Skip to content

contrail.yml

dineshb-jnpr edited this page Jul 17, 2018 · 8 revisions

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: env
  namespace: kube-system
data:
  AAA_MODE: no-auth
  AUTH_MODE: noauth
  CLOUD_ORCHESTRATOR: kubernetes
  LOG_LEVEL: SYS_NOTICE
  METADATA_PROXY_SECRET: contrail
  RABBITMQ_NODE_PORT: "5673"
  ZOOKEEPER_ANALYTICS_PORT: "2182"
  ZOOKEEPER_PORTS: "2888:3888"
  ZOOKEEPER_NODES: {{ K8S_MASTER_IP }}
  RABBITMQ_NODES: {{ K8S_MASTER_IP }}
  CONTROLLER_NODES: {{ K8S_MASTER_IP }}
  VROUTER_GATEWAY: {{ K8S_MASTER_IP }}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: configzookeeperenv
  namespace: kube-system
data:
  ZOOKEEPER_PORT: "2181"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: analyticszookeeperenv
  namespace: kube-system
data:
  ZOOKEEPER_PORT: "2182"

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nodemgr-config
  namespace: kube-system
data:
  DOCKER_HOST: "unix://mnt/docker.sock"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: contrail-analyticsdb-config
  namespace: kube-system
data:
  CASSANDRA_SEEDS: {{ K8S_MASTER_IP }}
  CASSANDRA_CLUSTER_NAME: Contrail
  CASSANDRA_START_RPC: "true"
  CASSANDRA_LISTEN_ADDRESS: auto
  CASSANDRA_PORT: "9160"
  CASSANDRA_CQL_PORT: "9042"
  CASSANDRA_SSL_STORAGE_PORT: "7001"
  CASSANDRA_STORAGE_PORT: "7000"
  CASSANDRA_JMX_LOCAL_PORT: "7200"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: contrail-configdb-config
  namespace: kube-system
data:
  CASSANDRA_SEEDS: {{ K8S_MASTER_IP }}
  CASSANDRA_CLUSTER_NAME: ContrailConfigDB
  CASSANDRA_START_RPC: "true"
  CASSANDRA_LISTEN_ADDRESS: auto
  CASSANDRA_PORT: "9161"
  CASSANDRA_CQL_PORT: "9041"
  CASSANDRA_SSL_STORAGE_PORT: "7011"
  CASSANDRA_STORAGE_PORT: "7010"
  CASSANDRA_JMX_LOCAL_PORT: "7201"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: rabbitmq-config
  namespace: kube-system
data:
  RABBITMQ_ERLANG_COOKIE: "47EFF3BB-4786-46E0-A5BB-58455B3C2CB4"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-manager-config
  namespace: kube-system
data:
  KUBERNETES_API_SERVER: {{ K8S_MASTER_IP }}
  KUBERNETES_API_SECURE_PORT: "6443"
  K8S_TOKEN_FILE: "/tmp/serviceaccount/token"
# Containers section
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: config-zookeeper
  namespace: kube-system
  labels:
    app: config-zookeeper
spec:
  template:
    metadata:
      labels:
        app: config-zookeeper
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      containers:
      - name: config-zookeeper
        image: "docker.io/opencontrailnightly/contrail-external-zookeeper:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/lib/zookeeper
          name: zookeeper-data
        - mountPath: /var/log/zookeeper
          name: zookeeper-logs
      volumes:
      - name: zookeeper-data
        hostPath:
          path: /var/lib/contrail/config-zookeeper
      - name: zookeeper-logs
        hostPath:
          path: /var/log/contrail/config-zookeeper
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: analytics-zookeeper
  namespace: kube-system
  labels:
    app: analytics-zookeeper
spec:
  template:
    metadata:
      labels:
        app: analytics-zookeeper
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      containers:
      - name: analytics-zookeeper
        image: "docker.io/opencontrailnightly/contrail-external-zookeeper:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        volumeMounts:
        - mountPath: /var/lib/zookeeper
          name: zookeeper-data
        - mountPath: /var/log/zookeeper
          name: zookeeper-logs
      volumes:
      - name: zookeeper-data
        hostPath:
          path: /var/lib/contrail/analytics-zookeeper
      - name: zookeeper-logs
        hostPath:
          path: /var/log/contrail/analytics-zookeeper
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kafka
  namespace: kube-system
  labels:
    app: kafka
spec:
  template:
    metadata:
      labels:
        app: kafka
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      containers:
      - name: kafka
        image: "docker.io/opencontrailnightly/contrail-external-kafka:latest"
        imagePullPolicy: ""
        env:
        - name: NODE_TYPE
          value: database
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        volumeMounts:
        - mountPath: /tmp/kafka-logs
          name: kafka-logs
      volumes:
      - name: kafka-logs
        hostPath:
          path: /var/lib/contrail/kafka-logs
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-analyticsdb
  namespace: kube-system
  labels:
    app: contrail-analyticsdb
spec:
  template:
    metadata:
      labels:
        app: contrail-analyticsdb
