External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-03 10:38:19 -03:30
Code Issues Packages Projects Releases Wiki Activity

Upgrade Weave to 2.2.1

Browse Source 
- Fix #2414, so namespace isolation should now works
- Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net
- Other minor fixup
This commit is contained in:
Wong Hoi Sing Edison
2018-03-24 10:52:21 +08:00
parent f07734596e
commit 3f5c60886b
8 changed files with 50 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/network_plugin/weave/defaults/main.yml
View File

@@ -1,7 +1,7 @@
---
# Limits
weave_memory_limit: 400M
weave_cpu_limit: 30m
weave_memory_limits: 400M
weave_cpu_limits: 30m
weave_memory_requests: 64M
weave_cpu_requests: 10m

65
roles/network_plugin/weave/templates/weave-net.yml.j2
View File

@@ -9,12 +9,13 @@ items:
labels:
name: weave-net
namespace: {{ system_namespace }}
- apiVersion: rbac.authorization.k8s.io/v1
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
namespace: {{ system_namespace }}
rules:
- apiGroups:
- ''
@@ -27,35 +28,42 @@ items:
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-net
labels:
name: weave-net
namespace: {{ system_namespace }}
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: {{ system_namespace }}
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
namespace: {{ system_namespace }}
rules:
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- weave-net
resources:
- configmaps
verbs:
- get
- update
@@ -65,29 +73,31 @@ items:
- configmaps
verbs:
- create
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: weave-net
labels:
name: weave-net
namespace: {{ system_namespace }}
roleRef:
kind: ClusterRole
kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
namespace: {{ system_namespace }}
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
version: {{ weave_version }}
version: v{{ weave_version }}
namespace: {{ system_namespace }}
spec:
minReadySeconds: 5
template:
metadata:
labels:
@@ -122,7 +132,7 @@ items:
- name: WEAVE_PASSWORD
value: {{ weave_password }}
image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
imagePullPolicy: Always
imagePullPolicy: {{ k8s_image_pull_policy }}
livenessProbe:
httpGet:
host: 127.0.0.1
@@ -149,19 +159,28 @@ items:
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
args: []
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
imagePullPolicy: Always
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
requests:
cpu: {{ weave_cpu_requests }}
memory: {{ weave_memory_requests }}
limits:
cpu: {{ weave_cpu_limit }}
memory: {{ weave_memory_limit }}
cpu: {{ weave_cpu_limits }}
memory: {{ weave_memory_limits }}
securityContext:
privileged: true
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
hostNetwork: true
hostPID: true
restartPolicy: Always