epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 05:45:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

calico: update calico-kube-controller manifest (#12481)

Browse Source 
Co-authored-by: Cyclinder Kuo <kuocyclinder@gmail.com>
This commit is contained in:
k8s-infra-cherrypick-robot
2025-08-28 00:21:10 -07:00
committed by GitHub
parent 7cb6b07c44
commit f3354ce2c9
2 changed files with 7 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
View File

@@ -30,6 +30,8 @@ spec:
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
{% if policy_controller_extra_tolerations is defined %}
{{ policy_controller_extra_tolerations | list | to_nice_yaml(indent=2) | indent(8) }}
{% endif %}
@@ -59,6 +61,8 @@ spec:
- /usr/bin/check-status
- -r
periodSeconds: 10
securityContext:
runAsNonRoot: true
env:
- name: LOG_LEVEL
value: {{ calico_policy_controller_log_level }}
@@ -68,6 +72,8 @@ spec:
- name: DATASTORE_TYPE
value: kubernetes
{% else %}
- name: ENABLED_CONTROLLERS
value: policy,namespace,serviceaccount,workloadendpoint,node
- name: ETCD_ENDPOINTS
value: "{{ etcd_access_addresses }}"
- name: ETCD_CA_CERT_FILE

14
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
View File

@@ -19,19 +19,6 @@ rules:
- watch
- list
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- watch
- list
{% elif calico_datastore == "kdd" %}
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
@@ -67,6 +54,7 @@ rules:
- blockaffinities
- ipamblocks
- ipamhandles
- tiers
verbs:
- get
- list