{{- if .Values.migration }} --- # This ConfigMap is used to store Flannel subnet.env content. kind: ConfigMap apiVersion: v1 metadata: name: flannel-migration-config namespace: kube-system data: # Do not edit! This field is updated by migration controller. flannel_subnet_env: "" --- # Include a clusterrole for the kube-controllers component, # and bind it to the flannel-migration-controller serviceaccount. kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel-migration-controller rules: # Nodes are watched to monitor for deletions. - apiGroups: [""] resources: - nodes verbs: - watch - list - get - patch - update # Nodes are watched to monitor for deletions. - apiGroups: [""] resources: - nodes/status verbs: - get - update # Pods are created/deleted. - apiGroups: [""] resources: - pods verbs: - get - list - create - delete # Pods/exec are created. - apiGroups: [""] resources: - pods/exec verbs: - create # Configmaps are updated. - apiGroups: [""] resources: - configmaps verbs: - get - update - apiGroups: [""] resources: - pods/eviction verbs: - create # Daemonset are watched to monitor for deletions. - apiGroups: ["apps", "extensions"] resources: - daemonsets verbs: - get - delete - update # IPAM resources are manipulated when nodes are deleted. - apiGroups: ["crd.projectcalico.org"] resources: - ippools verbs: - get - list - create - update - delete - apiGroups: ["crd.projectcalico.org"] resources: - ipamconfigs - blockaffinities - ipamblocks - ipamhandles verbs: - get - list - create - update - delete # Needs access to update clusterinformations. - apiGroups: ["crd.projectcalico.org"] resources: - clusterinformations verbs: - get - create - update # Needs access to update felixconfigurations. - apiGroups: ["crd.projectcalico.org"] resources: - felixconfigurations verbs: - get - create - update --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel-migration-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel-migration-controller subjects: - kind: ServiceAccount name: flannel-migration-controller namespace: kube-system --- # See https://github.com/projectcalico/kube-controllers apiVersion: batch/v1 kind: Job metadata: name: flannel-migration namespace: kube-system labels: k8s-app: flannel-migration-controller spec: backoffLimit: 10 template: metadata: name: flannel-migration-controller namespace: kube-system labels: k8s-app: flannel-migration-controller spec: nodeSelector: kubernetes.io/os: linux tolerations: # Mark the pod as a critical add-on for rescheduling. - key: CriticalAddonsOnly operator: Exists serviceAccountName: flannel-migration-controller priorityClassName: system-cluster-critical restartPolicy: OnFailure containers: - name: flannel-migration-controller image: calico/flannel-migration-controller:v3.15.0 env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS value: flannelmigration - name: DATASTORE_TYPE value: kubernetes - name: FLANNEL_DAEMONSET_NAME value: canal - name: FLANNEL_SUBNET_ENV valueFrom: configMapKeyRef: name: flannel-migration-config key: flannel_subnet_env - name: POD_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - mountPath: /host/run/flannel/subnet.env name: flannel-env-file readinessProbe: exec: command: - /usr/bin/check-status - -r volumes: - name: flannel-env-file hostPath: path: /run/flannel/subnet.env --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel-migration-controller namespace: kube-system {{- end }}