更新时间:2021-12-25 GMT+08:00
分享

Calicoctl部署yaml文件

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
# Calico Version v3.13.1
# https://docs.projectcalico.org/releases#v3.13.1
# This manifest includes the following component versions:
#   calico/ctl:v3.13.1

apiVersion: v1
kind: ServiceAccount
metadata:
name: calicoctl
namespace: kube-system

---

apiVersion: v1
kind: Pod
metadata:
name: calicoctl
namespace: kube-system
spec:
nodeSelector:
kubernetes.io/os: linux
hostNetwork: true
serviceAccountName: calicoctl
containers:
- name: calicoctl
image: calico/ctl:v3.13.1
command: ["/bin/sh", "-c", "while true; do sleep 3600; done"]
env:
- name: DATASTORE_TYPE
value: kubernetes

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calicoctl
rules:
- apiGroups: [""]
resources:
- namespaces
- nodes
verbs:
- get
- list
- update
- apiGroups: [""]
resources:
- nodes/status
verbs:
- update
- apiGroups: [""]
resources:
- pods
- serviceaccounts
verbs:
- get
- list
- apiGroups: [""]
resources:
- pods/status
verbs:
- update
- apiGroups: ["crd.projectcalico.org"]
resources:
- bgppeers
- bgpconfigurations
- clusterinformations
- felixconfigurations
- globalnetworkpolicies
- globalnetworksets
- ippools
- kubecontrollersconfigurations
- networkpolicies
- networksets
- hostendpoints
- ipamblocks
- blockaffinities
- ipamhandles
- ipamconfigs
verbs:
- create
- get
- list
- update
- delete
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs:
- get
- list

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: calicoctl
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calicoctl
subjects:
- kind: ServiceAccount
name: calicoctl
namespace: kube-system
分享:

    相关文档

    相关产品

close