-
Notifications
You must be signed in to change notification settings - Fork 388
contrail.yml
dineshb-jnpr edited this page Jul 17, 2018
·
8 revisions
---
apiVersion: v1
kind: ConfigMap
metadata:
name: env
namespace: kube-system
data:
AAA_MODE: no-auth
AUTH_MODE: noauth
CLOUD_ORCHESTRATOR: kubernetes
LOG_LEVEL: SYS_NOTICE
METADATA_PROXY_SECRET: contrail
RABBITMQ_NODE_PORT: "5673"
ZOOKEEPER_ANALYTICS_PORT: "2182"
ZOOKEEPER_PORTS: "2888:3888"
ZOOKEEPER_NODES: {{ K8S_MASTER_IP }}
RABBITMQ_NODES: {{ K8S_MASTER_IP }}
CONTROLLER_NODES: {{ K8S_MASTER_IP }}
VROUTER_GATEWAY: {{ K8S_MASTER_IP }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: configzookeeperenv
namespace: kube-system
data:
ZOOKEEPER_PORT: "2181"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: analyticszookeeperenv
namespace: kube-system
data:
ZOOKEEPER_PORT: "2182"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nodemgr-config
namespace: kube-system
data:
DOCKER_HOST: "unix://mnt/docker.sock"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: contrail-analyticsdb-config
namespace: kube-system
data:
CASSANDRA_SEEDS: {{ K8S_MASTER_IP }}
CASSANDRA_CLUSTER_NAME: Contrail
CASSANDRA_START_RPC: "true"
CASSANDRA_LISTEN_ADDRESS: auto
CASSANDRA_PORT: "9160"
CASSANDRA_CQL_PORT: "9042"
CASSANDRA_SSL_STORAGE_PORT: "7001"
CASSANDRA_STORAGE_PORT: "7000"
CASSANDRA_JMX_LOCAL_PORT: "7200"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: contrail-configdb-config
namespace: kube-system
data:
CASSANDRA_SEEDS: {{ K8S_MASTER_IP }}
CASSANDRA_CLUSTER_NAME: ContrailConfigDB
CASSANDRA_START_RPC: "true"
CASSANDRA_LISTEN_ADDRESS: auto
CASSANDRA_PORT: "9161"
CASSANDRA_CQL_PORT: "9041"
CASSANDRA_SSL_STORAGE_PORT: "7011"
CASSANDRA_STORAGE_PORT: "7010"
CASSANDRA_JMX_LOCAL_PORT: "7201"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: rabbitmq-config
namespace: kube-system
data:
RABBITMQ_ERLANG_COOKIE: "47EFF3BB-4786-46E0-A5BB-58455B3C2CB4"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-manager-config
namespace: kube-system
data:
KUBERNETES_API_SERVER: {{ K8S_MASTER_IP }}
KUBERNETES_API_SECURE_PORT: "6443"
K8S_TOKEN_FILE: "/tmp/serviceaccount/token"
# Containers section
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: config-zookeeper
namespace: kube-system
labels:
app: config-zookeeper
spec:
template:
metadata:
labels:
app: config-zookeeper
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
containers:
- name: config-zookeeper
image: "docker.io/opencontrailnightly/contrail-external-zookeeper:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/lib/zookeeper
name: zookeeper-data
- mountPath: /var/log/zookeeper
name: zookeeper-logs
volumes:
- name: zookeeper-data
hostPath:
path: /var/lib/contrail/config-zookeeper
- name: zookeeper-logs
hostPath:
path: /var/log/contrail/config-zookeeper
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: analytics-zookeeper
namespace: kube-system
labels:
app: analytics-zookeeper
spec:
template:
metadata:
labels:
app: analytics-zookeeper
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
containers:
- name: analytics-zookeeper
image: "docker.io/opencontrailnightly/contrail-external-zookeeper:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
volumeMounts:
- mountPath: /var/lib/zookeeper
name: zookeeper-data
- mountPath: /var/log/zookeeper
name: zookeeper-logs
volumes:
- name: zookeeper-data
hostPath:
path: /var/lib/contrail/analytics-zookeeper
- name: zookeeper-logs
hostPath:
path: /var/log/contrail/analytics-zookeeper
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kafka
namespace: kube-system
labels:
app: kafka
spec:
template:
metadata:
labels:
app: kafka
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
containers:
- name: kafka
image: "docker.io/opencontrailnightly/contrail-external-kafka:latest"
imagePullPolicy: ""
env:
- name: NODE_TYPE
value: database
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
volumeMounts:
- mountPath: /tmp/kafka-logs
name: kafka-logs
volumes:
- name: kafka-logs
hostPath:
path: /var/lib/contrail/kafka-logs
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-analyticsdb
namespace: kube-system
labels:
app: contrail-analyticsdb
spec:
template:
metadata:
labels:
app: contrail-analyticsdb
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
containers:
- name: contrail-analyticsdb
image: "docker.io/opencontrailnightly/contrail-external-cassandra:latest"
imagePullPolicy: ""
env:
- name: NODE_TYPE
value: database
envFrom:
- configMapRef:
name: contrail-analyticsdb-config
volumeMounts:
- mountPath: /var/lib/cassandra
name: analyticsdb-data
- mountPath: /var/log/cassandra
name: analyticsdb-logs
volumes:
- name: analyticsdb-data
hostPath:
path: /var/lib/contrail/analyticsdb
- name: analyticsdb-logs
hostPath:
path: /var/log/contrail/analyticsdb
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-configdb
namespace: kube-system
labels:
app: contrail-configdb
spec:
template:
metadata:
labels:
app: contrail-configdb
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
containers:
- name: contrail-configdb
image: "docker.io/opencontrailnightly/contrail-external-cassandra:latest"
imagePullPolicy: ""
env:
- name: NODE_TYPE
value: config
envFrom:
- configMapRef:
name: contrail-configdb-config
volumeMounts:
- mountPath: /var/lib/cassandra
name: configdb-data
- mountPath: /var/log/cassandra
name: configdb-log
volumes:
- name: configdb-data
hostPath:
path: /var/lib/contrail/configdb
- name: configdb-log
hostPath:
path: /var/log/contrail/configdb
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-database-nodemgr
namespace: kube-system
labels:
app: contrail-database-nodemgr
spec:
template:
metadata:
labels:
app: contrail-database-nodemgr
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
initContainers:
- name: contrail-node-init
image: "docker.io/opencontrailnightly/contrail-node-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
env:
- name: CONTRAIL_STATUS_IMAGE
value: "docker.io/opencontrailnightly/contrail-status:latest"
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
volumeMounts:
- mountPath: /host/usr/bin
name: host-usr-bin
containers:
- name: contrail-database-nodemgr
image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: nodemgr-config
- configMapRef:
name: analyticszookeeperenv
env:
- name: NODE_TYPE
value: database
- name: DATABASE_NODEMGR__DEFAULTS__minimum_diskGB
value: "2"
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
# path: /var/run/docker.sock and
# type: Socket
volumeMounts:
- mountPath: /var/log/contrail
name: analyticsdb-logs
- mountPath: /mnt
name: docker-unix-socket
volumes:
- name: analyticsdb-logs
hostPath:
path: /var/log/contrail/analyticsdb
- name: docker-unix-socket
hostPath:
path: /var/run
- name: host-usr-bin
hostPath:
path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-analytics
namespace: kube-system
labels:
app: contrail-analytics
spec:
template:
metadata:
labels:
app: contrail-analytics
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
initContainers:
- name: contrail-node-init
image: "docker.io/opencontrailnightly/contrail-node-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
env:
- name: CONTRAIL_STATUS_IMAGE
value: "docker.io/opencontrailnightly/contrail-status:latest"
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
volumeMounts:
- mountPath: /host/usr/bin
name: host-usr-bin
containers:
- name: contrail-analytics-api
image: "docker.io/opencontrailnightly/contrail-analytics-api:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: analytics-logs
- name: contrail-analytics-collector
image: "docker.io/opencontrailnightly/contrail-analytics-collector:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
volumeMounts:
- mountPath: /var/log/contrail
name: analytics-logs
- name: contrail-analytics-alarm-gen
image: "docker.io/opencontrailnightly/contrail-analytics-alarm-gen:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: analytics-logs
- name: contrail-analytics-query-engine
image: "docker.io/opencontrailnightly/contrail-analytics-query-engine:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
volumeMounts:
- mountPath: /var/log/contrail
name: analytics-logs
- name: contrail-analytics-snmp-collector
image: "docker.io/opencontrailnightly/contrail-analytics-snmp-collector:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
volumeMounts:
- mountPath: /var/log/contrail
name: analytics-logs
- name: contrail-analytics-topology
image: "docker.io/opencontrailnightly/contrail-analytics-topology:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: analytics-logs
- name: contrail-analytics-nodemgr
image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: analyticszookeeperenv
- configMapRef:
name: nodemgr-config
env:
- name: NODE_TYPE
value: analytics
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
# path: /var/run/docker.sock and
# type: Socket
volumeMounts:
- mountPath: /var/log/contrail
name: analytics-logs
- mountPath: /mnt
name: docker-unix-socket
volumes:
- name: analytics-logs
hostPath:
path: /var/log/contrail/analytics
- name: docker-unix-socket
hostPath:
path: /var/run
- name: host-usr-bin
hostPath:
path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-controller-control
namespace: kube-system
labels:
app: contrail-controller-control
spec:
template:
metadata:
labels:
app: contrail-controller-control
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
initContainers:
- name: contrail-node-init
image: "docker.io/opencontrailnightly/contrail-node-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
env:
- name: CONTRAIL_STATUS_IMAGE
value: "docker.io/opencontrailnightly/contrail-status:latest"
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /host/usr/bin
name: host-usr-bin
containers:
- name: contrail-controller-control
image: "docker.io/opencontrailnightly/contrail-controller-control-control:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: control-logs
- name: contrail-controller-control-dns
image: "docker.io/opencontrailnightly/contrail-controller-control-dns:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /etc/contrail
name: dns-config
- mountPath: /var/log/contrail
name: control-logs
- name: contrail-controller-control-named
image: "docker.io/opencontrailnightly/contrail-controller-control-named:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/contrail
name: dns-config
- mountPath: /var/log/contrail
name: control-logs
- name: contrail-controller-nodemgr
image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
- configMapRef:
name: nodemgr-config
env:
- name: NODE_TYPE
value: control
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
# path: /var/run/docker.sock and
# type: Socket
volumeMounts:
- mountPath: /var/log/contrail
name: control-logs
- mountPath: /mnt
name: docker-unix-socket
volumes:
- name: control-logs
hostPath:
path: /var/log/contrail/control
- name: docker-unix-socket
hostPath:
path: /var/run
- name: dns-config
emptyDir: {}
- name: host-usr-bin
hostPath:
path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-controller-config
namespace: kube-system
labels:
app: contrail-controller-config
spec:
template:
metadata:
labels:
app: contrail-controller-config
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
initContainers:
- name: contrail-node-init
image: "docker.io/opencontrailnightly/contrail-node-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
env:
- name: CONTRAIL_STATUS_IMAGE
value: "docker.io/opencontrailnightly/contrail-status:latest"
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /host/usr/bin
name: host-usr-bin
containers:
- name: contrail-controller-config-api
image: "docker.io/opencontrailnightly/contrail-controller-config-api:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: config-logs
- name: contrail-controller-config-devicemgr
image: "docker.io/opencontrailnightly/contrail-controller-config-devicemgr:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: config-logs
- name: contrail-controller-config-schema
image: "docker.io/opencontrailnightly/contrail-controller-config-schema:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: config-logs
- name: contrail-controller-config-svcmonitor
image: "docker.io/opencontrailnightly/contrail-controller-config-svcmonitor:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: config-logs
- name: contrail-controller-config-nodemgr
image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
- configMapRef:
name: nodemgr-config
env:
- name: NODE_TYPE
value: config
- name: CASSANDRA_CQL_PORT
value: "9041"
- name: CASSANDRA_JMX_LOCAL_PORT
value: "7201"
- name: CONFIG_NODEMGR__DEFAULTS__minimum_diskGB
value: "2"
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
# path: /var/run/docker.sock and
# type: Socket
volumeMounts:
- mountPath: /var/log/contrail
name: config-logs
- mountPath: /mnt
name: docker-unix-socket
volumes:
- name: config-logs
hostPath:
path: /var/log/contrail/config
- name: docker-unix-socket
hostPath:
path: /var/run
- name: host-usr-bin
hostPath:
path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-controller-webui
namespace: kube-system
labels:
app: contrail-controller-webui
spec:
template:
metadata:
labels:
app: contrail-controller-webui
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
initContainers:
- name: contrail-node-init
image: "docker.io/opencontrailnightly/contrail-node-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
env:
- name: CONTRAIL_STATUS_IMAGE
value: "docker.io/opencontrailnightly/contrail-status:latest"
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /host/usr/bin
name: host-usr-bin
containers:
- name: contrail-controller-webui-job
image: "docker.io/opencontrailnightly/contrail-controller-webui-job:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: webui-logs
- name: contrail-controller-webui-web
image: "docker.io/opencontrailnightly/contrail-controller-webui-web:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/log/contrail
name: webui-logs
volumes:
- name: webui-logs
hostPath:
path: /var/log/contrail/webui
- name: host-usr-bin
hostPath:
path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: redis
namespace: kube-system
labels:
app: redis
spec:
template:
metadata:
labels:
app: redis
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
containers:
- name: redis
image: "redis:4.0.2"
imagePullPolicy: ""
volumeMounts:
- mountPath: /var/lib/redis
name: redis-data
- mountPath: /var/log/redis
name: redis-logs
volumes:
- name: redis-data
hostPath:
path: /var/lib/contrail/redis
- name: redis-logs
hostPath:
path: /var/log/contrail/redis
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: rabbitmq
namespace: kube-system
labels:
app: rabbitmq
spec:
template:
metadata:
labels:
app: rabbitmq
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
hostNetwork: true
containers:
- name: rabbitmq
image: "docker.io/opencontrailnightly/contrail-external-rabbitmq:latest"
imagePullPolicy: ""
env:
- name: NODE_TYPE
value: config
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
- configMapRef:
name: rabbitmq-config
volumeMounts:
- mountPath: /var/lib/rabbitmq
name: rabbitmq-data
- mountPath: /var/log/rabbitmq
name: rabbitmq-logs
volumes:
- name: rabbitmq-data
hostPath:
path: /var/lib/contrail/rabbitmq
- name: rabbitmq-logs
hostPath:
path: /var/log/contrail/rabbitmq
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-kube-manager
namespace: kube-system
labels:
app: contrail-kube-manager
spec:
template:
metadata:
labels:
app: contrail-kube-manager
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: Exists
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
automountServiceAccountToken: false
hostNetwork: true
initContainers:
- name: contrail-node-init
image: "docker.io/opencontrailnightly/contrail-node-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
env:
- name: CONTRAIL_STATUS_IMAGE
value: "docker.io/opencontrailnightly/contrail-status:latest"
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /host/usr/bin
name: host-usr-bin
containers:
- name: contrail-kube-manager
image: "docker.io/opencontrailnightly/contrail-kubernetes-kube-manager:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
- configMapRef:
name: kube-manager-config
volumeMounts:
- mountPath: /var/log/contrail
name: kube-manager-logs
- mountPath: /tmp/serviceaccount
name: pod-secret
volumes:
- name: kube-manager-logs
hostPath:
path: /var/log/contrail/kube-manager
- name: pod-secret
secret:
secretName: contrail-kube-manager-token
- name: host-usr-bin
hostPath:
path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contrail-agent
