-
Notifications
You must be signed in to change notification settings - Fork 0
/
ziti-daemonset-tun.yml
46 lines (46 loc) · 1.29 KB
/
ziti-daemonset-tun.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ziti-run-node
spec:
selector:
matchLabels:
app: ziti-edge-tunnel
template:
metadata:
labels:
app: ziti-edge-tunnel
spec:
containers:
- image: netfoundry/ziti-edge-tunnel:latest
name: ziti-edge-tunnel
env:
- name: NF_REG_NAME
value: ziti-identity
volumeMounts:
- name: ziti-enrolled-identity
mountPath: /ziti-edge-tunnel
readOnly: true
- name: system-bus-socket
mountPath: /var/run/dbus/system_bus_socket
securityContext:
privileged: true
args:
- --verbose=3
- --dns-ip-range=100.64.64.0/18
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
kubernetes.io/role: node
restartPolicy: Always
volumes:
- name: ziti-enrolled-identity
secret: # kubectl create secret generic ziti-enrolled-identity --from-file=ziti-enrolled-identity=./myZitiIdentityFile.json
secretName: ziti-enrolled-identity
defaultMode: 0400
items:
- key: ziti-enrolled-identity
path: ziti-identity.json
- name: system-bus-socket
hostPath:
path: /var/run/dbus/system_bus_socket