kubernetes/files/kube-addons/calico-policy/calico-policy-controller.yml - salt-formulas/kubernetes - Gitiles

 {%- from "kubernetes/map.jinja" import common with context -%}
 {%- from "kubernetes/map.jinja" import master with context -%}
 apiVersion: extensions/v1beta1
 kind: ReplicaSet
 metadata:
   name: calico-policy-controller
   namespace: {{ common.addons.calico_policy.namespace }}
   labels:
     k8s-app: calico-policy
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile
 spec:
   replicas: 1
   selector:
     matchLabels:
       k8s-app: calico-policy
   template:
     metadata:
       name: calico-policy-controller
       namespace: {{ common.addons.calico_policy.namespace }}
       labels:
         k8s-app: calico-policy
       annotations:
 {%- if common.addons.calico_policy.cni is defined %}
         cni: {{ common.addons.calico_policy.cni }}
 {%- endif %}
     spec:
       hostNetwork: true
       tolerations:
         - key: node-role.kubernetes.io/master
           effect: NoSchedule
       containers:
         - name: calico-policy-controller
           image: {{ common.addons.calico_policy.image }}
           imagePullPolicy: IfNotPresent
           resources:
             limits:
               cpu: 100m
               memory: 256M
             requests:
               cpu: 30m
               memory: 64M
           env:
             - name: ETCD_ENDPOINTS
               value: "{% for member in master.network.calico.etcd.members %}http{% if master.network.calico.etcd.get('ssl', {}).get('enabled') %}s{% endif %}://{{ member.host }}:{{ member.port }}{% if not loop.last %},{% endif %}{% endfor %}"
             - name: ETCD_CA_CERT_FILE
               value: "/var/lib/etcd/ca.pem"
             - name: ETCD_CERT_FILE
               value: "/var/lib/etcd/etcd-client.pem"
             - name: ETCD_KEY_FILE
               value: "/var/lib/etcd/etcd-client.pem"
             # Location of the Kubernetes API - this shouldn't need to be
             # changed so long as it is used in conjunction with
             # CONFIGURE_ETC_HOSTS="true".
             - name: K8S_API
               value: "https://kubernetes.default"
             # Configure /etc/hosts within the container to resolve
             # the kubernetes.default Service to the correct clusterIP
             # using the environment provided by the kubelet.
             # This removes the need for KubeDNS to resolve the Service.
             - name: CONFIGURE_ETC_HOSTS
               value: "true"
           volumeMounts:
           - mountPath: /var/lib/etcd/
             name: etcd-certs
             readOnly: true
       volumes:
       - hostPath:
           path: /var/lib/etcd
         name: etcd-certs
	{%- from "kubernetes/map.jinja" import common with context -%}
	{%- from "kubernetes/map.jinja" import master with context -%}
	apiVersion: extensions/v1beta1
	kind: ReplicaSet
	metadata:
	name: calico-policy-controller
	namespace: {{ common.addons.calico_policy.namespace }}
	labels:
	k8s-app: calico-policy
	kubernetes.io/cluster-service: "true"
	addonmanager.kubernetes.io/mode: Reconcile
	spec:
	replicas: 1
	selector:
	matchLabels:
	k8s-app: calico-policy
	template:
	metadata:
	name: calico-policy-controller
	namespace: {{ common.addons.calico_policy.namespace }}
	labels:
	k8s-app: calico-policy
	annotations:
	{%- if common.addons.calico_policy.cni is defined %}
	cni: {{ common.addons.calico_policy.cni }}
	{%- endif %}
	spec:
	hostNetwork: true
	tolerations:
	- key: node-role.kubernetes.io/master
	effect: NoSchedule
	containers:
	- name: calico-policy-controller
	image: {{ common.addons.calico_policy.image }}
	imagePullPolicy: IfNotPresent
	resources:
	limits:
	cpu: 100m
	memory: 256M
	requests:
	cpu: 30m
	memory: 64M
	env:
	- name: ETCD_ENDPOINTS
	value: "{% for member in master.network.calico.etcd.members %}http{% if master.network.calico.etcd.get('ssl', {}).get('enabled') %}s{% endif %}://{{ member.host }}:{{ member.port }}{% if not loop.last %},{% endif %}{% endfor %}"
	- name: ETCD_CA_CERT_FILE
	value: "/var/lib/etcd/ca.pem"
	- name: ETCD_CERT_FILE
	value: "/var/lib/etcd/etcd-client.pem"
	- name: ETCD_KEY_FILE
	value: "/var/lib/etcd/etcd-client.pem"
	# Location of the Kubernetes API - this shouldn't need to be
	# changed so long as it is used in conjunction with
	# CONFIGURE_ETC_HOSTS="true".
	- name: K8S_API
	value: "https://kubernetes.default"
	# Configure /etc/hosts within the container to resolve
	# the kubernetes.default Service to the correct clusterIP
	# using the environment provided by the kubelet.
	# This removes the need for KubeDNS to resolve the Service.
	- name: CONFIGURE_ETC_HOSTS
	value: "true"
	volumeMounts:
	- mountPath: /var/lib/etcd/
	name: etcd-certs
	readOnly: true
	volumes:
	- hostPath:
	path: /var/lib/etcd
	name: etcd-certs