ZeroDownTime
/
kubezero
3
0
Fork 0
Code Issues 1 Pull Requests 24 Releases Wiki Activity
kubezero/charts/kubezero-calico/templates/migration-job.yaml

193 lines
4.4 KiB
YAML
Raw Blame History

{{- if .Values.migration }}
---
# This ConfigMap is used to store Flannel subnet.env content.
kind: ConfigMap
apiVersion: v1
metadata:
name: flannel-migration-config
namespace: kube-system
data:
# Do not edit! This field is updated by migration controller.
flannel_subnet_env: ""
---
# Include a clusterrole for the kube-controllers component,
# and bind it to the flannel-migration-controller serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel-migration-controller
rules:
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
resources:
- nodes
verbs:
- watch
- list
- get
- patch
- update
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
resources:
- nodes/status
verbs:
- get
- update
# Pods are created/deleted.
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- create
- delete
# Pods/exec are created.
- apiGroups: [""]
resources:
- pods/exec
verbs:
- create
# Configmaps are updated.
- apiGroups: [""]
resources:
- configmaps
verbs:
- get
- update
- apiGroups: [""]
resources:
- pods/eviction
verbs:
- create
# Daemonset are watched to monitor for deletions.
- apiGroups: ["apps", "extensions"]
resources:
- daemonsets
verbs:
- get
- delete
- update
# IPAM resources are manipulated when nodes are deleted.
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
verbs:
- get
- list
- create
- update
- delete
- apiGroups: ["crd.projectcalico.org"]
resources:
- ipamconfigs
- blockaffinities
- ipamblocks
- ipamhandles
verbs:
- get
- list
- create
- update
- delete
# Needs access to update clusterinformations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- clusterinformations
verbs:
- get
- create
- update
# Needs access to update felixconfigurations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- felixconfigurations
verbs:
- get
- create
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel-migration-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel-migration-controller
subjects:
- kind: ServiceAccount
name: flannel-migration-controller
namespace: kube-system
---
# See https://github.com/projectcalico/kube-controllers
apiVersion: batch/v1
kind: Job
metadata:
name: flannel-migration
namespace: kube-system
labels:
k8s-app: flannel-migration-controller
spec:
backoffLimit: 10
template:
metadata:
name: flannel-migration-controller
namespace: kube-system
labels:
k8s-app: flannel-migration-controller
spec:
nodeSelector:
kubernetes.io/os: linux
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
serviceAccountName: flannel-migration-controller
priorityClassName: system-cluster-critical
restartPolicy: OnFailure
containers:
- name: flannel-migration-controller
image: calico/flannel-migration-controller:v3.15.0
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS
value: flannelmigration
- name: DATASTORE_TYPE
value: kubernetes
- name: FLANNEL_DAEMONSET_NAME
value: canal
- name: FLANNEL_SUBNET_ENV
valueFrom:
configMapKeyRef:
name: flannel-migration-config
key: flannel_subnet_env
- name: POD_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /host/run/flannel/subnet.env
name: flannel-env-file
readinessProbe:
exec:
command:
- /usr/bin/check-status
- -r
volumes:
- name: flannel-env-file
hostPath:
path: /run/flannel/subnet.env
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel-migration-controller
namespace: kube-system
{{- end }}
Reference in New Issue View Git Blame Copy Permalink