richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4569 Commits
29 Branches
81 Tags
150 MiB
Tree: a1ff1de975
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a1ff1de975'
${ noResults }
kubespray/roles/network_plugin/calico/templates/calico-node.yml.j2

339 lines
13 KiB
Raw Normal View History

Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
calico-node: add prometheus annotations (#3645) add prometheus annotations to calico-node if calico_felix_prometheusmetricsenabled is enabled. This will allow a kubernetes_sd to automaticly find the pods and start scraping.
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Adding pod priority for all the components. (#3361) * Changes to assign pod priority to kube components. * Removed the boolean flag pod_priority_assignment * Created new priorityclass k8s-cluster-critical * Created new priorityclass k8s-cluster-critical * Fixed the trailing spaces * Fixed the trailing spaces * Added kube version check while creating Priority Class k8s-cluster-critical * Moved k8s-cluster-critical.yml * Moved k8s-cluster-critical.yml to kube_config_dir
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true (#4843)
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Update Calico and Canal - Updating to use calico-node v2.6.7 - A few updates to their manifests too
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make Felix healthhost configurable
6 years ago
[Calico] Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode (#4173) * Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode * ensure kube_apiserver_node_port_range is defined
5 years ago
Mount host's xtable lock and enable calico lokcing for <v3.2.1
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
fix for calico with kdd datastore (#4922) * fix for calico with kdd datastore * remove AS number from daemonset * revert changes to canal * additionnal fixes for kdd datastore in calico
5 years ago
calico CALICO_IPV4POOL_IPIP overriding variable (#3507)
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make Calico Felix log level configurable (#3781)
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Adding calico/node env vars for prometheus configuration
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD can be set to one of first-found can-reach interface
6 years ago
Update calico-node.yml.j2
6 years ago
Set IP env var to autodetect when calico_ip_auto_method is defined (#4105)
5 years ago
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD can be set to one of first-found can-reach interface
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD can be set to one of first-found can-reach interface
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make calico_node_ignorelooserpf have an effect (#1945)
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Fix calico health checks
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Update probe timeouts, delays etc. (#4612) * Fix merge conflict * Add check delay * Add more liveness and readiness options to metrics-server
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Update probe timeouts, delays etc. (#4612) * Fix merge conflict * Add check delay * Add more liveness and readiness options to metrics-server
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Fix calico health checks
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Mount host's xtable lock and enable calico lokcing for <v3.2.1
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Use install_cni init container for cni copy for calico/canal (#4416)
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Mount host's xtable lock and enable calico lokcing for <v3.2.1
5 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
All CNIs: support ANY toleration. (#3391) Before, Nodes tainted with NoExecute policy did not have calico/weave Pod. Network pod should run on all nodes whatever happens on a specific node. Also always set the Pods to be critical. Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
6 years ago
  1. ---
  2. # This manifest installs the calico/node container, as well
  3. # as the Calico CNI plugins and network config on
  4. # each master and worker node in a Kubernetes cluster.
  5. kind: DaemonSet
  6. apiVersion: extensions/v1beta1
  7. metadata:
  8. name: calico-node
  9. namespace: kube-system
  10. labels:
  11. k8s-app: calico-node
  12. spec:
  13. selector:
  14. matchLabels:
  15. k8s-app: calico-node
  16. template:
  17. metadata:
  18. labels:
  19. k8s-app: calico-node
  20. annotations:
  21. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  22. kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
  23. {% if calico_felix_prometheusmetricsenabled %}
  24. prometheus.io/scrape: 'true'
  25. prometheus.io/port: "{{ calico_felix_prometheusmetricsport }}"
  26. {% endif %}
  27. spec:
  28. priorityClassName: system-node-critical
  29. hostNetwork: true
  30. dnsPolicy: ClusterFirstWithHostNet
  31. serviceAccountName: calico-node
  32. tolerations:
  33. - effect: NoExecute
  34. operator: Exists
  35. - effect: NoSchedule
  36. operator: Exists
  37. # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
  38. - key: CriticalAddonsOnly
  39. operator: "Exists"
  40. # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
  41. # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
  42. terminationGracePeriodSeconds: 0
  43. {% if calico_version is version('v3.4.0', '>=') %}
  44. initContainers:
  45. {% if calico_datastore == "kdd" and calico_version is version('v3.6.0', '>=') %}
  46. # This container performs upgrade from host-local IPAM to calico-ipam.
