apiVersion: apps/v1
kind: DaemonSet
metadata:
name: consul-agent
namespace: default
labels:
consul: consul-agent
spec:
selector:
matchLabels:
consul: consul-agent
template:
metadata:
labels:
consul: consul-agent
spec:
tolerations:
# this toleration is to have the daemonset runnable on master nodes
# remove it if your masters can't run pods
- operator: Exists
#effect: NoExecute
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: consul
operator: In
values:
- consul-agent
containers:
- name: consul-agent
image: harbor.ximalaya.local/base/consul:1.4.0
command:
- /bin/consul
args:
- agent
- -bind=$(CONSUL_BIND_ADDRESS)
- -client=0.0.0.0
- -config-dir=/consul/config/conf
resources:
limits:
cpu: 1
memory: 1024Mi
requests:
cpu: 100m
memory: 200Mi
env:
- name: CONSUL_BIND_ADDRESS
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
volumeMounts:
- name: consul-config
mountPath: /consul/config/conf
#- name: client-pem
# mountPath: /consul/config/client.pem
#- name: client-key-pem
# mountPath: /consul/config/client-key.pem
#- name: consul-ca-pem
# mountPath: /consul/config/consul-ca.pem
# readOnly: true
terminationGracePeriodSeconds: 30
hostNetwork: true
securityContext:
#runAsUser: 100
#runAsGroup: 1000
#runAsNonRoot: false
#fsGroup: 1000
volumes:
- name: consul-config
configMap:
name: consul
items:
- key: agent.json
path: agent.json
- key: client.pem
path: client.pem
- key: client-key.pem
path: client-key.pem
- key: consul-ca.pem
path: consul-ca.pem