richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Calico: add dependencies for 3.21.x (#8250)

pull/8262/head
Cristian Calin 3 years ago
committed by GitHub
parent
dc767c14b9
commit
31c7b6747b
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 5 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
  2. 8
      roles/network_plugin/calico/templates/calico-cr.yml.j2
  3. 33
      roles/network_plugin/calico/templates/calico-node.yml.j2

1
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
View File

@ -52,6 +52,7 @@ rules:
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
- ipreservations
verbs:
- list
- apiGroups: ["crd.projectcalico.org"]

8
roles/network_plugin/calico/templates/calico-cr.yml.j2
View File

@ -83,6 +83,7 @@ rules:
- globalbgpconfigs
- bgpconfigurations
- ippools
- ipreservations
- ipamblocks
- globalnetworkpolicies
- globalnetworksets
@ -91,6 +92,7 @@ rules:
- clusterinformations
- hostendpoints
- blockaffinities
- caliconodestatuses
verbs:
- get
- list
@ -104,6 +106,12 @@ rules:
verbs:
- create
- update
# Calico must update some CRDs.
- apiGroups: [ "crd.projectcalico.org" ]
resources:
- caliconodestatuses
verbs:
- update
# Calico stores some configuration information on the node.
- apiGroups: [""]
resources:

33
roles/network_plugin/calico/templates/calico-node.yml.j2
View File

@ -72,6 +72,11 @@ spec:
- name: install-cni
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
command: ["/opt/cni/bin/install"]
envFrom:
- configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
name: kubernetes-services-endpoint
optional: true
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
@ -214,11 +219,6 @@ spec:
# # Configure the IP Pool from which Pod IPs will be chosen.
# - name: CALICO_IPV4POOL_CIDR
# value: "{{ calico_pool_cidr | default(kube_pods_subnet) }}"
{% if calico_veth_mtu is defined %}
# Set MTU for the Wireguard tunnel device.
- name: FELIX_WIREGUARDMTU
value: "{{ calico_veth_mtu }}"
{% endif %}
- name: CALICO_IPV4POOL_IPIP
value: "{{ calico_ipv4pool_ipip }}"
- name: FELIX_IPV6SUPPORT
@ -234,8 +234,15 @@ spec:
value: "{{ calico_usage_reporting }}"
# Set MTU for tunnel device used if ipip is enabled
{% if calico_mtu is defined %}
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
# Set MTU for the VXLAN tunnel device.
- name: FELIX_VXLANMTU
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
# Set MTU for the Wireguard tunnel device.
- name: FELIX_WIREGUARDMTU
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
{% endif %}
- name: FELIX_CHAININSERTMODE
value: "{{ calico_felix_chaininsertmode }}"
@ -270,6 +277,12 @@ spec:
fieldRef:
fieldPath: status.hostIP
{% endif %}
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT"
- name: NODENAME
valueFrom:
fieldRef:
@ -295,6 +308,14 @@ spec:
requests:
cpu: {{ calico_node_cpu_requests }}
memory: {{ calico_node_memory_requests }}
{% if calico_version is version('v3.21.0', '>=') %}
lifecycle:
preStop:
exec:
command:
- /bin/calico-node
- -shutdown
{% endif %}
livenessProbe:
exec:
command:
@ -336,8 +357,10 @@ spec:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
# For maintaining CNI plugin API credentials.
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
readOnly: false
{% if typha_secure %}
- name: typha-client
mountPath: /etc/typha-client

Write Preview
Loading…
Cancel
Save