  47. # It can be deleted if this is a fresh installation, or if you have already
  48. # upgraded to use calico-ipam.
  49. - name: upgrade-ipam
  50. image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
  51. command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
  52. env:
  53. - name: KUBERNETES_NODE_NAME
  54. valueFrom:
  55. fieldRef:
  56. fieldPath: spec.nodeName
  57. - name: CALICO_NETWORKING_BACKEND
  58. valueFrom:
  59. configMapKeyRef:
  60. name: calico-config
  61. key: calico_backend
  62. volumeMounts:
  63. - mountPath: /var/lib/cni/networks
  64. name: host-local-net-dir
  65. - mountPath: /host/opt/cni/bin
  66. name: cni-bin-dir
  67. {% endif %}
  68. # This container installs the Calico CNI binaries
  69. # and CNI network config file on each node.
  70. - name: install-cni
  71. image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
  72. command: ["/install-cni.sh"]
  73. env:
  74. # Name of the CNI config file to create.
  75. - name: CNI_CONF_NAME
  76. value: "10-calico.conflist"
  77. # Install CNI binaries
  78. - name: UPDATE_CNI_BINARIES
  79. value: "true"
  80. # The CNI network config to install on each node.
  81. - name: CNI_NETWORK_CONFIG_FILE
  82. value: "/host/etc/cni/net.d/calico.conflist.template"
  83. # Prevents the container from sleeping forever.
  84. - name: SLEEP
  85. value: "false"
  86. {% if calico_datastore == "kdd" %}
  87. # Set the hostname based on the k8s node name.
  88. - name: KUBERNETES_NODE_NAME
  89. valueFrom:
  90. fieldRef:
  91. fieldPath: spec.nodeName
  92. {% endif %}
  93. volumeMounts:
  94. - mountPath: /host/etc/cni/net.d
  95. name: cni-net-dir
  96. - mountPath: /host/opt/cni/bin
  97. name: cni-bin-dir
  98. {% endif %}
  99. containers:
  100. {% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
  101. - name: install-cni
  102. image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
  103. command: ["/install-cni.sh"]
  104. env:
  105. # Name of the CNI config file to create.
  106. - name: CNI_CONF_NAME
  107. value: "10-calico.conflist"
  108. # Install CNI binaries
  109. - name: UPDATE_CNI_BINARIES
  110. value: "true"
  111. # The CNI network config to install on each node.
  112. - name: CNI_NETWORK_CONFIG_FILE
  113. value: "/host/etc/cni/net.d/calico.conflist.template"
  114. # Prevents the container from sleeping forever.
  115. - name: SLEEP
  116. value: "false"
  117. volumeMounts:
  118. - mountPath: /host/etc/cni/net.d
  119. name: cni-net-dir
  120. - mountPath: /host/opt/cni/bin
  121. name: cni-bin-dir
  122. {% endif %}
  123. # Runs calico/node container on each Kubernetes node. This
  124. # container programs network policy and routes on each
  125. # host.
  126. - name: calico-node
  127. image: {{ calico_node_image_repo }}:{{ calico_node_image_tag }}
  128. env:
  129. # The location of the Calico etcd cluster.
  130. {% if calico_datastore == "etcd" %}
  131. - name: ETCD_ENDPOINTS
  132. valueFrom:
  133. configMapKeyRef:
  134. name: calico-config
  135. key: etcd_endpoints
  136. # Location of the CA certificate for etcd.
  137. - name: ETCD_CA_CERT_FILE
  138. valueFrom:
  139. configMapKeyRef:
  140. name: calico-config
  141. key: etcd_ca
  142. # Location of the client key for etcd.
  143. - name: ETCD_KEY_FILE
  144. valueFrom:
  145. configMapKeyRef:
  146. name: calico-config
  147. key: etcd_key
  148. # Location of the client certificate for etcd.
  149. - name: ETCD_CERT_FILE
  150. valueFrom:
  151. configMapKeyRef:
  152. name: calico-config
  153. key: etcd_cert
  154. {% elif calico_datastore == "kdd" %}
  155. # Use Kubernetes API as the backing datastore.
  156. - name: DATASTORE_TYPE
  157. value: "kubernetes"
  158. {% if typha_enabled == "true" %}
  159. # Typha support: controlled by the ConfigMap.
  160. - name: FELIX_TYPHAK8SSERVICENAME
  161. valueFrom:
  162. configMapKeyRef:
  163. name: calico-config
  164. key: typha_service_name
  165. {% endif %}
  166. # Wait for the datastore.
  167. - name: WAIT_FOR_DATASTORE
  168. value: "true"
  169. {% endif %}
  170. # Choose the backend to use.
  171. - name: CALICO_NETWORKING_BACKEND
  172. valueFrom:
  173. configMapKeyRef:
  174. name: calico-config
  175. key: calico_backend
  176. # Cluster type to identify the deployment type
  177. - name: CLUSTER_TYPE
  178. valueFrom:
  179. configMapKeyRef:
  180. name: calico-config
  181. key: cluster_type
  182. # Set noderef for node controller.
  183. - name: CALICO_K8S_NODE_REF
  184. valueFrom:
  185. fieldRef:
  186. fieldPath: spec.nodeName
  187. # Disable file logging so `kubectl logs` works.
  188. - name: CALICO_DISABLE_FILE_LOGGING
  189. value: "true"
  190. # Set Felix endpoint to host default action to ACCEPT.
  191. - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
  192. value: "{{ calico_endpoint_to_host_action|default('RETURN') }}"
  193. - name: FELIX_HEALTHHOST
  194. value: "{{ calico_healthhost }}"
  195. {% if kube_proxy_mode == 'ipvs' and kube_apiserver_node_port_range is defined %}
  196. - name: FELIX_KUBENODEPORTRANGES
  197. value: "{{ kube_apiserver_node_port_range.split('-')[0] }}:{{ kube_apiserver_node_port_range.split('-')[1] }}"
  198. {% endif %}
  199. # Prior to v3.2.1 iptables didn't acquire the lock, so Calico's own implementation of the lock should be used,
  200. # this is not required in later versions https://github.com/projectcalico/calico/issues/2179
  201. {% if calico_version is version('v3.2.1', '<') %}
  202. - name: FELIX_IPTABLESLOCKTIMEOUTSECS
  203. value: "10"
  204. {% endif %}
  205. # should be set in etcd before deployment
  206. # # Configure the IP Pool from which Pod IPs will be chosen.
  207. # - name: CALICO_IPV4POOL_CIDR
  208. # value: "{{ calico_pool_cidr | default(kube_pods_subnet) }}"
  209. - name: CALICO_IPV4POOL_IPIP
  210. value: "{{ calico_ipv4pool_ipip }}"
  211. # Disable IPv6 on Kubernetes.
