| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- ---
- kind: DaemonSet
- apiVersion: extensions/v1beta1
- metadata:
- name: {{ openshift_daemonset_config_daemonset_name }}
- annotations:
- kubernetes.io/description: |
- This daemon set manages the operational configuration for a cluster and ensures all nodes have
- a concrete set of config in place. It could also use a local ansible run against the /host directory.
- spec:
- selector:
- matchLabels:
- app: {{ openshift_daemonset_config_daemonset_name }}
- confighosts: ops
- ops.openshift.io/role: operations
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- app: {{ openshift_daemonset_config_daemonset_name }}
- confighosts: ops
- ops.openshift.io/role: operations
- annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
- spec:
- {% if openshift_daemonset_config_node_selector is defined and openshift_daemonset_config_node_selector != {} %}
- nodeSelector: {{ openshift_daemonset_config_node_selector | to_json }}
- {% endif %}
- serviceAccountName: {{ openshift_daemonset_config_sa_name }}
- hostNetwork: true
- hostPID: true
- hostIPC: true
- containers:
- - name: config
- image: centos:7
- env:
- - name: RESYNC_INTERVAL
- value: "{{ openshift_daemonset_config_interval }}"
- command:
- - /bin/bash
- - -c
- - |
- #!/bin/sh
- set -o errexit
- while true; do
- # execute user defined script
- sh /opt/config/{{ openshift_daemonset_config_script }}
- # sleep for ${RESYNC_INTERVAL} minutes, then loop. if we fail Kubelet will restart us again
- echo "Success, sleeping for ${RESYNC_INTERVAL}s"
- exec sleep ${RESYNC_INTERVAL}
- # Return to perform the config
- done
- securityContext:
- # Must be root to modify host system
- runAsUser: {{ openshift_daemonset_config_runasuser }}
- # Permission could be reduced by selecting an appropriate SELinux policy that allows
- # us to update the named directories
- privileged: {{ openshift_daemonset_config_privileged }}
- volumeMounts:
- # Directory which contains the host volume.
- - mountPath: /host
- name: host
- # Our node configuration
- - mountPath: /opt/config
- name: config
- {% if openshift_daemonset_config_secrets != {} %}
- # Our delivered secrets
- - mountPath: /opt/secrets
- name: secrets
- {% endif %}
- resources:
- requests:
- cpu: {{ openshift_daemonset_config_resources.cpu }}
- memory: {{ openshift_daemonset_config_resources.memory }}
- {% if openshift_daemonset_config_monitoring %}
- - name: monitoring
- image: openshifttools/oso-centos7-host-monitoring:latest
- securityContext:
- # Must be root to read content
- runAsUser: 0
- privileged: true
- volumeMounts:
- - mountPath: /host
- name: host
- readOnly: true
- - mountPath: /etc/localtime
- subPath: etc/localtime
- name: host
- readOnly: true
- - mountPath: /sys
- subPath: sys
- name: host
- readOnly: true
- - mountPath: /var/run/docker.sock
- subPath: var/run/docker.sock
- name: host
- readOnly: true
- - mountPath: /var/run/openvswitch
- subPath: var/run/openvswitch
- name: host
- readOnly: true
- - mountPath: /etc/origin
- subPath: etc/origin
- name: host
- readOnly: true
- - mountPath: /usr/bin/oc
- subPath: usr/bin/oc
- name: host
- readOnly: true
- name: host
- readOnly: true
- - mountPath: /host/var/cache/yum
- subPath: var/cache/yum
- name: host
- - mountPath: /container_setup/monitoring-config.yml
- subPath: monitoring-config.yaml
- name: config
- - mountPath: /opt/config
- name: config
- resources:
- requests:
- cpu: 10m
- memory: 10Mi
- {% endif %}
- volumes:
- - name: config
- configMap:
- name: {{ openshift_daemonset_config_configmap_name }}
- {% if openshift_daemonset_config_secrets != {} %}
- - name: secrets
- secret:
- secretName: {{ openshift_daemonset_config_secret_name }}
- {% endif %}
- - name: host
- hostPath:
- path: /
|
