From cc60000827e12dc2824e5f238b5993c9aee90e63 Mon Sep 17 00:00:00 2001 From: Frank Filippone <19481166+frankfil@users.noreply.github.com> Date: Fri, 24 Sep 2021 09:19:15 +1000 Subject: [PATCH] Update weave template to match source for 2.8.1 --- .../weave/templates/weave-net.yml.j2 | 44 ++++++++++++------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2 index abf0ec7ac10..d32cfe9cf91 100644 --- a/roles/network_plugin/weave/templates/weave-net.yml.j2 +++ b/roles/network_plugin/weave/templates/weave-net.yml.j2 @@ -27,7 +27,7 @@ items: - list - watch - apiGroups: - - networking.k8s.io + - extensions resources: - networkpolicies verbs: @@ -35,20 +35,20 @@ items: - list - watch - apiGroups: - - '' + - 'networking.k8s.io' resources: - - nodes/status + - networkpolicies verbs: - - patch - - update + - get + - list + - watch - apiGroups: - - policy - resourceNames: - - privileged + - '' resources: - - podsecuritypolicies + - nodes/status verbs: - - use + - patch + - update - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -67,16 +67,16 @@ items: kind: Role metadata: name: weave-net + namespace: kube-system labels: name: weave-net - namespace: kube-system rules: - apiGroups: - '' - resourceNames: - - weave-net resources: - configmaps + resourceNames: + - weave-net verbs: - get - update @@ -90,9 +90,9 @@ items: kind: RoleBinding metadata: name: weave-net + namespace: kube-system labels: name: weave-net - namespace: kube-system roleRef: kind: Role name: weave-net @@ -109,16 +109,16 @@ items: name: weave-net namespace: kube-system spec: - minReadySeconds: 5 + # Wait 5 seconds to let pod connect before rolling next pod selector: matchLabels: name: weave-net + minReadySeconds: 5 template: metadata: labels: name: weave-net spec: - priorityClassName: system-node-critical initContainers: - name: weave-init image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} @@ -217,6 +217,9 @@ items: - name: dbus mountPath: /host/var/lib/dbus readOnly: true + - mountPath: /host/etc/machine-id + name: cni-machine-id + readOnly: true - name: xtables-lock mountPath: /run/xtables.lock readOnly: false @@ -246,7 +249,10 @@ items: seLinuxOptions: {} serviceAccountName: weave-net tolerations: - - operator: Exists + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists volumes: - name: weavedb hostPath: @@ -260,6 +266,9 @@ items: - name: cni-conf hostPath: path: /etc + - name: cni-machine-id + hostPath: + path: /etc/machine-id - name: dbus hostPath: path: /var/lib/dbus @@ -270,6 +279,7 @@ items: hostPath: path: /run/xtables.lock type: FileOrCreate + priorityClassName: system-node-critical updateStrategy: rollingUpdate: maxUnavailable: {{ serial | default('20%') }}