richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1018 Commits
29 Branches
81 Tags
150 MiB
Tree: 8eb26c21be
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8eb26c21be'
${ noResults }
kubespray/roles/network_plugin/canal/templates/canal-node.yml.j2

162 lines
5.4 KiB
Raw Normal View History

Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
  1. ---
  2. kind: DaemonSet
  3. apiVersion: extensions/v1beta1
  4. metadata:
  5. name: canal-node
  6. labels:
  7. k8s-app: canal-node
  8. spec:
  9. selector:
  10. matchLabels:
  11. k8s-app: canal-node
  12. template:
  13. metadata:
  14. annotations:
  15. scheduler.alpha.kubernetes.io/critical-pod: ''
  16. scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
  17. labels:
  18. k8s-app: canal-node
  19. spec:
  20. hostNetwork: true
  21. volumes:
  22. # Used by calico/node.
  23. - name: lib-modules
  24. hostPath:
  25. path: /lib/modules
  26. - name: var-run-calico
  27. hostPath:
  28. path: /var/run/calico
  29. # Used to install CNI.
  30. - name: cni-bin-dir
  31. hostPath:
  32. path: /opt/cni/bin
  33. - name: cni-net-dir
  34. hostPath:
  35. path: /etc/cni/net.d
  36. # Used by flannel daemon.
  37. - name: run-flannel
  38. hostPath:
  39. path: /run/flannel
  40. - name: resolv
  41. hostPath:
  42. path: /etc/resolv.conf
  43. - name: "canal-certs"
  44. hostPath:
  45. path: "{{ canal_cert_dir }}"
  46. containers:
  47. # Runs the flannel daemon to enable vxlan networking between
  48. # container hosts.
  49. - name: flannel
  50. image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
  51. imagePullPolicy: {{ k8s_image_pull_policy }}
  52. env:
  53. # Cluster name
  54. - name: CLUSTER_NAME
  55. valueFrom:
  56. configMapKeyRef:
  57. name: canal-config
  58. key: cluster_name
  59. # The location of the etcd cluster.
  60. - name: FLANNELD_ETCD_ENDPOINTS
  61. valueFrom:
  62. configMapKeyRef:
  63. name: canal-config
  64. key: etcd_endpoints
  65. # The interface flannel should run on.
  66. - name: FLANNELD_IFACE
  67. valueFrom:
  68. configMapKeyRef:
  69. name: canal-config
  70. key: flanneld_iface
  71. # Perform masquerade on traffic leaving the pod cidr.
  72. - name: FLANNELD_IP_MASQ
  73. valueFrom:
  74. configMapKeyRef:
  75. name: canal-config
  76. key: masquerade
  77. # Set etcd-prefix
  78. - name: DOCKER_OPT_ETCD_PREFIX
  79. value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
  80. # Write the subnet.env file to the mounted directory.
  81. - name: FLANNELD_SUBNET_FILE
  82. value: "/run/flannel/subnet.env"
  83. # Etcd SSL vars
  84. - name: ETCD_CA_CERT_FILE
  85. valueFrom:
  86. configMapKeyRef:
  87. name: canal-config
  88. key: etcd_cafile
  89. - name: ETCD_CERT_FILE
  90. valueFrom:
  91. configMapKeyRef:
  92. name: canal-config
  93. key: etcd_certfile
  94. - name: ETCD_KEY_FILE
  95. valueFrom:
  96. configMapKeyRef:
  97. name: canal-config
  98. key: etcd_keyfile
  99. command:
  100. - "/bin/sh"
  101. - "-c"
  102. - "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network -etcd-cafile $(ETCD_CA_CERT_FILE) -etcd-certfile $(ETCD_CERT_FILE) -etcd-keyfile $(ETCD_KEY_FILE)"
  103. ports:
  104. - hostPort: 10253
  105. containerPort: 10253
  106. securityContext:
  107. privileged: true
  108. volumeMounts:
  109. - name: "resolv"
  110. mountPath: "/etc/resolv.conf"
  111. - name: "run-flannel"
  112. mountPath: "/run/flannel"
  113. - name: "canal-certs"
  114. mountPath: "{{ canal_cert_dir }}"
  115. readOnly: true
  116. # Runs calico/node container on each Kubernetes node. This
  117. # container programs network policy and local routes on each
  118. # host.
  119. - name: calico-node
  120. image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
  121. imagePullPolicy: {{ k8s_image_pull_policy }}
  122. env:
  123. # The location of the etcd cluster.
  124. - name: ETCD_ENDPOINTS
  125. valueFrom:
  126. configMapKeyRef:
  127. name: canal-config
  128. key: etcd_endpoints
  129. # Disable Calico BGP. Calico is simply enforcing policy.
  130. - name: CALICO_NETWORKING
  131. value: "false"
  132. # Disable file logging so `kubectl logs` works.
  133. - name: CALICO_DISABLE_FILE_LOGGING
  134. value: "true"
  135. # Etcd SSL vars
  136. - name: ETCD_CA_CERT_FILE
  137. valueFrom:
  138. configMapKeyRef:
  139. name: canal-config
  140. key: etcd_cafile
  141. - name: ETCD_CERT_FILE
  142. valueFrom:
  143. configMapKeyRef:
  144. name: canal-config
  145. key: etcd_certfile
  146. - name: ETCD_KEY_FILE
  147. valueFrom:
  148. configMapKeyRef:
  149. name: canal-config
  150. key: etcd_keyfile
  151. securityContext:
  152. privileged: true
  153. volumeMounts:
  154. - mountPath: /lib/modules
  155. name: lib-modules
  156. readOnly: true
  157. - mountPath: /var/run/calico
  158. name: var-run-calico
  159. readOnly: false
  160. - name: "canal-certs"
  161. mountPath: "{{ canal_cert_dir }}"
  162. readOnly: true