--- apiVersion: v1 kind: ConfigMap metadata: name: env namespace: kube-system data: AAA_MODE: no-auth AUTH_MODE: noauth CLOUD_ORCHESTRATOR: kubernetes LOG_LEVEL: SYS_NOTICE METADATA_PROXY_SECRET: contrail RABBITMQ_NODE_PORT: "5673" ZOOKEEPER_ANALYTICS_PORT: "2181" ZOOKEEPER_PORTS: "2888:3888" ZOOKEEPER_NODES: {{ K8S_MASTER_IP }} RABBITMQ_NODES: {{ K8S_MASTER_IP }} CONTROLLER_NODES: {{ K8S_MASTER_IP }} VROUTER_GATEWAY: {{ K8S_MASTER_IP }} ANALYTICSDB_ENABLE: "true" ANALYTICS_ALARM_ENABLE: "true" ANALYTICS_SNMP_ENABLE: "true" --- apiVersion: v1 kind: ConfigMap metadata: name: configzookeeperenv namespace: kube-system data: ZOOKEEPER_PORT: "2181" --- apiVersion: v1 kind: ConfigMap metadata: name: analyticszookeeperenv namespace: kube-system data: ZOOKEEPER_PORT: "2181" --- apiVersion: v1 kind: ConfigMap metadata: name: nodemgr-config namespace: kube-system data: DOCKER_HOST: "unix://mnt/docker.sock" --- apiVersion: v1 kind: ConfigMap metadata: name: contrail-analyticsdb-config namespace: kube-system data: CASSANDRA_SEEDS: {{ K8S_MASTER_IP }} CASSANDRA_CLUSTER_NAME: Contrail CASSANDRA_START_RPC: "true" CASSANDRA_LISTEN_ADDRESS: auto CASSANDRA_PORT: "9160" CASSANDRA_CQL_PORT: "9042" CASSANDRA_SSL_STORAGE_PORT: "7001" CASSANDRA_STORAGE_PORT: "7000" CASSANDRA_JMX_LOCAL_PORT: "7200" --- apiVersion: v1 kind: ConfigMap metadata: name: contrail-configdb-config namespace: kube-system data: CASSANDRA_SEEDS: {{ K8S_MASTER_IP }} CASSANDRA_CLUSTER_NAME: ContrailConfigDB CASSANDRA_START_RPC: "true" CASSANDRA_LISTEN_ADDRESS: auto CASSANDRA_PORT: "9161" CASSANDRA_CQL_PORT: "9041" CASSANDRA_SSL_STORAGE_PORT: "7011" CASSANDRA_STORAGE_PORT: "7010" CASSANDRA_JMX_LOCAL_PORT: "7201" --- apiVersion: v1 kind: ConfigMap metadata: name: rabbitmq-config namespace: kube-system data: RABBITMQ_ERLANG_COOKIE: "47EFF3BB-4786-46E0-A5BB-58455B3C2CB4" --- apiVersion: v1 kind: ConfigMap metadata: name: kube-manager-config namespace: kube-system data: KUBERNETES_API_SERVER: {{ K8S_MASTER_IP }} KUBERNETES_API_SECURE_PORT: "6443" K8S_TOKEN_FILE: "/tmp/serviceaccount/token" # Containers section --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: config-zookeeper namespace: kube-system labels: app: config-zookeeper spec: template: metadata: labels: app: config-zookeeper spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true containers: - name: config-zookeeper image: "{{ CONTRAIL_REPO }}/contrail-external-zookeeper:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/lib/zookeeper name: zookeeper-data - mountPath: /var/log/zookeeper name: zookeeper-logs volumes: - name: zookeeper-data hostPath: path: /var/lib/contrail/config-zookeeper - name: zookeeper-logs hostPath: path: /var/log/contrail/config-zookeeper --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-analyticsdb namespace: kube-system labels: app: contrail-analyticsdb spec: template: metadata: labels: app: contrail-analyticsdb spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" env: - name: NODE_TYPE value: "database" - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: contrail-analyticsdb-config securityContext: privileged: true volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin - mountPath: /host/var/lib name: host-var-lib containers: - name: contrail-analyticsdb-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true envFrom: - configMapRef: name: env - configMapRef: name: nodemgr-config - configMapRef: name: contrail-analyticsdb-config env: - name: NODE_TYPE value: database - name: DATABASE_NODEMGR__DEFAULTS__minimum_diskGB value: "2" volumeMounts: - mountPath: /var/log/contrail name: analyticsdb-logs - mountPath: /mnt name: docker-unix-socket - name: contrail-analyticsdb image: "{{ CONTRAIL_REPO }}/contrail-external-cassandra:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" env: - name: NODE_TYPE value: database envFrom: - configMapRef: name: contrail-analyticsdb-config volumeMounts: - mountPath: /var/lib/cassandra name: analyticsdb-data - mountPath: /var/log/cassandra name: analyticsdb-logs - name: contrail-analytics-query-engine image: "{{ CONTRAIL_REPO }}/contrail-analytics-query-engine:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: NODE_TYPE value: database envFrom: - configMapRef: name: env - configMapRef: name: analyticszookeeperenv volumeMounts: - mountPath: /var/log/contrail name: analyticsdb-logs volumes: - name: analyticsdb-data hostPath: path: /var/lib/contrail/analyticsdb - name: analyticsdb-logs hostPath: path: /var/log/contrail/analyticsdb - name: docker-unix-socket hostPath: path: /var/run - name: host-usr-bin hostPath: path: /usr/bin - name: host-var-lib hostPath: path: /var/lib --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-configdb namespace: kube-system labels: app: contrail-configdb spec: template: metadata: labels: app: contrail-configdb spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true containers: - name: contrail-configdb image: "{{ CONTRAIL_REPO }}/contrail-external-cassandra:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" env: - name: NODE_TYPE value: config envFrom: - configMapRef: name: contrail-configdb-config volumeMounts: - mountPath: /var/lib/cassandra name: configdb-data - mountPath: /var/log/cassandra name: configdb-log volumes: - name: configdb-data hostPath: path: /var/lib/contrail/configdb - name: configdb-log hostPath: path: /var/log/contrail/configdb --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-config-database-nodemgr namespace: kube-system labels: app: contrail-config-database-nodemgr spec: template: metadata: labels: app: contrail-config-database-nodemgr spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin containers: - name: contrail-config-database-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: nodemgr-config - configMapRef: name: contrail-configdb-config env: - name: NODE_TYPE value: database - name: DATABASE_NODEMGR__DEFAULTS__minimum_diskGB value: "2" # todo: there is type Socket in new kubernetes, it is possible to use full # path: # hostPath: # path: /var/run/docker.sock and # type: Socket volumeMounts: - mountPath: /var/log/contrail name: configdb-logs - mountPath: /mnt name: docker-unix-socket volumes: - name: configdb-logs hostPath: path: /var/log/contrail/configdb - name: docker-unix-socket hostPath: path: /var/run - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-analytics namespace: kube-system labels: app: contrail-analytics spec: template: metadata: labels: app: contrail-analytics spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: analyticszookeeperenv volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin containers: - name: contrail-analytics-api image: "{{ CONTRAIL_REPO }}/contrail-analytics-api:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: analyticszookeeperenv volumeMounts: - mountPath: /var/log/contrail name: analytics-logs - name: contrail-analytics-collector image: "{{ CONTRAIL_REPO }}/contrail-analytics-collector:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env volumeMounts: - mountPath: /var/log/contrail name: analytics-logs - name: contrail-analytics-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: analyticszookeeperenv - configMapRef: name: nodemgr-config env: - name: NODE_TYPE value: analytics # todo: there is type Socket in new kubernetes, it is possible to use full # path: # hostPath: # path: /var/run/docker.sock and # type: Socket volumeMounts: - mountPath: /var/log/contrail name: analytics-logs - mountPath: /mnt name: docker-unix-socket volumes: - name: analytics-logs hostPath: path: /var/log/contrail/analytics - name: docker-unix-socket hostPath: path: /var/run - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-analytics-snmp namespace: kube-system labels: app: contrail-analytics-snmp spec: template: metadata: labels: app: contrail-analytics-snmp spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" env: - name: NODE_TYPE value: "analytics-snmp" - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: contrail-analyticsdb-config securityContext: privileged: true volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin - mountPath: /host/var/lib name: host-var-lib containers: - name: contrail-analytics-snmp-collector image: "{{ CONTRAIL_REPO }}/contrail-analytics-snmp-collector:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true envFrom: - configMapRef: name: env volumeMounts: - mountPath: /var/log/contrail name: analytics-snmp-logs env: - name: NODE_TYPE value: analytics-snmp - name: contrail-analytics-snmp-topology image: "{{ CONTRAIL_REPO }}/contrail-analytics-snmp-topology:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true