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      containers:
      - name: contrail-analyticsdb
        image: "docker.io/opencontrailnightly/contrail-external-cassandra:latest"
        imagePullPolicy: ""
        env:
        - name: NODE_TYPE
          value: database
        envFrom:
        - configMapRef:
            name: contrail-analyticsdb-config
        volumeMounts:
        - mountPath: /var/lib/cassandra
          name: analyticsdb-data
        - mountPath: /var/log/cassandra
          name: analyticsdb-logs
      volumes:
      - name: analyticsdb-data
        hostPath:
          path: /var/lib/contrail/analyticsdb
      - name: analyticsdb-logs
        hostPath:
          path: /var/log/contrail/analyticsdb
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-configdb
  namespace: kube-system
  labels:
    app: contrail-configdb
spec:
  template:
    metadata:
      labels:
        app: contrail-configdb
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      containers:
      - name: contrail-configdb
        image: "docker.io/opencontrailnightly/contrail-external-cassandra:latest"
        imagePullPolicy: ""
        env:
        - name: NODE_TYPE
          value: config
        envFrom:
        - configMapRef:
            name: contrail-configdb-config
        volumeMounts:
        - mountPath: /var/lib/cassandra
          name: configdb-data
        - mountPath: /var/log/cassandra
          name: configdb-log
      volumes:
      - name: configdb-data
        hostPath:
          path: /var/lib/contrail/configdb
      - name: configdb-log
        hostPath:
          path: /var/log/contrail/configdb
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-database-nodemgr
  namespace: kube-system
  labels:
    app: contrail-database-nodemgr
spec:
  template:
    metadata:
      labels:
        app: contrail-database-nodemgr
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        env:
        - name: CONTRAIL_STATUS_IMAGE
          value: "docker.io/opencontrailnightly/contrail-status:latest"
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        volumeMounts:
        - mountPath: /host/usr/bin
          name: host-usr-bin
      containers:
      - name: contrail-database-nodemgr
        image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: nodemgr-config
        - configMapRef:
            name: analyticszookeeperenv
        env:
        - name: NODE_TYPE
          value: database
        - name: DATABASE_NODEMGR__DEFAULTS__minimum_diskGB
          value: "2"
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
#   path: /var/run/docker.sock and
#   type: Socket
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analyticsdb-logs
        - mountPath: /mnt
          name: docker-unix-socket
      volumes:
      - name: analyticsdb-logs
        hostPath:
          path: /var/log/contrail/analyticsdb
      - name: docker-unix-socket
        hostPath:
          path: /var/run
      - name: host-usr-bin
        hostPath:
          path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-analytics
  namespace: kube-system
  labels:
    app: contrail-analytics
spec:
  template:
    metadata:
      labels:
        app: contrail-analytics
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        env:
        - name: CONTRAIL_STATUS_IMAGE
          value: "docker.io/opencontrailnightly/contrail-status:latest"
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        volumeMounts:
        - mountPath: /host/usr/bin
          name: host-usr-bin
      containers:
      - name: contrail-analytics-api
        image: "docker.io/opencontrailnightly/contrail-analytics-api:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analytics-logs
      - name: contrail-analytics-collector
        image: "docker.io/opencontrailnightly/contrail-analytics-collector:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analytics-logs
      - name: contrail-analytics-alarm-gen
        image: "docker.io/opencontrailnightly/contrail-analytics-alarm-gen:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analytics-logs
      - name: contrail-analytics-query-engine
        image: "docker.io/opencontrailnightly/contrail-analytics-query-engine:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analytics-logs
      - name: contrail-analytics-snmp-collector
        image: "docker.io/opencontrailnightly/contrail-analytics-snmp-collector:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analytics-logs
      - name: contrail-analytics-topology
        image: "docker.io/opencontrailnightly/contrail-analytics-topology:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analytics-logs
      - name: contrail-analytics-nodemgr
