上传文件至 'Yaml文件'
This commit is contained in:
		
							parent
							
								
									37e379732c
								
							
						
					
					
						commit
						3f8eb4ba4b
					
				
							
								
								
									
										223
									
								
								Yaml文件/flannel.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										223
									
								
								Yaml文件/flannel.yaml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,223 @@ | ||||
| --- | ||||
| apiVersion: policy/v1beta1 | ||||
| kind: PodSecurityPolicy | ||||
| metadata: | ||||
|   name: psp.flannel.unprivileged | ||||
|   annotations: | ||||
|     seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default | ||||
|     seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default | ||||
|     apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default | ||||
|     apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default | ||||
| spec: | ||||
|   privileged: false | ||||
|   volumes: | ||||
|   - configMap | ||||
|   - secret | ||||
|   - emptyDir | ||||
|   - hostPath | ||||
|   allowedHostPaths: | ||||
|   - pathPrefix: "/etc/cni/net.d" | ||||
|   - pathPrefix: "/etc/kube-flannel" | ||||
|   - pathPrefix: "/run/flannel" | ||||
|   readOnlyRootFilesystem: false | ||||
|   # Users and groups | ||||
|   runAsUser: | ||||
|     rule: RunAsAny | ||||
|   supplementalGroups: | ||||
|     rule: RunAsAny | ||||
|   fsGroup: | ||||
|     rule: RunAsAny | ||||
|   # Privilege Escalation | ||||
|   allowPrivilegeEscalation: false | ||||
|   defaultAllowPrivilegeEscalation: false | ||||
|   # Capabilities | ||||
|   allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] | ||||
|   defaultAddCapabilities: [] | ||||
|   requiredDropCapabilities: [] | ||||
|   # Host namespaces | ||||
|   hostPID: false | ||||
|   hostIPC: false | ||||
|   hostNetwork: true | ||||
|   hostPorts: | ||||
|   - min: 0 | ||||
|     max: 65535 | ||||
|   # SELinux | ||||
|   seLinux: | ||||
|     # SELinux is unused in CaaSP | ||||
|     rule: 'RunAsAny' | ||||
| --- | ||||
| kind: ClusterRole | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: flannel | ||||
| rules: | ||||
| - apiGroups: ['extensions'] | ||||
|   resources: ['podsecuritypolicies'] | ||||
|   verbs: ['use'] | ||||
|   resourceNames: ['psp.flannel.unprivileged'] | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - pods | ||||
|   verbs: | ||||
|   - get | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - nodes | ||||
|   verbs: | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - nodes/status | ||||
|   verbs: | ||||
|   - patch | ||||
| --- | ||||
| kind: ClusterRoleBinding | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: flannel | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: flannel | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: flannel | ||||
|   namespace: kube-system | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: flannel | ||||
|   namespace: kube-system | ||||
| --- | ||||
| kind: ConfigMap | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: kube-flannel-cfg | ||||
|   namespace: kube-system | ||||
|   labels: | ||||
|     tier: node | ||||
|     app: flannel | ||||
| data: | ||||
|   cni-conf.json: | | ||||
|     { | ||||
|       "name": "cbr0", | ||||
|       "cniVersion": "0.3.1", | ||||
|       "plugins": [ | ||||
|         { | ||||
|           "type": "flannel", | ||||
|           "delegate": { | ||||
|             "hairpinMode": true, | ||||
|             "isDefaultGateway": true | ||||
|           } | ||||
|         }, | ||||
|         { | ||||
|           "type": "portmap", | ||||
|           "capabilities": { | ||||
|             "portMappings": true | ||||
|           } | ||||
|         } | ||||
|       ] | ||||
|     } | ||||
|   net-conf.json: | | ||||
|     { | ||||
|       "Network": "10.244.0.0/16", | ||||
|       "Backend": { | ||||
|         "Type": "vxlan" | ||||
|       } | ||||
|     } | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: DaemonSet | ||||
| metadata: | ||||
|   name: kube-flannel-ds | ||||
|   namespace: kube-system | ||||
|   labels: | ||||
|     tier: node | ||||
|     app: flannel | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: flannel | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         tier: node | ||||
|         app: flannel | ||||
|     spec: | ||||
|       affinity: | ||||
|         nodeAffinity: | ||||
|           requiredDuringSchedulingIgnoredDuringExecution: | ||||
|             nodeSelectorTerms: | ||||
|             - matchExpressions: | ||||
|               - key: kubernetes.io/os | ||||
|                 operator: In | ||||
|                 values: | ||||
|                 - linux | ||||
|       hostNetwork: true | ||||
|       priorityClassName: system-node-critical | ||||
|       tolerations: | ||||
|       - operator: Exists | ||||
|         effect: NoSchedule | ||||
|       serviceAccountName: flannel | ||||
|       initContainers: | ||||
|       - name: install-cni | ||||
|         image: quay.io/coreos/flannel:v0.14.0 | ||||
|         command: | ||||
|         - cp | ||||
|         args: | ||||
|         - -f | ||||
|         - /etc/kube-flannel/cni-conf.json | ||||
|         - /etc/cni/net.d/10-flannel.conflist | ||||
|         volumeMounts: | ||||
|         - name: cni | ||||
|           mountPath: /etc/cni/net.d | ||||
|         - name: flannel-cfg | ||||
|           mountPath: /etc/kube-flannel/ | ||||
|       containers: | ||||
|       - name: kube-flannel | ||||
|         image: quay.io/coreos/flannel:v0.14.0 | ||||
|         command: | ||||
|         - /opt/bin/flanneld | ||||
|         args: | ||||
|         - --ip-masq | ||||
|         - --kube-subnet-mgr | ||||
|         resources: | ||||
|           requests: | ||||
|             cpu: "100m" | ||||
|             memory: "50Mi" | ||||
|           limits: | ||||
|             cpu: "100m" | ||||
|             memory: "50Mi" | ||||
|         securityContext: | ||||
|           privileged: false | ||||
|           capabilities: | ||||
|             add: ["NET_ADMIN", "NET_RAW"] | ||||
|         env: | ||||
|         - name: POD_NAME | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               fieldPath: metadata.name | ||||
|         - name: POD_NAMESPACE | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               fieldPath: metadata.namespace | ||||
|         volumeMounts: | ||||
|         - name: run | ||||
|           mountPath: /run/flannel | ||||
|         - name: flannel-cfg | ||||
|           mountPath: /etc/kube-flannel/ | ||||
|       volumes: | ||||
|       - name: run | ||||
|         hostPath: | ||||
|           path: /run/flannel | ||||
|       - name: cni | ||||
|         hostPath: | ||||
|           path: /etc/cni/net.d | ||||
|       - name: flannel-cfg | ||||
|         configMap: | ||||
|           name: kube-flannel-cfg | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 diandian
						diandian