richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1292 Commits
29 Branches
81 Tags
150 MiB
Tree: f05aaeb329
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f05aaeb329'
${ noResults }
kubespray/roles/network_plugin/canal/templates/canal-node.yml.j2

176 lines
5.9 KiB
Raw Normal View History

Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
  1. ---
  2. kind: DaemonSet
  3. apiVersion: extensions/v1beta1
  4. metadata:
  5. name: canal-node
  6. labels:
  7. k8s-app: canal-node
  8. spec:
  9. selector:
  10. matchLabels:
  11. k8s-app: canal-node
  12. template:
  13. metadata:
  14. annotations:
  15. scheduler.alpha.kubernetes.io/critical-pod: ''
  16. scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
  17. labels:
  18. k8s-app: canal-node
  19. spec:
  20. hostNetwork: true
  21. volumes:
  22. # Used by calico/node.
  23. - name: lib-modules
  24. hostPath:
  25. path: /lib/modules
  26. - name: var-run-calico
  27. hostPath:
  28. path: /var/run/calico
  29. # Used to install CNI.
  30. - name: cni-bin-dir
  31. hostPath:
  32. path: /opt/cni/bin
  33. - name: cni-net-dir
  34. hostPath:
  35. path: /etc/cni/net.d
  36. # Used by flannel daemon.
  37. - name: run-flannel
  38. hostPath:
  39. path: /run/flannel
  40. - name: resolv
  41. hostPath:
  42. path: /etc/resolv.conf
  43. - name: "canal-certs"
  44. hostPath:
  45. path: "{{ canal_cert_dir }}"
  46. containers:
  47. # Runs the flannel daemon to enable vxlan networking between
  48. # container hosts.
  49. - name: flannel
  50. image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
  51. imagePullPolicy: {{ k8s_image_pull_policy }}
  52. resources:
  53. limits:
  54. cpu: {{ flannel_cpu_limit }}
  55. memory: {{ flannel_memory_limit }}
  56. requests:
  57. cpu: {{ flannel_cpu_requests }}
  58. memory: {{ flannel_memory_requests }}
  59. env:
  60. # Cluster name
  61. - name: CLUSTER_NAME
  62. valueFrom:
  63. configMapKeyRef:
  64. name: canal-config
  65. key: cluster_name
  66. # The location of the etcd cluster.
  67. - name: FLANNELD_ETCD_ENDPOINTS
  68. valueFrom:
  69. configMapKeyRef:
  70. name: canal-config
  71. key: etcd_endpoints
  72. # The interface flannel should run on.
  73. - name: FLANNELD_IFACE
  74. valueFrom:
  75. configMapKeyRef:
  76. name: canal-config
  77. key: flanneld_iface
  78. # Perform masquerade on traffic leaving the pod cidr.
  79. - name: FLANNELD_IP_MASQ
  80. valueFrom:
  81. configMapKeyRef:
  82. name: canal-config
  83. key: masquerade
  84. # Set etcd-prefix
  85. - name: DOCKER_OPT_ETCD_PREFIX
  86. value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
  87. # Write the subnet.env file to the mounted directory.
  88. - name: FLANNELD_SUBNET_FILE
  89. value: "/run/flannel/subnet.env"
  90. # Etcd SSL vars
  91. - name: ETCD_CA_CERT_FILE
  92. valueFrom:
  93. configMapKeyRef:
  94. name: canal-config
  95. key: etcd_cafile
  96. - name: ETCD_CERT_FILE
  97. valueFrom:
  98. configMapKeyRef:
  99. name: canal-config
  100. key: etcd_certfile
  101. - name: ETCD_KEY_FILE
  102. valueFrom:
  103. configMapKeyRef:
  104. name: canal-config
  105. key: etcd_keyfile
  106. command:
  107. - "/bin/sh"
  108. - "-c"
  109. - "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network -etcd-cafile $(ETCD_CA_CERT_FILE) -etcd-certfile $(ETCD_CERT_FILE) -etcd-keyfile $(ETCD_KEY_FILE)"
  110. ports:
  111. - hostPort: 10253
  112. containerPort: 10253
  113. securityContext:
  114. privileged: true
  115. volumeMounts:
  116. - name: "resolv"
  117. mountPath: "/etc/resolv.conf"
  118. - name: "run-flannel"
  119. mountPath: "/run/flannel"
  120. - name: "canal-certs"
  121. mountPath: "{{ canal_cert_dir }}"
  122. readOnly: true
  123. # Runs calico/node container on each Kubernetes node. This
  124. # container programs network policy and local routes on each
  125. # host.
  126. - name: calico-node
  127. image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
  128. imagePullPolicy: {{ k8s_image_pull_policy }}
  129. resources:
  130. limits:
  131. cpu: {{ calico_node_cpu_limit }}
  132. memory: {{ calico_node_memory_limit }}
  133. requests:
  134. cpu: {{ calico_node_cpu_requests }}
  135. memory: {{ calico_node_memory_requests }}
  136. env:
  137. # The location of the etcd cluster.
  138. - name: ETCD_ENDPOINTS
  139. valueFrom:
  140. configMapKeyRef:
  141. name: canal-config
  142. key: etcd_endpoints
  143. # Disable Calico BGP. Calico is simply enforcing policy.
  144. - name: CALICO_NETWORKING
  145. value: "false"
  146. # Disable file logging so `kubectl logs` works.
  147. - name: CALICO_DISABLE_FILE_LOGGING
  148. value: "true"
  149. # Etcd SSL vars
  150. - name: ETCD_CA_CERT_FILE
  151. valueFrom:
  152. configMapKeyRef:
  153. name: canal-config
  154. key: etcd_cafile
  155. - name: ETCD_CERT_FILE
  156. valueFrom:
  157. configMapKeyRef:
  158. name: canal-config
  159. key: etcd_certfile
  160. - name: ETCD_KEY_FILE
  161. valueFrom:
  162. configMapKeyRef:
  163. name: canal-config
  164. key: etcd_keyfile
  165. securityContext:
  166. privileged: true
  167. volumeMounts:
  168. - mountPath: /lib/modules
  169. name: lib-modules
  170. readOnly: true
  171. - mountPath: /var/run/calico
  172. name: var-run-calico
  173. readOnly: false
  174. - name: "canal-certs"
  175. mountPath: "{{ canal_cert_dir }}"
  176. readOnly: true