        image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: analyticszookeeperenv
        - configMapRef:
            name: nodemgr-config
        env:
        - name: NODE_TYPE
          value: analytics
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
#   path: /var/run/docker.sock and
#   type: Socket
        volumeMounts:
        - mountPath: /var/log/contrail
          name: analytics-logs
        - mountPath: /mnt
          name: docker-unix-socket
      volumes:
      - name: analytics-logs
        hostPath:
          path: /var/log/contrail/analytics
      - name: docker-unix-socket
        hostPath:
          path: /var/run
      - name: host-usr-bin
        hostPath:
          path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-controller-control
  namespace: kube-system
  labels:
    app: contrail-controller-control
spec:
  template:
    metadata:
      labels:
        app: contrail-controller-control
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        env:
        - name: CONTRAIL_STATUS_IMAGE
          value: "docker.io/opencontrailnightly/contrail-status:latest"
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /host/usr/bin
          name: host-usr-bin
      containers:
      - name: contrail-controller-control
        image: "docker.io/opencontrailnightly/contrail-controller-control-control:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: control-logs
      - name: contrail-controller-control-dns
        image: "docker.io/opencontrailnightly/contrail-controller-control-dns:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /etc/contrail
          name: dns-config
        - mountPath: /var/log/contrail
          name: control-logs
      - name: contrail-controller-control-named
        image: "docker.io/opencontrailnightly/contrail-controller-control-named:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /etc/contrail
          name: dns-config
        - mountPath: /var/log/contrail
          name: control-logs
      - name: contrail-controller-nodemgr
        image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        - configMapRef:
            name: nodemgr-config
        env:
        - name: NODE_TYPE
          value: control
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
#   path: /var/run/docker.sock and
#   type: Socket
        volumeMounts:
        - mountPath: /var/log/contrail
          name: control-logs
        - mountPath: /mnt
          name: docker-unix-socket
      volumes:
      - name: control-logs
        hostPath:
          path: /var/log/contrail/control
      - name: docker-unix-socket
        hostPath:
          path: /var/run
      - name: dns-config
        emptyDir: {}
      - name: host-usr-bin
        hostPath:
          path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-controller-config
  namespace: kube-system
  labels:
    app: contrail-controller-config
spec:
  template:
    metadata:
      labels:
        app: contrail-controller-config
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        env:
        - name: CONTRAIL_STATUS_IMAGE
          value: "docker.io/opencontrailnightly/contrail-status:latest"
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /host/usr/bin
          name: host-usr-bin
      containers:
      - name: contrail-controller-config-api
        image: "docker.io/opencontrailnightly/contrail-controller-config-api:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: config-logs
      - name: contrail-controller-config-devicemgr
        image: "docker.io/opencontrailnightly/contrail-controller-config-devicemgr:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: config-logs
      - name: contrail-controller-config-schema
        image: "docker.io/opencontrailnightly/contrail-controller-config-schema:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: config-logs
      - name: contrail-controller-config-svcmonitor
        image: "docker.io/opencontrailnightly/contrail-controller-config-svcmonitor:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: config-logs
      - name: contrail-controller-config-nodemgr
        image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        - configMapRef:
            name: nodemgr-config
        env:
        - name: NODE_TYPE
          value: config
        - name: CASSANDRA_CQL_PORT
          value: "9041"
        - name: CASSANDRA_JMX_LOCAL_PORT
          value: "7201"
        - name: CONFIG_NODEMGR__DEFAULTS__minimum_diskGB
          value: "2"
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
#   path: /var/run/docker.sock and
#   type: Socket
        volumeMounts:
        - mountPath: /var/log/contrail
          name: config-logs
        - mountPath: /mnt
