richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2449 Commits
29 Branches
81 Tags
147 MiB
Tree: 27a1a697e7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '27a1a697e7'
${ noResults }
kubespray/roles/network_plugin/calico/templates/calico-node.yml.j2

176 lines
6.0 KiB
Raw Normal View History

Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Adding calico/node env vars for prometheus configuration
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make calico_node_ignorelooserpf have an effect (#1945)
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
  1. ---
  2. # This manifest installs the calico/node container, as well
  3. # as the Calico CNI plugins and network config on
  4. # each master and worker node in a Kubernetes cluster.
  5. kind: DaemonSet
  6. apiVersion: extensions/v1beta1
  7. metadata:
  8. name: calico-node
  9. namespace: {{ system_namespace }}
  10. labels:
  11. k8s-app: calico-node
  12. spec:
  13. selector:
  14. matchLabels:
  15. k8s-app: calico-node
  16. template:
  17. metadata:
  18. labels:
  19. k8s-app: calico-node
  20. annotations:
  21. scheduler.alpha.kubernetes.io/critical-pod: ''
  22. kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
  23. spec:
  24. hostNetwork: true
  25. {% if rbac_enabled %}
  26. serviceAccountName: calico-node
  27. {% endif %}
  28. tolerations:
  29. - effect: NoSchedule
  30. operator: Exists
  31. containers:
  32. # Runs calico/node container on each Kubernetes node. This
  33. # container programs network policy and routes on each
  34. # host.
  35. - name: calico-node
  36. image: {{ calico_node_image_repo }}:{{ calico_node_image_tag }}
  37. env:
  38. # The location of the Calico etcd cluster.
  39. - name: ETCD_ENDPOINTS
  40. valueFrom:
  41. configMapKeyRef:
  42. name: calico-config
  43. key: etcd_endpoints
  44. # Choose the backend to use.
  45. - name: CALICO_NETWORKING_BACKEND
  46. valueFrom:
  47. configMapKeyRef:
  48. name: calico-config
  49. key: calico_backend
  50. # Cluster type to identify the deployment type
  51. - name: CLUSTER_TYPE
  52. valueFrom:
  53. configMapKeyRef:
  54. name: calico-config
  55. key: cluster_type
  56. # Disable file logging so `kubectl logs` works.
  57. - name: CALICO_DISABLE_FILE_LOGGING
  58. value: "true"
  59. # Set Felix endpoint to host default action to ACCEPT.
  60. - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
  61. value: "{{ calico_endpoint_to_host_action|default('RETURN') }}"
  62. # should be set in etcd before deployment
  63. # # Configure the IP Pool from which Pod IPs will be chosen.
  64. # - name: CALICO_IPV4POOL_CIDR
  65. # value: "192.168.0.0/16"
  66. # - name: CALICO_IPV4POOL_IPIP
  67. # value: "always"
  68. # Disable IPv6 on Kubernetes.
  69. - name: FELIX_IPV6SUPPORT
  70. value: "false"
  71. # Set Felix logging to "info"
  72. - name: FELIX_LOGSEVERITYSCREEN
  73. value: "info"
  74. # Disable autocreation of pools
  75. - name: CALICO_NO_DEFAULT_POOLS
  76. value: "true"
  77. # Enable libnetwork
  78. - name: CALICO_LIBNETWORK_ENABLED
  79. value: "true"
  80. # Set MTU for tunnel device used if ipip is enabled
  81. {% if calico_mtu is defined %}
  82. - name: FELIX_IPINIPMTU
  83. value: "{{ calico_mtu }}"
  84. {% endif %}
  85. - name: FELIX_PROMETHEUSMETRICSENABLED
  86. value: "{{ calico_felix_prometheusmetricsenabled }}"
  87. - name: FELIX_PROMETHEUSMETRICSPORT
  88. value: "{{ calico_felix_prometheusmetricsport }}"
  89. - name: FELIX_PROMETHEUSGOMETRICSENABLED
  90. value: "{{ calico_felix_prometheusgometricsenabled }}"
  91. - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED
  92. value: "{{ calico_felix_prometheusprocessmetricsenabled }}"
  93. # Location of the CA certificate for etcd.
  94. - name: ETCD_CA_CERT_FILE
  95. valueFrom:
  96. configMapKeyRef:
  97. name: calico-config
  98. key: etcd_ca
  99. # Location of the client key for etcd.
  100. - name: ETCD_KEY_FILE
  101. valueFrom:
  102. configMapKeyRef:
  103. name: calico-config
  104. key: etcd_key
  105. # Location of the client certificate for etcd.
  106. - name: ETCD_CERT_FILE
  107. valueFrom:
  108. configMapKeyRef:
  109. name: calico-config
  110. key: etcd_cert
  111. - name: IP
  112. valueFrom:
  113. fieldRef:
  114. fieldPath: status.hostIP
  115. - name: NODENAME
  116. valueFrom:
  117. fieldRef:
  118. fieldPath: spec.nodeName
  119. - name: FELIX_HEALTHENABLED
  120. value: "true"
  121. - name: FELIX_IGNORELOOSERPF
  122. value: "{{ calico_node_ignorelooserpf }}"
  123. securityContext:
  124. privileged: true
  125. resources:
  126. limits:
  127. cpu: {{ calico_node_cpu_limit }}
  128. memory: {{ calico_node_memory_limit }}
  129. requests:
  130. cpu: {{ calico_node_cpu_requests }}
  131. memory: {{ calico_node_memory_requests }}
  132. livenessProbe:
  133. httpGet:
  134. path: /liveness
  135. port: 9099
  136. periodSeconds: 10
  137. initialDelaySeconds: 10
  138. failureThreshold: 6
  139. readinessProbe:
  140. httpGet:
  141. path: /readiness
  142. port: 9099
  143. periodSeconds: 10
  144. volumeMounts:
  145. - mountPath: /lib/modules
  146. name: lib-modules
  147. readOnly: true
  148. - mountPath: /var/run/calico
  149. name: var-run-calico
  150. readOnly: false
  151. - mountPath: /calico-secrets
  152. name: etcd-certs
  153. volumes:
  154. # Used by calico/node.
  155. - name: lib-modules
  156. hostPath:
  157. path: /lib/modules
  158. - name: var-run-calico
  159. hostPath:
  160. path: /var/run/calico
  161. # Used to install CNI.
  162. - name: cni-bin-dir
  163. hostPath:
  164. path: /opt/cni/bin
  165. - name: cni-net-dir
  166. hostPath:
  167. path: /etc/cni/net.d
  168. # Mount in the etcd TLS secrets.
  169. - name: etcd-certs
  170. hostPath:
  171. path: "{{ calico_cert_dir }}"
  172. updateStrategy:
  173. rollingUpdate:
  174. maxUnavailable: {{ serial | default('20%') }}
  175. type: RollingUpdate