1.     ---
    2.     kind: ClusterRoleBinding
    3.     apiVersion: rbac.authorization.k8s.io/v1
    4.     metadata:
    5.       name: flannel
    6.     roleRef:
    7.       apiGroup: rbac.authorization.k8s.io
    8.       kind: ClusterRole
    9.       name: flannel
    10.     subjects:
    11.     - kind: ServiceAccount
    12.       name: flannel
    13.       namespace: kube-system
    14.     ---
    15.     kind: ClusterRole
    16.     apiVersion: rbac.authorization.k8s.io/v1
    17.     metadata:
    18.       name: flannel
    19.     rules:
    20.       - apiGroups:
    21.           - ""
    22.         resources:
    23.           - pods
    24.         verbs:
    25.           - get
    26.       - apiGroups:
    27.           - ""
    28.         resources:
    29.           - nodes
    30.         verbs:
    31.           - list
    32.           - watch
    33.       - apiGroups:
    34.           - ""
    35.         resources:
    36.           - nodes/status
    37.         verbs:
    38.           - patch
    39.     ---
    40.     kind: ConfigMap
    41.     apiVersion: v1
    42.     metadata:
    43.       name: kube-flannel-cfg
    44.       namespace: "kube-system"
    45.       labels:
    46.         tier: node
    47.         app: flannel
    48.     data:
    49.       cni-conf.json: |
    50.         {
    51.           "name":"cbr0",
    52.           "cniVersion":"0.3.1",
    53.           "plugins":[
    54.             {
    56.               "delegate":{
    57.                 "forceAddress":true,
    58.                 "isDefaultGateway":true
    59.               }
    60.             {
    61.               "type":"portmap",
    62.               "capabilities":{
    63.                 "portMappings":true
    64.               }
    65.             }
    66.           ]
    67.         }
    68.       net-conf.json: |
    69.         {
    70.           "Network": "10.42.0.0/16",
    71.           "Backend": {
    72.             "Type": "vxlan"
    73.           }
    74.         }
    75.     ---
    76.     apiVersion: extensions/v1beta1
    77.     kind: DaemonSet
    78.     metadata:
    79.       name: kube-flannel
    80.       namespace: "kube-system"
    81.       labels:
    82.         tier: node
    83.         k8s-app: flannel
    84.     spec:
    85.       template:
    86.         metadata:
    87.           labels:
    88.             tier: node
    89.             k8s-app: flannel
    90.         spec:
    91.           affinity:
    92.             nodeAffinity:
    93.               requiredDuringSchedulingIgnoredDuringExecution:
    94.                 nodeSelectorTerms:
    95.                   - matchExpressions:
    96.                     - key: beta.kubernetes.io/os
    97.                       operator: NotIn
    98.                       values:
    99.                         - windows
    100.           serviceAccountName: flannel
    101.           containers:
    102.           - name: kube-flannel
    103.             image: rancher/coreos-flannel:v0.10.0-rancher1
    104.             imagePullPolicy: IfNotPresent
    105.             resources:
    106.               limits:
    107.                 cpu: 300m
    108.                 memory: 500M
    109.               requests:
    110.                 cpu: 150m
    111.                 memory: 64M
    112.             command: ["/opt/bin/flanneld","--ip-masq","--kube-subnet-mgr"]
    113.             securityContext:
    114.               privileged: true
    115.             env:
    117.               valueFrom:
    118.                 fieldRef:
    119.             - name: POD_NAMESPACE
    120.               valueFrom:
    121.                 fieldRef:
    122.                   fieldPath: metadata.namespace
    123.             volumeMounts:
    124.             - name: run
    125.               mountPath: /run
    126.             - name: cni
    127.               mountPath: /etc/cni/net.d
    128.             - name: flannel-cfg
    129.               mountPath: /etc/kube-flannel/
    130.           - name: install-cni
    131.             image: rancher/flannel-cni:v0.3.0-rancher1
    132.             command: ["/install-cni.sh"]
    133.             env:
    134.             # The CNI network config to install on each node.
    135.             - name: CNI_NETWORK_CONFIG
    136.               valueFrom:
    137.                 configMapKeyRef:
    138.                   name: kube-flannel-cfg
    139.                   key: cni-conf.json
    140.             - name: CNI_CONF_NAME
    141.               value: "10-flannel.conflist"
    142.             volumeMounts:
    143.             - name: cni
    144.               mountPath: /host/etc/cni/net.d
    145.             - name: host-cni-bin
    146.               mountPath: /host/opt/cni/bin/
    147.           hostNetwork: true
    148.           tolerations:
    149.           - operator: Exists
    150.             effect: NoSchedule
    151.           - operator: Exists
    152.             effect: NoExecute
    153.           - key: node.kubernetes.io/not-ready
    154.             effect: NoSchedule
    155.             operator: Exists
    156.           volumes:
    157.             - name: run
    158.               hostPath:
    159.                 path: /run
    160.             - name: cni
    161.               hostPath:
    162.                 path: /etc/cni/net.d
    163.             - name: flannel-cfg
    164.               configMap:
    165.                 name: kube-flannel-cfg
    166.             - name: host-cni-bin
    167.               hostPath:
    168.                 path: /opt/cni/bin
    169.       updateStrategy:
    170.         rollingUpdate:
    171.           maxUnavailable: 20%
    172.         type: RollingUpdate
    173.     ---
    174.     apiVersion: v1
    175.     kind: ServiceAccount
    176.     metadata: