{{- /* This file was pulled from: https://github.com/coreos/flannel (HEAD at time of pull was 4973e02e539378) */}} apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel addonmanager.kubernetes.io/mode: EnsureExists data: cni-conf.json: | { "name": "cbr0", "type": "flannel", "delegate": { "isDefaultGateway": true } } net-conf.json: | { "Network": "{{GetClusterSubnet}}", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel addonmanager.kubernetes.io/mode: Reconcile spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% selector: matchLabels: tier: node app: flannel template: metadata: labels: tier: node app: flannel {{- if IsKubernetesVersionGe "1.17.0"}} annotations: cluster-autoscaler.kubernetes.io/daemonset-pod: "true" {{- end}} spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: amd64 kubernetes.io/os: linux priorityClassName: system-node-critical tolerations: - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule operator: "Exists" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: "Exists" - key: CriticalAddonsOnly operator: Exists serviceAccountName: flannel containers: - name: kube-flannel image: {{ContainerImage "kube-flannel"}} command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] securityContext: privileged: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run - name: flannel-cfg mountPath: /etc/kube-flannel/ - name: install-cni image: {{ContainerImage "install-cni"}} command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ] volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- {{- /* This file was pulled from: https://github.com/coreos/flannel (HEAD at time of pull was 4973e02e539378) */}} kind: ClusterRole apiVersion: {{GetRBACAPIVersion}} metadata: name: flannel labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: {{GetRBACAPIVersion}} metadata: name: flannel labels: addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system