# Create this manifest using kubectl to deploy # the Calico policy controller on Kubernetes. # It deploys a single instance of the policy controller. apiVersion: extensions/v1beta1 kind: ReplicaSet metadata: name: calico-policy-controller namespace: kube-system labels: k8s-app: calico-policy spec: # Only a single instance of the policy controller should be # active at a time. Since this pod is run as a ReplicaSet, # Kubernetes will ensure the pod is recreated in case of failure, # removing the need for passive backups. replicas: 1 template: metadata: name: calico-policy-controller namespace: kube-system labels: k8s-app: calico-policy annotations: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: | [{"key": "dedicated", "value": "master", "effect": "NoSchedule" }, {"key":"CriticalAddonsOnly", "operator":"Exists"}] spec: hostNetwork: true containers: - name: calico-policy-controller # Make sure to pin this to your desired version. image: calico/kube-policy-controller:v0.4.0 env: # Configure the policy controller with the location of # your etcd cluster. - name: ETCD_ENDPOINTS value: "" # Location of the Kubernetes API - this shouldn't need to be # changed so long as it is used in conjunction with # CONFIGURE_ETC_HOSTS="true". - name: K8S_API value: "https://kubernetes.default:443" # Configure /etc/hosts within the container to resolve # the kubernetes.default Service to the correct clusterIP # using the environment provided by the kubelet. # This removes the need for KubeDNS to resolve the Service. - name: CONFIGURE_ETC_HOSTS value: "true"