envFrom: - configMapRef: name: env volumeMounts: - mountPath: /var/log/contrail name: analytics-snmp-logs env: - name: NODE_TYPE value: analytics-snmp - name: contrail-analytics-snmp-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true envFrom: - configMapRef: name: env - configMapRef: name: nodemgr-config - configMapRef: name: contrail-analyticsdb-config env: - name: NODE_TYPE value: analytics-snmp volumeMounts: - mountPath: /var/log/contrail name: analytics-snmp-logs - mountPath: /mnt name: docker-unix-socket volumes: - name: analytics-snmp-logs hostPath: path: /var/log/contrail/analytics-snmp - name: host-var-lib hostPath: path: /var/lib - name: docker-unix-socket hostPath: path: /var/run - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-analytics-alarm namespace: kube-system labels: app: contrail-analytics-alarm spec: template: metadata: labels: app: contrail-analytics-alarm spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" env: - name: NODE_TYPE value: "analytics-alarm" - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: contrail-analyticsdb-config securityContext: privileged: true volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin - mountPath: /host/var/lib name: host-var-lib containers: - name: kafka image: "{{ CONTRAIL_REPO }}/contrail-external-kafka:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: NODE_TYPE value: analytics-alarm envFrom: - configMapRef: name: env - configMapRef: name: analyticszookeeperenv - name: contrail-analytics-alarm-gen image: "{{ CONTRAIL_REPO }}/contrail-analytics-alarm-gen:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true envFrom: - configMapRef: name: env - configMapRef: name: analyticszookeeperenv volumeMounts: - mountPath: /var/log/contrail name: analytics-alarm-logs env: - name: NODE_TYPE value: analytics-alarm - name: contrail-analytics-alarm-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true envFrom: - configMapRef: name: env - configMapRef: name: contrail-analyticsdb-config - configMapRef: name: nodemgr-config env: - name: NODE_TYPE value: analytics-alarm volumeMounts: - mountPath: /var/log/contrail name: analytics-alarm-logs - mountPath: /mnt name: docker-unix-socket volumes: - name: analytics-alarm-logs hostPath: path: /var/log/contrail/analytics-alarm - name: host-var-lib hostPath: path: /var/lib - name: docker-unix-socket hostPath: path: /var/run - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-controller-control namespace: kube-system labels: app: contrail-controller-control spec: template: metadata: labels: app: contrail-controller-control spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin containers: - name: contrail-controller-control image: "{{ CONTRAIL_REPO }}/contrail-controller-control-control:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/log/contrail name: control-logs - name: contrail-controller-control-dns image: "{{ CONTRAIL_REPO }}/contrail-controller-control-dns:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /etc/contrail name: dns-config - mountPath: /var/log/contrail name: control-logs - name: contrail-controller-control-named image: "{{ CONTRAIL_REPO }}/contrail-controller-control-named:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv securityContext: privileged: true volumeMounts: - mountPath: /etc/contrail name: dns-config - mountPath: /var/log/contrail name: control-logs - name: contrail-controller-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv - configMapRef: name: nodemgr-config env: - name: NODE_TYPE value: control # todo: there is type Socket in new kubernetes, it is possible to use full # path: # hostPath: # path: /var/run/docker.sock and # type: Socket volumeMounts: - mountPath: /var/log/contrail name: control-logs - mountPath: /mnt name: docker-unix-socket volumes: - name: control-logs hostPath: path: /var/log/contrail/control - name: docker-unix-socket hostPath: path: /var/run - name: dns-config emptyDir: {} - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-controller-config namespace: kube-system labels: app: contrail-controller-config spec: template: metadata: labels: app: contrail-controller-config spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin containers: - name: contrail-controller-config-api image: "{{ CONTRAIL_REPO }}/contrail-controller-config-api:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/log/contrail name: config-logs - name: contrail-controller-config-devicemgr image: "{{ CONTRAIL_REPO }}/contrail-controller-config-devicemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/log/contrail name: config-logs - name: contrail-controller-config-schema image: "{{ CONTRAIL_REPO }}/contrail-controller-config-schema:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/log/contrail name: config-logs - name: contrail-controller-config-svcmonitor image: "{{ CONTRAIL_REPO }}/contrail-controller-config-svcmonitor:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/log/contrail name: config-logs - name: contrail-controller-config-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv - configMapRef: name: nodemgr-config env: - name: NODE_TYPE value: config - name: CASSANDRA_CQL_PORT value: "9041" - name: CASSANDRA_JMX_LOCAL_PORT value: "7201" - name: CONFIG_NODEMGR__DEFAULTS__minimum_diskGB value: "2" # todo: there is type Socket in new kubernetes, it is possible to use full # path: # hostPath: # path: /var/run/docker.sock and # type: Socket volumeMounts: - mountPath: /var/log/contrail name: config-logs - mountPath: /mnt name: docker-unix-socket volumes: - name: config-logs hostPath: path: /var/log/contrail/config - name: docker-unix-socket hostPath: path: /var/run - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-controller-webui namespace: kube-system labels: app: contrail-controller-webui spec: template: metadata: labels: app: contrail-controller-webui spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin containers: - name: contrail-controller-webui-job image: "{{ CONTRAIL_REPO }}/contrail-controller-webui-job:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/log/contrail name: webui-logs - name: contrail-controller-webui-web image: "{{ CONTRAIL_REPO }}/contrail-controller-webui-web:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/log/contrail name: webui-logs volumes: - name: webui-logs hostPath: path: /var/log/contrail/webui - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: redis namespace: kube-system labels: app: redis spec: template: metadata: labels: app: redis spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true containers: - name: redis image: "redis:4.0.2" imagePullPolicy: "" volumeMounts: - mountPath: /var/lib/redis name: redis-data - mountPath: /var/log/redis name: redis-logs volumes: - name: redis-data hostPath: path: /var/lib/contrail/redis - name: redis-logs hostPath: path: /var/log/contrail/redis --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: rabbitmq namespace: kube-system labels: app: rabbitmq spec: template: metadata: labels: app: rabbitmq spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule hostNetwork: true containers: - name: rabbitmq image: "{{ CONTRAIL_REPO }}/contrail-external-rabbitmq:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" env: - name: NODE_TYPE value: config envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv - configMapRef: name: rabbitmq-config volumeMounts: - mountPath: /var/lib/rabbitmq name: rabbitmq-data - mountPath: /var/log/rabbitmq name: rabbitmq-logs volumes: - name: rabbitmq-data hostPath: path: /var/lib/contrail/rabbitmq - name: rabbitmq-logs hostPath: path: /var/log/contrail/rabbitmq --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-kube-manager namespace: kube-system labels: app: contrail-kube-manager spec: template: metadata: labels: app: contrail-kube-manager spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node-role.kubernetes.io/master" operator: Exists tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule automountServiceAccountToken: false hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin containers: - name: contrail-kube-manager image: "{{ CONTRAIL_REPO }}/contrail-kubernetes-kube-manager:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv - configMapRef: name: kube-manager-config volumeMounts: - mountPath: /var/log/contrail name: kube-manager-logs - mountPath: /tmp/serviceaccount name: pod-secret volumes: - name: kube-manager-logs hostPath: path: /var/log/contrail/kube-manager - name: pod-secret secret: secretName: contrail-kube-manager-token - name: host-usr-bin hostPath: path: /usr/bin --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: