From 590b4aa240c7615f665a2cb5817957ac1e7d127c Mon Sep 17 00:00:00 2001
From: Cyclinder <qifeng.guo@daocloud.io>
Date: Mon, 7 Nov 2022 09:34:17 +0800
Subject: [PATCH] adjust calico-kube-controller to non-hostnetwork pod (#9465)

Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io
---
 .../calico/templates/calico-kube-controllers.yml.j2            | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index 35e4959bb..bd15082f0 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -21,9 +21,10 @@ spec:
     spec:
       nodeSelector:
         {{ calico_policy_controller_deployment_nodeselector }}
-      hostNetwork: true
       serviceAccountName: calico-kube-controllers
       tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
         - key: node-role.kubernetes.io/master
           effect: NoSchedule
         - key: node-role.kubernetes.io/control-plane
-- 
GitLab