richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3778 Commits
29 Branches
81 Tags
150 MiB
Tree: 4d2b6b71f2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4d2b6b71f2'
${ noResults }
kubespray/roles/network_plugin/canal/templates/canal-node.yaml.j2

229 lines
7.6 KiB
Raw Normal View History

Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Adding pod priority for all the components. (#3361) * Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
Enable scheduling of critical pods and network plugins on master Added toleration to DNS, netchecker, fluentd, canal, and calico policy. Also small fixes to make yamllint pass.
7 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
canal should mount xtables.lock to share the lock with other processes like kube-proxy
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
canal should mount xtables.lock to share the lock with other processes like kube-proxy
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
Update Calico to 2.4.1 release. - Switched Calico images to be pulled from quay.io - Updated Canal too
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix upgrade for canal and apiserver cert Fixes #1573
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Fix upgrade for canal and apiserver cert Fixes #1573
7 years ago
  1. ---
  2. kind: DaemonSet
  3. apiVersion: extensions/v1beta1
  4. metadata:
  5. name: canal-node
  6. namespace: kube-system
  7. labels:
  8. k8s-app: canal-node
  9. spec:
  10. selector:
  11. matchLabels:
  12. k8s-app: canal-node
  13. template:
  14. metadata:
  15. annotations:
  16. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  17. scheduler.alpha.kubernetes.io/critical-pod: ''
  18. labels:
  19. k8s-app: canal-node
  20. spec:
  21. {% if kube_version is version('v1.11.1', '>=') %}
  22. priorityClassName: system-node-critical
  23. {% endif %}
  24. hostNetwork: true
  25. serviceAccountName: canal
  26. tolerations:
  27. - operator: Exists
  28. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  29. - key: CriticalAddonsOnly
  30. operator: "Exists"
  31. volumes:
  32. # Used by calico/node.
  33. - name: lib-modules
  34. hostPath:
  35. path: /lib/modules
  36. - name: var-lib-calico
  37. hostPath:
  38. path: /var/lib/calico
  39. - name: var-run-calico
  40. hostPath:
  41. path: /var/run/calico
  42. # Used to install CNI.
  43. - name: cni-bin-dir
  44. hostPath:
  45. path: /opt/cni/bin
  46. - name: cni-net-dir
  47. hostPath:
  48. path: /etc/cni/net.d
  49. # Used by flannel daemon.
  50. - name: run-flannel
  51. hostPath:
  52. path: /run/flannel
  53. - name: resolv
  54. hostPath:
  55. path: /etc/resolv.conf
  56. - name: "canal-certs"
  57. hostPath:
  58. path: "{{ canal_cert_dir }}"
  59. - name: xtables-lock
  60. hostPath:
  61. path: /run/xtables.lock
  62. type: FileOrCreate
  63. containers:
  64. # Runs the flannel daemon to enable vxlan networking between
  65. # container hosts.
  66. - name: flannel
  67. image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
  68. imagePullPolicy: {{ k8s_image_pull_policy }}
  69. resources:
  70. limits:
  71. cpu: {{ flannel_cpu_limit }}
  72. memory: {{ flannel_memory_limit }}
  73. requests:
  74. cpu: {{ flannel_cpu_requests }}
  75. memory: {{ flannel_memory_requests }}
  76. env:
  77. # Cluster name
  78. - name: CLUSTER_NAME
  79. valueFrom:
  80. configMapKeyRef:
  81. name: canal-config
  82. key: cluster_name
  83. # The location of the etcd cluster.
  84. - name: FLANNELD_ETCD_ENDPOINTS
  85. valueFrom:
  86. configMapKeyRef:
  87. name: canal-config
  88. key: etcd_endpoints
  89. # The interface flannel should run on.
  90. - name: FLANNELD_IFACE
  91. valueFrom:
  92. configMapKeyRef:
  93. name: canal-config
  94. key: flanneld_iface
  95. # Perform masquerade on traffic leaving the pod cidr.
  96. - name: FLANNELD_IP_MASQ
  97. valueFrom:
  98. configMapKeyRef:
  99. name: canal-config
  100. key: masquerade
  101. # Set etcd-prefix
  102. - name: DOCKER_OPT_ETCD_PREFIX
  103. value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
  104. # Write the subnet.env file to the mounted directory.
  105. - name: FLANNELD_SUBNET_FILE
  106. value: "/run/flannel/subnet.env"
  107. # Etcd SSL vars
  108. - name: ETCD_CA_CERT_FILE
  109. valueFrom:
  110. configMapKeyRef:
  111. name: canal-config
  112. key: etcd_cafile
  113. - name: ETCD_CERT_FILE
  114. valueFrom:
  115. configMapKeyRef:
  116. name: canal-config
  117. key: etcd_certfile
  118. - name: ETCD_KEY_FILE
  119. valueFrom:
  120. configMapKeyRef:
  121. name: canal-config
  122. key: etcd_keyfile
  123. command:
  124. - "/bin/sh"
  125. - "-c"
  126. - "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network -etcd-cafile $(ETCD_CA_CERT_FILE) -etcd-certfile $(ETCD_CERT_FILE) -etcd-keyfile $(ETCD_KEY_FILE)"
  127. ports:
  128. - hostPort: 10253
  129. containerPort: 10253
  130. securityContext:
  131. privileged: true
  132. volumeMounts:
  133. - name: "resolv"
  134. mountPath: "/etc/resolv.conf"
  135. - name: "run-flannel"
  136. mountPath: "/run/flannel"
  137. - name: "canal-certs"
  138. mountPath: "{{ canal_cert_dir }}"
  139. readOnly: true
  140. - name: xtables-lock
  141. mountPath: /run/xtables.lock
  142. readOnly: false
  143. # Runs calico/node container on each Kubernetes node. This
  144. # container programs network policy and local routes on each
  145. # host.
  146. - name: calico-node
  147. image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
  148. imagePullPolicy: {{ k8s_image_pull_policy }}
  149. resources:
  150. limits:
  151. cpu: {{ calico_node_cpu_limit }}
  152. memory: {{ calico_node_memory_limit }}
  153. requests:
  154. cpu: {{ calico_node_cpu_requests }}
  155. memory: {{ calico_node_memory_requests }}
  156. env:
  157. # The location of the etcd cluster.
  158. - name: ETCD_ENDPOINTS
  159. valueFrom:
  160. configMapKeyRef:
  161. name: canal-config
  162. key: etcd_endpoints
  163. # Disable Calico BGP. Calico is simply enforcing policy.
  164. - name: CALICO_NETWORKING_BACKEND
  165. value: "none"
  166. # Cluster type to identify the deployment type
  167. - name: CLUSTER_TYPE
  168. value: "kubespray,canal"
  169. # Disable file logging so `kubectl logs` works.
  170. - name: CALICO_DISABLE_FILE_LOGGING
  171. value: "true"
  172. # Set noderef for node controller.
  173. - name: CALICO_K8S_NODE_REF
  174. valueFrom:
  175. fieldRef:
  176. fieldPath: spec.nodeName
  177. - name: FELIX_HEALTHENABLED
  178. value: "true"
  179. # Etcd SSL vars
  180. - name: ETCD_CA_CERT_FILE
  181. valueFrom:
  182. configMapKeyRef:
  183. name: canal-config
  184. key: etcd_cafile
  185. - name: ETCD_CERT_FILE
  186. valueFrom:
  187. configMapKeyRef:
  188. name: canal-config
  189. key: etcd_certfile
  190. - name: ETCD_KEY_FILE
  191. valueFrom:
  192. configMapKeyRef:
  193. name: canal-config
  194. key: etcd_keyfile
  195. - name: NODENAME
  196. valueFrom:
  197. fieldRef:
  198. fieldPath: spec.nodeName
  199. securityContext:
  200. privileged: true
  201. livenessProbe:
  202. httpGet:
  203. path: /liveness
  204. port: 9099
  205. periodSeconds: 10
  206. initialDelaySeconds: 10
  207. failureThreshold: 6
  208. readinessProbe:
  209. httpGet:
  210. path: /readiness
  211. port: 9099
  212. periodSeconds: 10
  213. volumeMounts:
  214. - mountPath: /lib/modules
  215. name: lib-modules
  216. readOnly: true
  217. - mountPath: /var/run/calico
  218. name: var-run-calico
  219. readOnly: false
  220. - mountPath: /var/lib/calico
  221. name: var-lib-calico
  222. readOnly: false
  223. - name: "canal-certs"
  224. mountPath: "{{ canal_cert_dir }}"
  225. readOnly: true
  226. updateStrategy:
  227. rollingUpdate:
  228. maxUnavailable: {{ serial | default('20%') }}
  229. type: RollingUpdate