contrail-agent namespace: kube-system labels: app: contrail-agent spec: template: metadata: labels: app: contrail-agent spec: tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule automountServiceAccountToken: false hostNetwork: true initContainers: - name: contrail-node-init image: "{{ CONTRAIL_REPO }}/contrail-node-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true env: - name: CONTRAIL_STATUS_IMAGE value: "{{ CONTRAIL_REPO }}/contrail-status:{{ CONTRAIL_RELEASE }}" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /host/usr/bin name: host-usr-bin - name: contrail-vrouter-kernel-init image: "{{ CONTRAIL_REPO }}/contrail-vrouter-kernel-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" securityContext: privileged: true envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /usr/src name: usr-src - mountPath: /lib/modules name: lib-modules - mountPath: /etc/sysconfig/network-scripts name: network-scripts - mountPath: /host/bin name: host-bin - name: contrail-kubernetes-cni-init image: "{{ CONTRAIL_REPO }}/contrail-kubernetes-cni-init:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /var/lib/contrail name: var-lib-contrail - mountPath: /host/etc_cni name: etc-cni - mountPath: /host/opt_cni_bin name: opt-cni-bin - mountPath: /host/log_cni name: var-log-contrail-cni - mountPath: /var/log/contrail name: agent-logs containers: - name: contrail-vrouter-agent image: "{{ CONTRAIL_REPO }}/contrail-vrouter-agent:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" # TODO: Priveleged mode is requied because w/o it the device /dev/net/tun # is not present in the container. The mounting it into container # doesnt help because of permissions are not enough syscalls, # e.g. https://github.com/Juniper/contrail-controller/blob/master/src/vnsw/agent/contrail/linux/pkt0_interface.cc: 48. securityContext: privileged: true envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv volumeMounts: - mountPath: /dev name: dev - mountPath: /etc/sysconfig/network-scripts name: network-scripts - mountPath: /host/bin name: host-bin - mountPath: /var/log/contrail name: agent-logs - mountPath: /usr/src name: usr-src - mountPath: /lib/modules name: lib-modules - mountPath: /var/lib/contrail name: var-lib-contrail - mountPath: /var/crashes name: var-crashes - mountPath: /tmp/serviceaccount name: pod-secret - name: contrail-agent-nodemgr image: "{{ CONTRAIL_REPO }}/contrail-nodemgr:{{ CONTRAIL_RELEASE }}" imagePullPolicy: "" envFrom: - configMapRef: name: env - configMapRef: name: configzookeeperenv - configMapRef: name: nodemgr-config env: - name: NODE_TYPE value: vrouter # todo: there is type Socket in new kubernetes, it is possible to use full # path: # hostPath: # path: /var/run/docker.sock and # type: Socket volumeMounts: - mountPath: /var/log/contrail name: agent-logs - mountPath: /mnt name: docker-unix-socket volumes: - name: dev hostPath: path: /dev - name: network-scripts hostPath: path: /etc/sysconfig/network-scripts - name: host-bin hostPath: path: /bin - name: docker-unix-socket hostPath: path: /var/run - name: pod-secret secret: secretName: contrail-kube-manager-token - name: usr-src hostPath: path: /usr/src - name: lib-modules hostPath: path: /lib/modules - name: var-lib-contrail hostPath: path: /var/lib/contrail - name: var-crashes hostPath: path: /var/contrail/crashes - name: etc-cni hostPath: path: /etc/cni - name: opt-cni-bin hostPath: path: /opt/cni/bin - name: var-log-contrail-cni hostPath: path: /var/log/contrail/cni - name: agent-logs hostPath: path: /var/log/contrail/agent - name: host-usr-bin hostPath: path: /usr/bin # Meta information section --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: contrail-kube-manager namespace: kube-system rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- apiVersion: v1 kind: ServiceAccount metadata: name: contrail-kube-manager namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: contrail-kube-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: contrail-kube-manager subjects: - kind: ServiceAccount name: contrail-kube-manager namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: contrail-kube-manager-token namespace: kube-system annotations: kubernetes.io/service-account.name: contrail-kube-manager type: kubernetes.io/service-account-token