-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathipamd.yaml
178 lines (178 loc) · 4.42 KB
/
ipamd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
apiVersion: v1
kind: ServiceAccount
metadata:
name: cni-vpc-ipamd
namespace: kube-system
labels:
app: "cni-vpc-ipamd"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cni-vpc-ipamd
labels:
app: "cni-vpc-ipamd"
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","list", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
- apiGroups: ["vpc.uk8s.ucloud.cn"]
resources: ["vpcipclaims", "ipamds"]
verbs: ["get", "create","delete","update","list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cni-vpc-ipamd
labels:
app: "cni-vpc-ipamd"
subjects:
- kind: ServiceAccount
name: cni-vpc-ipamd
namespace: kube-system
roleRef:
kind: ClusterRole
name: cni-vpc-ipamd
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cni-vpc-ipamd
namespace: kube-system
labels:
app: "cni-vpc-ipamd"
spec:
selector:
matchLabels:
app: "cni-vpc-ipamd"
template:
metadata:
labels:
app: "cni-vpc-ipamd"
spec:
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- key: dedicated
operator: Exists
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
serviceAccount: cni-vpc-ipamd
hostNetwork: true
priorityClassName: system-node-critical
hostPID: true
containers:
- name: cni-vpc-ipamd
image: uhub.service.ucloud.cn/uk8s/cni-vpc-ipamd:1.2.0
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 200m
memory: 512Mi
securityContext:
privileged: true
args:
- "--availablePodIPLowWatermark=3"
- "--availablePodIPHighWatermark=50"
- "--calicoPolicyFlag=true"
- "--cooldownPeriodSeconds=30"
imagePullPolicy: "Always"
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /run/cni-vpc-ipamd.sock"]
envFrom:
- configMapRef:
name: uk8sconfig
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: user-config
mountPath: /etc/uk8s/
- name: host-run
mountPath: /run/
- name: host-log
mountPath: /var/log/ucloud/
- name: host-cni
mountPath: /opt/cni/
- name: device-plugin-path
mountPath: /var/lib/kubelet/device-plugins
- name: var-run-ns
mountPath: /var/run/netns/
mountPropagation: "Bidirectional"
- name: host-data
mountPath: /etc/kubernetes
readOnly: true
volumes:
- name: host-run
hostPath:
path: /run/
- name: host-log
hostPath:
path: /var/log/ucloud/
- name: device-plugin-path
hostPath:
path: /var/lib/kubelet/device-plugins
type: "Directory"
- name: var-run-ns
hostPath:
path: /var/run/netns/
- name: host-cni
hostPath:
path: /opt/cni/
- name: user-config
configMap:
name: uk8sconfig
- name: host-data
hostPath:
path: /etc/kubernetes
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ipamds.vpc.uk8s.ucloud.cn
spec:
group: vpc.uk8s.ucloud.cn
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
node:
type: string
addr:
type: string
subnet:
type: string
status:
type: object
properties:
current:
type: integer
high:
type: integer
low:
type: integer
status:
type: string
scope: Namespaced
names:
plural: ipamds
singular: ipamd
kind: Ipamd