  212. - name: FELIX_IPV6SUPPORT
  213. value: "false"
  214. # Set Felix logging to "info"
  215. - name: FELIX_LOGSEVERITYSCREEN
  216. value: "{{ calico_loglevel }}"
  217. # Set MTU for tunnel device used if ipip is enabled
  218. {% if calico_mtu is defined %}
  219. - name: FELIX_IPINIPMTU
  220. value: "{{ calico_mtu }}"
  221. {% endif %}
  222. - name: FELIX_PROMETHEUSMETRICSENABLED
  223. value: "{{ calico_felix_prometheusmetricsenabled }}"
  224. - name: FELIX_PROMETHEUSMETRICSPORT
  225. value: "{{ calico_felix_prometheusmetricsport }}"
  226. - name: FELIX_PROMETHEUSGOMETRICSENABLED
  227. value: "{{ calico_felix_prometheusgometricsenabled }}"
  228. - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED
  229. value: "{{ calico_felix_prometheusprocessmetricsenabled }}"
  230. {% if calico_version is version('v3.4.0', '>=') and calico_advertise_cluster_ips|default(false) %}
  231. - name: CALICO_ADVERTISE_CLUSTER_IPS
  232. value: "{{ kube_service_addresses }}"
  233. {% endif %}
  234. {% if calico_ip_auto_method is defined %}
  235. - name: IP_AUTODETECTION_METHOD
  236. value: "{{ calico_ip_auto_method }}"
  237. - name: IP
  238. value: "autodetect"
  239. {% else %}
  240. - name: IP
  241. valueFrom:
  242. fieldRef:
  243. fieldPath: status.hostIP
  244. {% endif %}
  245. - name: NODENAME
  246. valueFrom:
  247. fieldRef:
  248. fieldPath: spec.nodeName
  249. - name: FELIX_HEALTHENABLED
  250. value: "true"
  251. - name: FELIX_IGNORELOOSERPF
  252. value: "{{ calico_node_ignorelooserpf }}"
  253. securityContext:
  254. privileged: true
  255. resources:
  256. limits:
  257. cpu: {{ calico_node_cpu_limit }}
  258. memory: {{ calico_node_memory_limit }}
  259. requests:
  260. cpu: {{ calico_node_cpu_requests }}
  261. memory: {{ calico_node_memory_requests }}
  262. livenessProbe:
  263. httpGet:
  264. host: 127.0.0.1
  265. path: /liveness
  266. port: 9099
  267. initialDelaySeconds: 5
  268. failureThreshold: 6
  269. readinessProbe:
  270. failureThreshold: 6
  271. {% if calico_version is version('v3.3.0', '<') %}
  272. httpGet:
  273. host: 127.0.0.1
  274. path: /readiness
  275. port: 9099
  276. {% else %}
  277. exec:
  278. command:
  279. - /bin/calico-node
  280. - -bird-ready
  281. - -felix-ready
  282. {% endif %}
  283. volumeMounts:
  284. - mountPath: /lib/modules
  285. name: lib-modules
  286. readOnly: true
  287. - mountPath: /var/run/calico
  288. name: var-run-calico
  289. - mountPath: /var/lib/calico
  290. name: var-lib-calico
  291. readOnly: false
  292. {% if calico_datastore == "etcd" %}
  293. - mountPath: /calico-secrets
  294. name: etcd-certs
  295. {% endif %}
  296. - name: xtables-lock
  297. mountPath: /run/xtables.lock
  298. readOnly: false
  299. volumes:
  300. # Used by calico/node.
  301. - name: lib-modules
  302. hostPath:
  303. path: /lib/modules
  304. - name: var-run-calico
  305. hostPath:
  306. path: /var/run/calico
  307. - name: var-lib-calico
  308. hostPath:
  309. path: /var/lib/calico
  310. # Used to install CNI.
  311. - name: cni-net-dir
  312. hostPath:
  313. path: /etc/cni/net.d
  314. - name: cni-bin-dir
  315. hostPath:
  316. path: /opt/cni/bin
  317. {% if calico_datastore == "etcd" %}
  318. # Mount in the etcd TLS secrets.
  319. - name: etcd-certs
  320. hostPath:
  321. path: "{{ calico_cert_dir }}"
  322. {% endif %}
  323. # Mount the global iptables lock file, used by calico/node
  324. - name: xtables-lock
  325. hostPath:
  326. path: /run/xtables.lock
  327. type: FileOrCreate
  328. {% if calico_datastore == "kdd" and calico_version is version('v3.6.0', '>=') %}
  329. # Mount in the directory for host-local IPAM allocations. This is
  330. # used when upgrading from host-local to calico-ipam, and can be removed
  331. # if not using the upgrade-ipam init container.
  332. - name: host-local-net-dir
  333. hostPath:
  334. path: /var/lib/cni/networks
  335. {% endif %}
  336. updateStrategy:
  337. rollingUpdate:
  338. maxUnavailable: {{ serial | default('20%') }}
  339. type: RollingUpdate