namespace: kube-system
labels:
app: contrail-agent
spec:
template:
metadata:
labels:
app: contrail-agent
spec:
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
automountServiceAccountToken: false
hostNetwork: true
initContainers:
- name: contrail-node-init
image: "docker.io/opencontrailnightly/contrail-node-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
env:
- name: CONTRAIL_STATUS_IMAGE
value: "docker.io/opencontrailnightly/contrail-status:latest"
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /host/usr/bin
name: host-usr-bin
- name: contrail-vrouter-kernel-init
image: "docker.io/opencontrailnightly/contrail-vrouter-kernel-init:latest"
imagePullPolicy: ""
securityContext:
privileged: true
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /usr/src
name: usr-src
- mountPath: /lib/modules
name: lib-modules
- mountPath: /etc/sysconfig/network-scripts
name: network-scripts
- mountPath: /host/bin
name: host-bin
- name: contrail-kubernetes-cni-init
image: "docker.io/opencontrailnightly/contrail-kubernetes-cni-init:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /var/lib/contrail
name: var-lib-contrail
- mountPath: /host/etc_cni
name: etc-cni
- mountPath: /host/opt_cni_bin
name: opt-cni-bin
- mountPath: /host/log_cni
name: var-log-contrail-cni
- mountPath: /var/log/contrail
name: agent-logs
containers:
- name: contrail-vrouter-agent
image: "docker.io/opencontrailnightly/contrail-vrouter-agent:latest"
imagePullPolicy: ""
# TODO: Priveleged mode is requied because w/o it the device /dev/net/tun
# is not present in the container. The mounting it into container
# doesnt help because of permissions are not enough syscalls,
# e.g. https://github.com/Juniper/contrail-controller/blob/master/src/vnsw/agent/contrail/linux/pkt0_interface.cc: 48.
securityContext:
privileged: true
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
volumeMounts:
- mountPath: /dev
name: dev
- mountPath: /etc/sysconfig/network-scripts
name: network-scripts
- mountPath: /host/bin
name: host-bin
- mountPath: /var/log/contrail
name: agent-logs
- mountPath: /usr/src
name: usr-src
- mountPath: /lib/modules
name: lib-modules
- mountPath: /var/lib/contrail
name: var-lib-contrail
- mountPath: /var/crashes
name: var-crashes
- mountPath: /tmp/serviceaccount
name: pod-secret
- name: contrail-agent-nodemgr
image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
imagePullPolicy: ""
envFrom:
- configMapRef:
name: env
- configMapRef:
name: configzookeeperenv
- configMapRef:
name: nodemgr-config
env:
- name: NODE_TYPE
value: vrouter
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
# path: /var/run/docker.sock and
# type: Socket
volumeMounts:
- mountPath: /var/log/contrail
name: agent-logs
- mountPath: /mnt
name: docker-unix-socket
volumes:
- name: dev
hostPath:
path: /dev
- name: network-scripts
hostPath:
path: /etc/sysconfig/network-scripts
- name: host-bin
hostPath:
path: /bin
- name: docker-unix-socket
hostPath:
path: /var/run
- name: pod-secret
secret:
secretName: contrail-kube-manager-token
- name: usr-src
hostPath:
path: /usr/src
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-lib-contrail
hostPath:
path: /var/lib/contrail
- name: var-crashes
hostPath:
path: /var/contrail/crashes
- name: etc-cni
hostPath:
path: /etc/cni
- name: opt-cni-bin
hostPath:
path: /opt/cni/bin
- name: var-log-contrail-cni
hostPath:
path: /var/log/contrail/cni
- name: agent-logs
hostPath:
path: /var/log/contrail/agent
- name: host-usr-bin
hostPath:
path: /usr/bin
# Meta information section
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: contrail-kube-manager
namespace: kube-system
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: contrail-kube-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: contrail-kube-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: contrail-kube-manager
subjects:
- kind: ServiceAccount
name: contrail-kube-manager
namespace: kube-system
---
apiVersion: v1
kind: Secret
metadata:
name: contrail-kube-manager-token
namespace: kube-system
annotations:
kubernetes.io/service-account.name: contrail-kube-manager
type: kubernetes.io/service-account-token