          name: docker-unix-socket
      volumes:
      - name: config-logs
        hostPath:
          path: /var/log/contrail/config
      - name: docker-unix-socket
        hostPath:
          path: /var/run
      - name: host-usr-bin
        hostPath:
          path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-controller-webui
  namespace: kube-system
  labels:
    app: contrail-controller-webui
spec:
  template:
    metadata:
      labels:
        app: contrail-controller-webui
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        env:
        - name: CONTRAIL_STATUS_IMAGE
          value: "docker.io/opencontrailnightly/contrail-status:latest"
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /host/usr/bin
          name: host-usr-bin
      containers:
      - name: contrail-controller-webui-job
        image: "docker.io/opencontrailnightly/contrail-controller-webui-job:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: webui-logs
      - name: contrail-controller-webui-web
        image: "docker.io/opencontrailnightly/contrail-controller-webui-web:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/log/contrail
          name: webui-logs
      volumes:
      - name: webui-logs
        hostPath:
          path: /var/log/contrail/webui
      - name: host-usr-bin
        hostPath:
          path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: redis
  namespace: kube-system
  labels:
    app: redis
spec:
  template:
    metadata:
      labels:
        app: redis
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      containers:
      - name: redis
        image: "redis:4.0.2"
        imagePullPolicy: ""
        volumeMounts:
        - mountPath: /var/lib/redis
          name: redis-data
        - mountPath: /var/log/redis
          name: redis-logs
      volumes:
      - name: redis-data
        hostPath:
          path: /var/lib/contrail/redis
      - name: redis-logs
        hostPath:
          path: /var/log/contrail/redis
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: rabbitmq
  namespace: kube-system
  labels:
    app: rabbitmq
spec:
  template:
    metadata:
      labels:
        app: rabbitmq
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      hostNetwork: true
      containers:
      - name: rabbitmq
        image: "docker.io/opencontrailnightly/contrail-external-rabbitmq:latest"
        imagePullPolicy: ""
        env:
        - name: NODE_TYPE
          value: config
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        - configMapRef:
            name: rabbitmq-config
        volumeMounts:
        - mountPath: /var/lib/rabbitmq
          name: rabbitmq-data
        - mountPath: /var/log/rabbitmq
          name: rabbitmq-logs
      volumes:
      - name: rabbitmq-data
        hostPath:
          path: /var/lib/contrail/rabbitmq
      - name: rabbitmq-logs
        hostPath:
          path: /var/log/contrail/rabbitmq
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-kube-manager
  namespace: kube-system
  labels:
    app: contrail-kube-manager
spec:
  template:
    metadata:
      labels:
        app: contrail-kube-manager
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "node-role.kubernetes.io/master"
                operator: Exists
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      automountServiceAccountToken: false
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        env:
        - name: CONTRAIL_STATUS_IMAGE
          value: "docker.io/opencontrailnightly/contrail-status:latest"
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /host/usr/bin
          name: host-usr-bin
      containers:
      - name: contrail-kube-manager
        image: "docker.io/opencontrailnightly/contrail-kubernetes-kube-manager:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        - configMapRef:
            name: kube-manager-config
        volumeMounts:
        - mountPath: /var/log/contrail
          name: kube-manager-logs
        - mountPath: /tmp/serviceaccount
          name: pod-secret
      volumes:
      - name: kube-manager-logs
        hostPath:
          path: /var/log/contrail/kube-manager
      - name: pod-secret
        secret:
          secretName: contrail-kube-manager-token
      - name: host-usr-bin
        hostPath:
          path: /usr/bin
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-agent
  namespace: kube-system
  labels:
    app: contrail-agent
spec:
  template:
    metadata:
      labels:
        app: contrail-agent
    spec:
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      automountServiceAccountToken: false
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        env:
