richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
958 Commits
33 Branches
82 Tags
153 MiB
Tree: d3a4d8dc24
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd3a4d8dc24'
${ noResults }
kubespray/roles/kubernetes-apps/ansible/templates/calico-policy-controller.ym...

54 lines
1.8 KiB
Raw Normal View History

Add possibility to enable network policy via Calico network controller The requirements for network policy feature are described here [1]. In order to enable it, appropriate configuration must be provided to the CNI plug in and Calico policy controller must be set up. Beside that corresponding extensions needed to be enabled in k8s API. Now to turn on the feature user can define `enable_network_policy` customization variable for Ansible. [1] http://kubernetes.io/docs/user-guide/networkpolicies/
8 years ago
Download images as dependencies of roles Pre download all required container images as roles' deps. Drop unused flannel-server-helper images pre download. Improve pods creation post-install test pre downloaded busybox. Improve logs collection script with kubectl describe, fix sudo/etcd/weave commands. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add possibility to enable network policy via Calico network controller The requirements for network policy feature are described here [1]. In order to enable it, appropriate configuration must be provided to the CNI plug in and Calico policy controller must be set up. Beside that corresponding extensions needed to be enabled in k8s API. Now to turn on the feature user can define `enable_network_policy` customization variable for Ansible. [1] http://kubernetes.io/docs/user-guide/networkpolicies/
8 years ago
Remove etcd-proxy from all nodes and use etcd multiaccess
8 years ago
Add etcd TLS support
8 years ago
Add possibility to enable network policy via Calico network controller The requirements for network policy feature are described here [1]. In order to enable it, appropriate configuration must be provided to the CNI plug in and Calico policy controller must be set up. Beside that corresponding extensions needed to be enabled in k8s API. Now to turn on the feature user can define `enable_network_policy` customization variable for Ansible. [1] http://kubernetes.io/docs/user-guide/networkpolicies/
8 years ago
Fix policy controller 'etcd_cert_dir' variable is missing from 'kubernetes-apps/ansible' role which breaks Calico policy controller deployment. Also fixing calico-policy-controller.yml.
8 years ago
  1. apiVersion: extensions/v1beta1
  2. kind: ReplicaSet
  3. metadata:
  4. name: calico-policy-controller
  5. namespace: kube-system
  6. labels:
  7. k8s-app: calico-policy
  8. kubernetes.io/cluster-service: "true"
  9. spec:
  10. replicas: 1
  11. selector:
  12. matchLabels:
  13. kubernetes.io/cluster-service: "true"
  14. k8s-app: calico-policy
  15. template:
  16. metadata:
  17. name: calico-policy-controller
  18. namespace: kube-system
  19. labels:
  20. kubernetes.io/cluster-service: "true"
  21. k8s-app: calico-policy
  22. spec:
  23. hostNetwork: true
  24. containers:
  25. - name: calico-policy-controller
  26. image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
  27. env:
  28. - name: ETCD_ENDPOINTS
  29. value: "{{ etcd_access_endpoint }}"
  30. - name: ETCD_CA_CERT_FILE
  31. value: "{{ etcd_cert_dir }}/ca.pem"
  32. - name: ETCD_CERT_FILE
  33. value: "{{ etcd_cert_dir }}/node.pem"
  34. - name: ETCD_KEY_FILE
  35. value: "{{ etcd_cert_dir }}/node-key.pem"
  36. # Location of the Kubernetes API - this shouldn't need to be
  37. # changed so long as it is used in conjunction with
  38. # CONFIGURE_ETC_HOSTS="true".
  39. - name: K8S_API
  40. value: "https://kubernetes.default:443"
  41. # Configure /etc/hosts within the container to resolve
  42. # the kubernetes.default Service to the correct clusterIP
  43. # using the environment provided by the kubelet.
  44. # This removes the need for KubeDNS to resolve the Service.
  45. - name: CONFIGURE_ETC_HOSTS
  46. value: "true"
  47. volumeMounts:
  48. - mountPath: {{ etcd_cert_dir }}
  49. name: etcd-certs
  50. readOnly: true
  51. volumes:
  52. - hostPath:
  53. path: {{ etcd_cert_dir }}
  54. name: etcd-certs