2024-05-20 01:53:47 +02:00
|
|
|
resource "kubernetes_deployment" "operator" {
|
|
|
|
wait_for_rollout = false
|
|
|
|
metadata {
|
|
|
|
name = "cilium-operator"
|
|
|
|
namespace = "kube-system"
|
|
|
|
}
|
|
|
|
spec {
|
|
|
|
replicas = 1
|
|
|
|
strategy {
|
|
|
|
type = "RollingUpdate"
|
|
|
|
rolling_update {
|
|
|
|
max_unavailable = "1"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
selector {
|
|
|
|
match_labels = {
|
|
|
|
name = "cilium-operator"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
template {
|
|
|
|
metadata {
|
|
|
|
labels = {
|
|
|
|
name = "cilium-operator"
|
|
|
|
}
|
|
|
|
annotations = {
|
|
|
|
"prometheus.io/scrape" = "true"
|
|
|
|
"prometheus.io/port" = "9963"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
spec {
|
|
|
|
host_network = true
|
|
|
|
priority_class_name = "system-cluster-critical"
|
|
|
|
service_account_name = "cilium-operator"
|
|
|
|
security_context {
|
|
|
|
seccomp_profile {
|
|
|
|
type = "RuntimeDefault"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
toleration {
|
|
|
|
key = "node-role.kubernetes.io/controller"
|
|
|
|
operator = "Exists"
|
|
|
|
}
|
|
|
|
toleration {
|
|
|
|
key = "node.kubernetes.io/not-ready"
|
|
|
|
operator = "Exists"
|
|
|
|
}
|
|
|
|
topology_spread_constraint {
|
|
|
|
max_skew = 1
|
|
|
|
topology_key = "kubernetes.io/hostname"
|
|
|
|
when_unsatisfiable = "DoNotSchedule"
|
|
|
|
label_selector {
|
|
|
|
match_labels = {
|
|
|
|
name = "cilium-operator"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
automount_service_account_token = true
|
|
|
|
enable_service_links = false
|
|
|
|
container {
|
|
|
|
name = "cilium-operator"
|
2024-09-26 11:40:54 +02:00
|
|
|
image = "quay.io/cilium/operator-generic:v1.16.2"
|
2024-05-20 01:53:47 +02:00
|
|
|
command = ["cilium-operator-generic"]
|
|
|
|
args = [
|
|
|
|
"--config-dir=/tmp/cilium/config-map",
|
|
|
|
"--debug=$(CILIUM_DEBUG)"
|
|
|
|
]
|
|
|
|
env {
|
|
|
|
name = "K8S_NODE_NAME"
|
|
|
|
value_from {
|
|
|
|
field_ref {
|
|
|
|
api_version = "v1"
|
|
|
|
field_path = "spec.nodeName"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
env {
|
|
|
|
name = "CILIUM_K8S_NAMESPACE"
|
|
|
|
value_from {
|
|
|
|
field_ref {
|
|
|
|
api_version = "v1"
|
|
|
|
field_path = "metadata.namespace"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
env {
|
|
|
|
name = "KUBERNETES_SERVICE_HOST"
|
|
|
|
value_from {
|
|
|
|
config_map_key_ref {
|
|
|
|
name = "in-cluster"
|
|
|
|
key = "apiserver-host"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
env {
|
|
|
|
name = "KUBERNETES_SERVICE_PORT"
|
|
|
|
value_from {
|
|
|
|
config_map_key_ref {
|
|
|
|
name = "in-cluster"
|
|
|
|
key = "apiserver-port"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
env {
|
|
|
|
name = "CILIUM_DEBUG"
|
|
|
|
value_from {
|
|
|
|
config_map_key_ref {
|
|
|
|
name = "cilium"
|
|
|
|
key = "debug"
|
|
|
|
optional = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
port {
|
|
|
|
name = "metrics"
|
|
|
|
protocol = "TCP"
|
|
|
|
host_port = 9963
|
|
|
|
container_port = 9963
|
|
|
|
}
|
|
|
|
port {
|
|
|
|
name = "health"
|
|
|
|
container_port = 9234
|
|
|
|
protocol = "TCP"
|
|
|
|
}
|
|
|
|
liveness_probe {
|
|
|
|
http_get {
|
|
|
|
scheme = "HTTP"
|
|
|
|
host = "127.0.0.1"
|
|
|
|
port = "9234"
|
|
|
|
path = "/healthz"
|
|
|
|
}
|
|
|
|
initial_delay_seconds = 60
|
|
|
|
timeout_seconds = 3
|
|
|
|
period_seconds = 10
|
|
|
|
}
|
|
|
|
readiness_probe {
|
|
|
|
http_get {
|
|
|
|
scheme = "HTTP"
|
|
|
|
host = "127.0.0.1"
|
|
|
|
port = "9234"
|
|
|
|
path = "/healthz"
|
|
|
|
}
|
|
|
|
timeout_seconds = 3
|
|
|
|
period_seconds = 15
|
|
|
|
failure_threshold = 5
|
|
|
|
}
|
|
|
|
volume_mount {
|
|
|
|
name = "config"
|
|
|
|
read_only = true
|
|
|
|
mount_path = "/tmp/cilium/config-map"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
volume {
|
|
|
|
name = "config"
|
|
|
|
config_map {
|
|
|
|
name = "cilium"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|