--- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-windows-cfg namespace: kube-flannel labels: tier: node app: flannel data: cni-conf-containerd.json: | { "name": "flannel.4096", "cniVersion": "0.3.0", "type": "flannel", "capabilities": { "portMappings": true, "dns": true }, "delegate": { "type": "sdnoverlay", "AdditionalArgs": [ { "Name": "EndpointPolicy", "Value": { "Type": "OutBoundNAT", "Settings" : { "Exceptions": [] } } }, { "Name": "EndpointPolicy", "Value": { "Type": "SDNROUTE", "Settings": { "DestinationPrefix": "", "NeedEncap": true } } }, { "Name":"EndpointPolicy", "Value":{ "Type":"ProviderAddress", "Settings":{ "ProviderAddress":"" } } } ] } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds-windows-amd64 labels: tier: node app: flannel namespace: kube-flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - windows - key: kubernetes.io/arch operator: In values: - amd64 securityContext: windowsOptions: hostProcess: true runAsUserName: "NT AUTHORITY\\system" hostNetwork: true serviceAccountName: flannel tolerations: - operator: Exists effect: NoSchedule # Mark the pod as a critical add-on for rescheduling. - key: CriticalAddonsOnly operator: Exists - effect: NoExecute operator: Exists containers: - name: kube-flannel image: sigwindowstools/flannel:FLANNEL_VERSION-hostprocess imagePullPolicy: Always volumeMounts: - name: flannel-cfg mountPath: /mounts/kube-flannel/ - name: flannel-windows-cfg mountPath: /mounts/kube-flannel-windows/ env: - name: CNI_BIN_PATH value: C:\\opt\\cni\\bin - name: CNI_CONFIG_PATH value: C:\\etc\\cni\\net.d - name: SERVICE_SUBNET value: 10.96.0.0/12 # As of now with the currently used flannel version (last checked with v0.21.5) we need to overwrite KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT # in order to be able to reach the kubernetes api server. Under windows it's currently not possible to reach it over the service created by kubernetes # For more context and details check the corresponding PR: https://github.com/kubernetes-sigs/sig-windows-tools/pull/314 # Especially the comments in this review: https://github.com/kubernetes-sigs/sig-windows-tools/pull/314#discussion_r1238815189 # There is also a follow up issue on the flannel side: https://github.com/flannel-io/flannel/issues/1772 # Once this issue is solved we should be able to remove the custom host and port to the kubernetes api server - name: KUBERNETES_SERVICE_HOST value: KUBERNETES_SERVICE_HOST_VALUE - name: KUBERNETES_SERVICE_PORT value: "KUBERNETES_SERVICE_PORT_VALUE" - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace volumes: - name: flannel-cfg configMap: name: kube-flannel-cfg - name: flannel-windows-cfg configMap: name: kube-flannel-windows-cfg