richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5416 Commits
29 Branches
81 Tags
147 MiB
Tree: 91f1edbdd4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '91f1edbdd4'
${ noResults }
kubespray/roles/network_plugin/calico/templates/calico-typha.yml.j2

160 lines
4.9 KiB
Raw Normal View History

Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Add support for k8s v1.16.0-beta.2 (#5148) Cleaned up deprecated APIs: apps/v1beta1 apps/v1beta2 extensions/v1beta1 for ds,deploy,rs Add workaround for deploying helm using incompatible deployment manifest. Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Fix selector for calico-typha deployment (#5253) Change-Id: I79f43379cbe1c495cb416f0572e65f695d5ec2b8
5 years ago
fix typo (#5275)
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os (#5964)
4 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Add toleration for calico-typha on master (#5405) Change-Id: Iea9a366cf6ccc4d491bfc49c5d2dba6d98f81b69
4 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Add toleration for calico-typha on master (#5405) Change-Id: Iea9a366cf6ccc4d491bfc49c5d2dba6d98f81b69
4 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Generate TLS certs for calico typha (#5258) * Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Raise typha max connections to 300 (#5527) Raises limit from 100 to 300 because the default is far too low and the pod can handle 300 with the given resources. Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
4 years ago
Generate TLS certs for calico typha (#5258) * Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Update calico-typha deployment to address v3.7.x changes (#5003) * Update calico-typha deployment to address v3.7.x changes So that calico-typha works for Calico v3.7.x. * Apply changes for v3.7.x only.
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Update calico-typha deployment to address v3.7.x changes (#5003) * Update calico-typha deployment to address v3.7.x changes So that calico-typha works for Calico v3.7.x. * Apply changes for v3.7.x only.
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Generate TLS certs for calico typha (#5258) * Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
Add .editorconfig file (#6307)
4 years ago
Generate TLS certs for calico typha (#5258) * Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
  1. # This manifest creates a Service, which will be backed by Calico's Typha daemon.
  2. # Typha sits in between Felix and the API server, reducing Calico's load on the API server.
  4. apiVersion: v1
  5. kind: Service
  6. metadata:
  7. name: calico-typha
  8. namespace: kube-system
  9. labels:
  10. k8s-app: calico-typha
  11. spec:
  12. ports:
  13. - port: 5473
  14. protocol: TCP
  15. targetPort: calico-typha
  16. name: calico-typha
  17. selector:
  18. k8s-app: calico-typha
  20. ---
  22. # This manifest creates a Deployment of Typha to back the above service.
  24. apiVersion: apps/v1
  25. kind: Deployment
  26. metadata:
  27. name: calico-typha
  28. namespace: kube-system
  29. labels:
  30. k8s-app: calico-typha
  31. spec:
  32. # Number of Typha replicas. To enable Typha, set this to a non-zero value *and* set the
  33. # typha_service_name variable in the calico-config ConfigMap above.
  34. #
  35. # We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is essential
  36. # (when using the Kubernetes datastore). Use one replica for every 100-200 nodes. In
  37. # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade.
  38. replicas: {{ typha_replicas }}
  39. revisionHistoryLimit: 2
  40. selector:
  41. matchLabels:
  42. k8s-app: calico-typha
  43. template:
  44. metadata:
  45. labels:
  46. k8s-app: calico-typha
  47. annotations:
  48. cluster-autoscaler.kubernetes.io/safe-to-evict: 'true'
  49. spec:
  50. nodeSelector:
  51. kubernetes.io/os: linux
  52. hostNetwork: true
  53. tolerations:
  54. - key: node-role.kubernetes.io/master
  55. operator: Exists
  56. effect: NoSchedule
  57. # Since Calico can't network a pod until Typha is up, we need to run Typha itself
  58. # as a host-networked pod.
  59. serviceAccountName: calico-node
  60. priorityClassName: system-cluster-critical
  61. containers:
  62. - image: {{ calico_typha_image_repo }}:{{ calico_typha_image_tag }}
  63. name: calico-typha
  64. ports:
  65. - containerPort: 5473
  66. name: calico-typha
  67. protocol: TCP
  68. env:
  69. # Enable "info" logging by default. Can be set to "debug" to increase verbosity.
  70. - name: TYPHA_LOGSEVERITYSCREEN
  71. value: "info"
  72. # Disable logging to file and syslog since those don't make sense in Kubernetes.
  73. - name: TYPHA_LOGFILEPATH
  74. value: "none"
  75. - name: TYPHA_LOGSEVERITYSYS
  76. value: "none"
  77. # Monitor the Kubernetes API to find the number of running instances and rebalance
  78. # connections.
  79. - name: TYPHA_CONNECTIONREBALANCINGMODE
  80. value: "kubernetes"
  81. - name: TYPHA_DATASTORETYPE
  82. value: "kubernetes"
  83. - name: TYPHA_HEALTHENABLED
  84. value: "true"
  85. - name: TYPHA_MAXCONNECTIONSLOWERLIMIT
  86. value: "{{ typha_max_connections_lower_limit }}"
  87. {% if typha_secure %}
  88. - name: TYPHA_CAFILE
  89. value: /etc/ca/ca.crt
  90. - name: TYPHA_CLIENTCN
  91. value: typha-client
  92. - name: TYPHA_SERVERCERTFILE
  93. value: /etc/typha/server_certificate.pem
  94. - name: TYPHA_SERVERKEYFILE
  95. value: /etc/typha/server_key.pem
  96. volumeMounts:
  97. - mountPath: /etc/typha
  98. name: typha-server
  99. readOnly: true
  100. - mountPath: /etc/ca/ca.crt
  101. subPath: ca.crt
  102. name: cacert
  103. readOnly: true
  104. {% endif %}
  105. # Uncomment these lines to enable prometheus metrics. Since Typha is host-networked,
  106. # this opens a port on the host, which may need to be secured.
  107. #- name: TYPHA_PROMETHEUSMETRICSENABLED
  108. # value: "true"
  109. #- name: TYPHA_PROMETHEUSMETRICSPORT
  110. # value: "9093"
  112. # Needed for version >=3.7 when the 'host-local' ipam is used
  113. # Should never happen given templates/cni-calico.conflist.j2
  114. # Configure route aggregation based on pod CIDR.
  115. # - name: USE_POD_CIDR
  116. # value: "true"
  117. livenessProbe:
  118. httpGet:
  119. path: /liveness
  120. port: 9098
  121. host: localhost
  122. periodSeconds: 30
  123. initialDelaySeconds: 30
  124. readinessProbe:
  125. httpGet:
  126. path: /readiness
  127. port: 9098
  128. host: localhost
  129. periodSeconds: 10
  130. {% if typha_secure %}
  131. volumes:
  132. - name: typha-server
  133. secret:
  134. secretName: typha-server
  135. items:
  136. - key: tls.crt
  137. path: server_certificate.pem
  138. - key: tls.key
  139. path: server_key.pem
  140. - name: cacert
  141. hostPath:
  142. path: "{{ kube_cert_dir }}"
  143. {% endif %}
  145. ---
  147. # This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict
  149. apiVersion: policy/v1beta1
  150. kind: PodDisruptionBudget
  151. metadata:
  152. name: calico-typha
  153. namespace: kube-system
  154. labels:
  155. k8s-app: calico-typha
  156. spec:
  157. maxUnavailable: 1
  158. selector:
  159. matchLabels:
  160. k8s-app: calico-typha