richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2462 Commits
29 Branches
81 Tags
149 MiB
Tree: f7e8d1149a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f7e8d1149a'
${ noResults }
kubespray/roles/network_plugin/canal/templates/canal-node.yaml.j2

194 lines
6.4 KiB
Raw Normal View History

Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix upgrade for canal and apiserver cert Fixes #1573
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
Enable scheduling of critical pods and network plugins on master Added toleration to DNS, netchecker, fluentd, canal, and calico policy. Also small fixes to make yamllint pass.
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Add ConfigMap for basic configuration options Container settings moved from deamonset yaml to a separate configmap.
8 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Update Calico to 2.4.1 release. - Switched Calico images to be pulled from quay.io - Updated Canal too
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
Adding support for canal network plugin This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
8 years ago
Fix etcd ssl for canal - Move CNI configuration from `kubernetes/node` role to `network_plugin/canal` - Create SSL dir for Canal and symlink etcd SSL files - Add needed options to `canal-config` configmap - Run flannel and calico-node containers with proper configuration
8 years ago
Fix mountflags and kubelet config Add missing --require-kubeconfig to the if..else stanza. Make sure certs dirs mounted in RO. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix upgrade for canal and apiserver cert Fixes #1573
7 years ago
fix apply for netchecker upgrade (#1659) * fix apply for netchecker upgrade and graceful upgrade * Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Fix upgrade for canal and apiserver cert Fixes #1573
7 years ago
  1. ---
  2. kind: DaemonSet
  3. apiVersion: extensions/v1beta1
  4. metadata:
  5. name: canal-node
  6. namespace: {{ system_namespace }}
  7. labels:
  8. k8s-app: canal-node
  9. spec:
  10. selector:
  11. matchLabels:
  12. k8s-app: canal-node
  13. template:
  14. metadata:
  15. annotations:
  16. scheduler.alpha.kubernetes.io/critical-pod: ''
  17. scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
  18. labels:
  19. k8s-app: canal-node
  20. spec:
  21. hostNetwork: true
  22. {% if rbac_enabled %}
  23. serviceAccountName: canal
  24. {% endif %}
  25. tolerations:
  26. - effect: NoSchedule
  27. operator: Exists
  28. volumes:
  29. # Used by calico/node.
  30. - name: lib-modules
  31. hostPath:
  32. path: /lib/modules
  33. - name: var-run-calico
  34. hostPath:
  35. path: /var/run/calico
  36. # Used to install CNI.
  37. - name: cni-bin-dir
  38. hostPath:
  39. path: /opt/cni/bin
  40. - name: cni-net-dir
  41. hostPath:
  42. path: /etc/cni/net.d
  43. # Used by flannel daemon.
  44. - name: run-flannel
  45. hostPath:
  46. path: /run/flannel
  47. - name: resolv
  48. hostPath:
  49. path: /etc/resolv.conf
  50. - name: "canal-certs"
  51. hostPath:
  52. path: "{{ canal_cert_dir }}"
  53. containers:
  54. # Runs the flannel daemon to enable vxlan networking between
  55. # container hosts.
  56. - name: flannel
  57. image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
  58. imagePullPolicy: {{ k8s_image_pull_policy }}
  59. resources:
  60. limits:
  61. cpu: {{ flannel_cpu_limit }}
  62. memory: {{ flannel_memory_limit }}
  63. requests:
  64. cpu: {{ flannel_cpu_requests }}
  65. memory: {{ flannel_memory_requests }}
  66. env:
  67. # Cluster name
  68. - name: CLUSTER_NAME
  69. valueFrom:
  70. configMapKeyRef:
  71. name: canal-config
  72. key: cluster_name
  73. # The location of the etcd cluster.
  74. - name: FLANNELD_ETCD_ENDPOINTS
  75. valueFrom:
  76. configMapKeyRef:
  77. name: canal-config
  78. key: etcd_endpoints
  79. # The interface flannel should run on.
  80. - name: FLANNELD_IFACE
  81. valueFrom:
  82. configMapKeyRef:
  83. name: canal-config
  84. key: flanneld_iface
  85. # Perform masquerade on traffic leaving the pod cidr.
  86. - name: FLANNELD_IP_MASQ
  87. valueFrom:
  88. configMapKeyRef:
  89. name: canal-config
  90. key: masquerade
  91. # Set etcd-prefix
  92. - name: DOCKER_OPT_ETCD_PREFIX
  93. value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
  94. # Write the subnet.env file to the mounted directory.
  95. - name: FLANNELD_SUBNET_FILE
  96. value: "/run/flannel/subnet.env"
  97. # Etcd SSL vars
  98. - name: ETCD_CA_CERT_FILE
  99. valueFrom:
  100. configMapKeyRef:
  101. name: canal-config
  102. key: etcd_cafile
  103. - name: ETCD_CERT_FILE
  104. valueFrom:
  105. configMapKeyRef:
  106. name: canal-config
  107. key: etcd_certfile
  108. - name: ETCD_KEY_FILE
  109. valueFrom:
  110. configMapKeyRef:
  111. name: canal-config
  112. key: etcd_keyfile
  113. command:
  114. - "/bin/sh"
  115. - "-c"
  116. - "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network -etcd-cafile $(ETCD_CA_CERT_FILE) -etcd-certfile $(ETCD_CERT_FILE) -etcd-keyfile $(ETCD_KEY_FILE)"
  117. ports:
  118. - hostPort: 10253
  119. containerPort: 10253
  120. securityContext:
  121. privileged: true
  122. volumeMounts:
  123. - name: "resolv"
  124. mountPath: "/etc/resolv.conf"
  125. - name: "run-flannel"
  126. mountPath: "/run/flannel"
  127. - name: "canal-certs"
  128. mountPath: "{{ canal_cert_dir }}"
  129. readOnly: true
  130. # Runs calico/node container on each Kubernetes node. This
  131. # container programs network policy and local routes on each
  132. # host.
  133. - name: calico-node
  134. image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
  135. imagePullPolicy: {{ k8s_image_pull_policy }}
  136. resources:
  137. limits:
  138. cpu: {{ calico_node_cpu_limit }}
  139. memory: {{ calico_node_memory_limit }}
  140. requests:
  141. cpu: {{ calico_node_cpu_requests }}
  142. memory: {{ calico_node_memory_requests }}
  143. env:
  144. # The location of the etcd cluster.
  145. - name: ETCD_ENDPOINTS
  146. valueFrom:
  147. configMapKeyRef:
  148. name: canal-config
  149. key: etcd_endpoints
  150. # Disable Calico BGP. Calico is simply enforcing policy.
  151. - name: CALICO_NETWORKING
  152. value: "false"
  153. # Cluster type to identify the deployment type
  154. - name: CLUSTER_TYPE
  155. value: "kubespray,canal"
  156. # Disable file logging so `kubectl logs` works.
  157. - name: CALICO_DISABLE_FILE_LOGGING
  158. value: "true"
  159. # Etcd SSL vars
  160. - name: ETCD_CA_CERT_FILE
  161. valueFrom:
  162. configMapKeyRef:
  163. name: canal-config
  164. key: etcd_cafile
  165. - name: ETCD_CERT_FILE
  166. valueFrom:
  167. configMapKeyRef:
  168. name: canal-config
  169. key: etcd_certfile
  170. - name: ETCD_KEY_FILE
  171. valueFrom:
  172. configMapKeyRef:
  173. name: canal-config
  174. key: etcd_keyfile
  175. - name: NODENAME
  176. valueFrom:
  177. fieldRef:
  178. fieldPath: spec.nodeName
  179. securityContext:
  180. privileged: true
  181. volumeMounts:
  182. - mountPath: /lib/modules
  183. name: lib-modules
  184. readOnly: true
  185. - mountPath: /var/run/calico
  186. name: var-run-calico
  187. readOnly: false
  188. - name: "canal-certs"
  189. mountPath: "{{ canal_cert_dir }}"
  190. readOnly: true
  191. updateStrategy:
  192. rollingUpdate:
  193. maxUnavailable: {{ serial | default('20%') }}
  194. type: RollingUpdate