Skip to content

Instantly share code, notes, and snippets.

@joejulian

joejulian/kube-flannel-rbac.yaml

Created August 30, 2017 16:14
Show Gist options
  • Save joejulian/a5f308f73bfee7444810870313cec251 to your computer and use it in GitHub Desktop.
Save joejulian/a5f308f73bfee7444810870313cec251 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kube-flannel-rbac.yaml
# Create the clusterrole and clusterrolebinding:
# $ kubectl create -f kube-flannel-rbac.yml
# Create the pod using the same namespace used by the flannel serviceaccount:
# $ kubectl create --namespace kube-system -f kube-flannel.yml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
Raw
kube-flannel.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"type": "flannel",
"delegate": {
"isDefaultGateway": true
}
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-system
labels:
tier: node
app: flannel
spec:
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
serviceAccountName: flannel
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.8.0-amd64
command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: install-cni
image: quay.io/coreos/flannel:v0.8.0-amd64
command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ]
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
@rushins
Copy link

rushins commented Dec 1, 2017

hi joe,

our kubernetes is 1.84 with SUSE linux and i believe its RBAC , so i used FLANNEL files (RBAC and flannel) , however my FLANNEL pods crashing. Do you know what could be the issue

@rushins
Copy link

rushins commented Dec 1, 2017

getting this error
annel:v0.8.0-amd64" already present on machine
5m 1m 6 kubelet, lvkubadmsle1 spec.containers{kube-flannel} Normal Created Created container
5m 1m 6 kubelet, lvkubadmsle1 spec.containers{kube-flannel} Normal Started Started container
4m 8s 20 kubelet, lvkubadmsle1 spec.containers{kube-flannel} Warning BackOff Back-off restarting failed container
4m 8s 20 kubelet, lvkubadmsle1 Warning FailedSync Error syncing pod

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment