richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3431 Commits
29 Branches
81 Tags
150 MiB
Tree: 82a28d6bb3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '82a28d6bb3'
${ noResults }
kubespray/roles/network_plugin/canal/templates/canal-node.yaml.j2

224 lines
7.3 KiB
Raw Normal View History

Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
Enable scheduling of critical pods and network plugins on master Added toleration to DNS, netchecker, fluentd, canal, and calico policy. Also small fixes to make yamllint pass.
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
canal should mount xtables.lock to share the lock with other processes like kube-proxy
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
canal should mount xtables.lock to share the lock with other processes like kube-proxy
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
Update Calico to 2.4.1 release. - Switched Calico images to be pulled from quay.io - Updated Canal too
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix upgrade for canal and apiserver cert Fixes #1573
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Fix upgrade for canal and apiserver cert Fixes #1573
7 years ago
  1. ---
  2. kind: DaemonSet
  3. apiVersion: extensions/v1beta1
  4. metadata:
  5. name: canal-node
  6. namespace: kube-system
  7. labels:
  8. k8s-app: canal-node
  9. spec:
  10. selector:
  11. matchLabels:
  12. k8s-app: canal-node
  13. template:
  14. metadata:
  15. annotations:
  16. scheduler.alpha.kubernetes.io/critical-pod: ''
  17. scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
  18. labels:
  19. k8s-app: canal-node
  20. spec:
  21. hostNetwork: true
  22. serviceAccountName: canal
  23. tolerations:
  24. - effect: NoSchedule
  25. operator: Exists
  26. volumes:
  27. # Used by calico/node.
  28. - name: lib-modules
  29. hostPath:
  30. path: /lib/modules
  31. - name: var-lib-calico
  32. hostPath:
  33. path: /var/lib/calico
  34. - name: var-run-calico
  35. hostPath:
  36. path: /var/run/calico
  37. # Used to install CNI.
  38. - name: cni-bin-dir
  39. hostPath:
  40. path: /opt/cni/bin
  41. - name: cni-net-dir
  42. hostPath:
  43. path: /etc/cni/net.d
  44. # Used by flannel daemon.
  45. - name: run-flannel
  46. hostPath:
  47. path: /run/flannel
  48. - name: resolv
  49. hostPath:
  50. path: /etc/resolv.conf
  51. - name: "canal-certs"
  52. hostPath:
  53. path: "{{ canal_cert_dir }}"
  54. - name: xtables-lock
  55. hostPath:
  56. path: /run/xtables.lock
  57. type: FileOrCreate
  58. containers:
  59. # Runs the flannel daemon to enable vxlan networking between
  60. # container hosts.
  61. - name: flannel
  62. image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
  63. imagePullPolicy: {{ k8s_image_pull_policy }}
  64. resources:
  65. limits:
  66. cpu: {{ flannel_cpu_limit }}
  67. memory: {{ flannel_memory_limit }}
  68. requests:
  69. cpu: {{ flannel_cpu_requests }}
  70. memory: {{ flannel_memory_requests }}
  71. env:
  72. # Cluster name
  73. - name: CLUSTER_NAME
  74. valueFrom:
  75. configMapKeyRef:
  76. name: canal-config
  77. key: cluster_name
  78. # The location of the etcd cluster.
  79. - name: FLANNELD_ETCD_ENDPOINTS
  80. valueFrom:
  81. configMapKeyRef:
  82. name: canal-config
  83. key: etcd_endpoints
  84. # The interface flannel should run on.
  85. - name: FLANNELD_IFACE
  86. valueFrom:
  87. configMapKeyRef:
  88. name: canal-config
  89. key: flanneld_iface
  90. # Perform masquerade on traffic leaving the pod cidr.
  91. - name: FLANNELD_IP_MASQ
  92. valueFrom:
  93. configMapKeyRef:
  94. name: canal-config
  95. key: masquerade
  96. # Set etcd-prefix
  97. - name: DOCKER_OPT_ETCD_PREFIX
  98. value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
  99. # Write the subnet.env file to the mounted directory.
  100. - name: FLANNELD_SUBNET_FILE
  101. value: "/run/flannel/subnet.env"
  102. # Etcd SSL vars
  103. - name: ETCD_CA_CERT_FILE
  104. valueFrom:
  105. configMapKeyRef:
  106. name: canal-config
  107. key: etcd_cafile
  108. - name: ETCD_CERT_FILE
  109. valueFrom:
  110. configMapKeyRef:
  111. name: canal-config
  112. key: etcd_certfile
  113. - name: ETCD_KEY_FILE
  114. valueFrom:
  115. configMapKeyRef:
  116. name: canal-config
  117. key: etcd_keyfile
  118. command:
  119. - "/bin/sh"
  120. - "-c"
  121. - "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network -etcd-cafile $(ETCD_CA_CERT_FILE) -etcd-certfile $(ETCD_CERT_FILE) -etcd-keyfile $(ETCD_KEY_FILE)"
  122. ports:
  123. - hostPort: 10253
  124. containerPort: 10253
  125. securityContext:
  126. privileged: true
  127. volumeMounts:
  128. - name: "resolv"
  129. mountPath: "/etc/resolv.conf"
  130. - name: "run-flannel"
  131. mountPath: "/run/flannel"
  132. - name: "canal-certs"
  133. mountPath: "{{ canal_cert_dir }}"
  134. readOnly: true
  135. - name: xtables-lock
  136. mountPath: /run/xtables.lock
  137. readOnly: false
  138. # Runs calico/node container on each Kubernetes node. This
  139. # container programs network policy and local routes on each
  140. # host.
  141. - name: calico-node
  142. image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
  143. imagePullPolicy: {{ k8s_image_pull_policy }}
  144. resources:
  145. limits:
  146. cpu: {{ calico_node_cpu_limit }}
  147. memory: {{ calico_node_memory_limit }}
  148. requests:
  149. cpu: {{ calico_node_cpu_requests }}
  150. memory: {{ calico_node_memory_requests }}
  151. env:
  152. # The location of the etcd cluster.
  153. - name: ETCD_ENDPOINTS
  154. valueFrom:
  155. configMapKeyRef:
  156. name: canal-config
  157. key: etcd_endpoints
  158. # Disable Calico BGP. Calico is simply enforcing policy.
  159. - name: CALICO_NETWORKING_BACKEND
  160. value: "none"
  161. # Cluster type to identify the deployment type
  162. - name: CLUSTER_TYPE
  163. value: "kubespray,canal"
  164. # Disable file logging so `kubectl logs` works.
  165. - name: CALICO_DISABLE_FILE_LOGGING
  166. value: "true"
  167. # Set noderef for node controller.
  168. - name: CALICO_K8S_NODE_REF
  169. valueFrom:
  170. fieldRef:
  171. fieldPath: spec.nodeName
  172. - name: FELIX_HEALTHENABLED
  173. value: "true"
  174. # Etcd SSL vars
  175. - name: ETCD_CA_CERT_FILE
  176. valueFrom:
  177. configMapKeyRef:
  178. name: canal-config
  179. key: etcd_cafile
  180. - name: ETCD_CERT_FILE
  181. valueFrom:
  182. configMapKeyRef:
  183. name: canal-config
  184. key: etcd_certfile
  185. - name: ETCD_KEY_FILE
  186. valueFrom:
  187. configMapKeyRef:
  188. name: canal-config
  189. key: etcd_keyfile
  190. - name: NODENAME
  191. valueFrom:
  192. fieldRef:
  193. fieldPath: spec.nodeName
  194. securityContext:
  195. privileged: true
  196. livenessProbe:
  197. httpGet:
  198. path: /liveness
  199. port: 9099
  200. periodSeconds: 10
  201. initialDelaySeconds: 10
  202. failureThreshold: 6
  203. readinessProbe:
  204. httpGet:
  205. path: /readiness
  206. port: 9099
  207. periodSeconds: 10
  208. volumeMounts:
  209. - mountPath: /lib/modules
  210. name: lib-modules
  211. readOnly: true
  212. - mountPath: /var/run/calico
  213. name: var-run-calico
  214. readOnly: false
  215. - mountPath: /var/lib/calico
  216. name: var-lib-calico
  217. readOnly: false
  218. - name: "canal-certs"
  219. mountPath: "{{ canal_cert_dir }}"
  220. readOnly: true
  221. updateStrategy:
  222. rollingUpdate:
  223. maxUnavailable: {{ serial | default('20%') }}
  224. type: RollingUpdate