193 lines
4.4 KiB
YAML
193 lines
4.4 KiB
YAML
|
{{- if .Values.migration }}
|
||
|
---
|
||
|
# This ConfigMap is used to store Flannel subnet.env content.
|
||
|
kind: ConfigMap
|
||
|
apiVersion: v1
|
||
|
metadata:
|
||
|
name: flannel-migration-config
|
||
|
namespace: kube-system
|
||
|
data:
|
||
|
# Do not edit! This field is updated by migration controller.
|
||
|
flannel_subnet_env: ""
|
||
|
|
||
|
---
|
||
|
# Include a clusterrole for the kube-controllers component,
|
||
|
# and bind it to the flannel-migration-controller serviceaccount.
|
||
|
kind: ClusterRole
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: flannel-migration-controller
|
||
|
rules:
|
||
|
# Nodes are watched to monitor for deletions.
|
||
|
- apiGroups: [""]
|
||
|
resources:
|
||
|
- nodes
|
||
|
verbs:
|
||
|
- watch
|
||
|
- list
|
||
|
- get
|
||
|
- patch
|
||
|
- update
|
||
|
# Nodes are watched to monitor for deletions.
|
||
|
- apiGroups: [""]
|
||
|
resources:
|
||
|
- nodes/status
|
||
|
verbs:
|
||
|
- get
|
||
|
- update
|
||
|
# Pods are created/deleted.
|
||
|
- apiGroups: [""]
|
||
|
resources:
|
||
|
- pods
|
||
|
verbs:
|
||
|
- get
|
||
|
- list
|
||
|
- create
|
||
|
- delete
|
||
|
# Pods/exec are created.
|
||
|
- apiGroups: [""]
|
||
|
resources:
|
||
|
- pods/exec
|
||
|
verbs:
|
||
|
- create
|
||
|
# Configmaps are updated.
|
||
|
- apiGroups: [""]
|
||
|
resources:
|
||
|
- configmaps
|
||
|
verbs:
|
||
|
- get
|
||
|
- update
|
||
|
- apiGroups: [""]
|
||
|
resources:
|
||
|
- pods/eviction
|
||
|
verbs:
|
||
|
- create
|
||
|
# Daemonset are watched to monitor for deletions.
|
||
|
- apiGroups: ["apps", "extensions"]
|
||
|
resources:
|
||
|
- daemonsets
|
||
|
verbs:
|
||
|
- get
|
||
|
- delete
|
||
|
- update
|
||
|
# IPAM resources are manipulated when nodes are deleted.
|
||
|
- apiGroups: ["crd.projectcalico.org"]
|
||
|
resources:
|
||
|
- ippools
|
||
|
verbs:
|
||
|
- get
|
||
|
- list
|
||
|
- create
|
||
|
- update
|
||
|
- delete
|
||
|
- apiGroups: ["crd.projectcalico.org"]
|
||
|
resources:
|
||
|
- ipamconfigs
|
||
|
- blockaffinities
|
||
|
- ipamblocks
|
||
|
- ipamhandles
|
||
|
verbs:
|
||
|
- get
|
||
|
- list
|
||
|
- create
|
||
|
- update
|
||
|
- delete
|
||
|
# Needs access to update clusterinformations.
|
||
|
- apiGroups: ["crd.projectcalico.org"]
|
||
|
resources:
|
||
|
- clusterinformations
|
||
|
verbs:
|
||
|
- get
|
||
|
- create
|
||
|
- update
|
||
|
# Needs access to update felixconfigurations.
|
||
|
- apiGroups: ["crd.projectcalico.org"]
|
||
|
resources:
|
||
|
- felixconfigurations
|
||
|
verbs:
|
||
|
- get
|
||
|
- create
|
||
|
- update
|
||
|
---
|
||
|
kind: ClusterRoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: flannel-migration-controller
|
||
|
roleRef:
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
kind: ClusterRole
|
||
|
name: flannel-migration-controller
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: flannel-migration-controller
|
||
|
namespace: kube-system
|
||
|
|
||
|
---
|
||
|
# See https://github.com/projectcalico/kube-controllers
|
||
|
apiVersion: batch/v1
|
||
|
kind: Job
|
||
|
metadata:
|
||
|
name: flannel-migration
|
||
|
namespace: kube-system
|
||
|
labels:
|
||
|
k8s-app: flannel-migration-controller
|
||
|
spec:
|
||
|
backoffLimit: 10
|
||
|
template:
|
||
|
metadata:
|
||
|
name: flannel-migration-controller
|
||
|
namespace: kube-system
|
||
|
labels:
|
||
|
k8s-app: flannel-migration-controller
|
||
|
spec:
|
||
|
nodeSelector:
|
||
|
kubernetes.io/os: linux
|
||
|
tolerations:
|
||
|
# Mark the pod as a critical add-on for rescheduling.
|
||
|
- key: CriticalAddonsOnly
|
||
|
operator: Exists
|
||
|
serviceAccountName: flannel-migration-controller
|
||
|
priorityClassName: system-cluster-critical
|
||
|
restartPolicy: OnFailure
|
||
|
containers:
|
||
|
- name: flannel-migration-controller
|
||
|
image: calico/flannel-migration-controller:v3.15.0
|
||
|
env:
|
||
|
# Choose which controllers to run.
|
||
|
- name: ENABLED_CONTROLLERS
|
||
|
value: flannelmigration
|
||
|
- name: DATASTORE_TYPE
|
||
|
value: kubernetes
|
||
|
- name: FLANNEL_DAEMONSET_NAME
|
||
|
value: canal
|
||
|
- name: FLANNEL_SUBNET_ENV
|
||
|
valueFrom:
|
||
|
configMapKeyRef:
|
||
|
name: flannel-migration-config
|
||
|
key: flannel_subnet_env
|
||
|
- name: POD_NODE_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: spec.nodeName
|
||
|
volumeMounts:
|
||
|
- mountPath: /host/run/flannel/subnet.env
|
||
|
name: flannel-env-file
|
||
|
readinessProbe:
|
||
|
exec:
|
||
|
command:
|
||
|
- /usr/bin/check-status
|
||
|
- -r
|
||
|
volumes:
|
||
|
- name: flannel-env-file
|
||
|
hostPath:
|
||
|
path: /run/flannel/subnet.env
|
||
|
|
||
|
---
|
||
|
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: flannel-migration-controller
|
||
|
namespace: kube-system
|
||
|
{{- end }}
|