Skip to content

Instantly share code, notes, and snippets.

@tboerger

tboerger/manifest.yml

Last active January 24, 2022 13:27
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save tboerger/ea91a3e78309dbf3f5f9eeae868ed346 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save tboerger/ea91a3e78309dbf3f5f9eeae868ed346 to your computer and use it in GitHub Desktop.
Download ZIP
Flannel Manifest
Raw
manifest.yml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
labels:
tier: node
app: flannel
rules:
- apiGroups:
- ""
resources:
- "pods"
verbs:
- "get"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "list"
- "watch"
- apiGroups:
- ""
resources:
- "nodes/status"
verbs:
- "patch"
...
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
labels:
tier: node
app: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
...
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
labels:
tier: node
app: flannel
...
---
kind: ConfigMap
apiVersion: v1
metadata:
name: flannel
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.0.0.0/8",
"Backend": {
"Type": "vxlan"
}
}
...
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: flannel
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
tier: node
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
serviceAccountName: flannel
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
- operator: Exists
effect: NoSchedule
nodeSelector:
kubernetes.io/os: linux
initContainers:
- name: install-plugin
image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
imagePullPolicy: IfNotPresent
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
volumeMounts:
- name: plugin
mountPath: /opt/cni/bin
- name: install-cnicfg
image: quay.io/coreos/flannel:v0.15.1
imagePullPolicy: IfNotPresent
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel
mountPath: /etc/kube-flannel/
containers:
- name: flannel
image: quay.io/coreos/flannel:v0.15.1
imagePullPolicy: IfNotPresent
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface
- ens10
securityContext:
privileged: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel
configMap:
name: flannel
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment