace
|
|
184
|
- name: EVENT_QUEUE_DEPTH
|
|
185
|
value: "5000"
|
|
186
|
- name: CONT_WHEN_CACHE_NOT_READY
|
|
187
|
value: "false"
|
|
188
|
volumeMounts:
|
|
189
|
- name: run
|
|
190
|
mountPath: /run/flannel
|
|
191
|
- name: flannel-cfg
|
|
192
|
mountPath: /etc/kube-flannel/
|
|
193
|
- name: xtables-lock
|
|
194
|
mountPath: /run/xtables.lock
|
|
195
|
volumes:
|
|
196
|
- name: run
|
|
197
|
hostPath:
|
|
198
|
path: /run/flannel
|
|
199
|
- name: cni-plugin
|
|
200
|
hostPath:
|
|
201
|
path: /opt/cni/bin
|
|
202
|
- name: cni
|
|
203
|
hostPath:
|
|
204
|
path: /etc/cni/net.d
|
|
205
|
- name: flannel-cfg
|
|
206
|
configMap:
|
|
207
|
name: kube-flannel-cfg
|
|
208
|
- name: xtables-lock
|
|
209
|
hostPath:
|
|
210
|
path: /run/xtables.lock
|
|
211
|
type: FileOrCreate
|