        - name: CONTRAIL_STATUS_IMAGE
          value: "docker.io/opencontrailnightly/contrail-status:latest"
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /host/usr/bin
          name: host-usr-bin
      - name: contrail-vrouter-kernel-init
        image: "docker.io/opencontrailnightly/contrail-vrouter-kernel-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /usr/src
          name: usr-src
        - mountPath: /lib/modules
          name: lib-modules
        - mountPath: /etc/sysconfig/network-scripts
          name: network-scripts
        - mountPath: /host/bin
          name: host-bin
      - name: contrail-kubernetes-cni-init
        image: "docker.io/opencontrailnightly/contrail-kubernetes-cni-init:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /var/lib/contrail
          name: var-lib-contrail
        - mountPath: /host/etc_cni
          name: etc-cni
        - mountPath: /host/opt_cni_bin
          name: opt-cni-bin
        - mountPath: /host/log_cni
          name: var-log-contrail-cni
        - mountPath: /var/log/contrail
          name: agent-logs
      containers:
      - name: contrail-vrouter-agent
        image: "docker.io/opencontrailnightly/contrail-vrouter-agent:latest"
        imagePullPolicy: ""
        # TODO: Priveleged mode is requied because w/o it the device /dev/net/tun
        # is not present in the container. The mounting it into container
        # doesnt help because of permissions are not enough syscalls,
        # e.g. https://github.com/Juniper/contrail-controller/blob/master/src/vnsw/agent/contrail/linux/pkt0_interface.cc: 48.
        securityContext:
          privileged: true
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        volumeMounts:
        - mountPath: /dev
          name: dev
        - mountPath: /etc/sysconfig/network-scripts
          name: network-scripts
        - mountPath: /host/bin
          name: host-bin
        - mountPath: /var/log/contrail
          name: agent-logs
        - mountPath: /usr/src
          name: usr-src
        - mountPath: /lib/modules
          name: lib-modules
        - mountPath: /var/lib/contrail
          name: var-lib-contrail
        - mountPath: /var/crashes
          name: var-crashes
        - mountPath: /tmp/serviceaccount
          name: pod-secret
      - name: contrail-agent-nodemgr
        image: "docker.io/opencontrailnightly/contrail-nodemgr:latest"
        imagePullPolicy: ""
        envFrom:
        - configMapRef:
            name: env
        - configMapRef:
            name: configzookeeperenv
        - configMapRef:
            name: nodemgr-config
        env:
        - name: NODE_TYPE
          value: vrouter
# todo: there is type Socket in new kubernetes, it is possible to use full
# path:
# hostPath:
#   path: /var/run/docker.sock and
#   type: Socket
        volumeMounts:
        - mountPath: /var/log/contrail
          name: agent-logs
        - mountPath: /mnt
          name: docker-unix-socket
      volumes:
      - name: dev
        hostPath:
          path: /dev
      - name: network-scripts
        hostPath:
          path: /etc/sysconfig/network-scripts
      - name: host-bin
        hostPath:
          path: /bin
      - name: docker-unix-socket
        hostPath:
          path: /var/run
      - name: pod-secret
        secret:
          secretName: contrail-kube-manager-token
      - name: usr-src
        hostPath:
          path: /usr/src
      - name: lib-modules
        hostPath:
          path: /lib/modules
      - name: var-lib-contrail
        hostPath:
          path: /var/lib/contrail
      - name: var-crashes
        hostPath:
          path: /var/contrail/crashes
      - name: etc-cni
        hostPath:
          path: /etc/cni
      - name: opt-cni-bin
        hostPath:
          path: /opt/cni/bin
      - name: var-log-contrail-cni
        hostPath:
          path: /var/log/contrail/cni
      - name: agent-logs
        hostPath:
          path: /var/log/contrail/agent
      - name: host-usr-bin
        hostPath:
          path: /usr/bin

# Meta information section
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: contrail-kube-manager
  namespace: kube-system
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: contrail-kube-manager
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: contrail-kube-manager
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: contrail-kube-manager
subjects:
- kind: ServiceAccount
  name: contrail-kube-manager
  namespace: kube-system
---
apiVersion: v1
kind: Secret
metadata:
  name: contrail-kube-manager-token
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: contrail-kube-manager
type: kubernetes.io/service-account-token

Clone this wiki locally