From 4f85b75087ece93f540e9b332353c3fa56c5379d Mon Sep 17 00:00:00 2001 From: Cyclinder Date: Fri, 30 Jun 2023 17:51:45 +0800 Subject: [PATCH] using configmap to configure calico cni config (#10177) Signed-off-by: cyclinder qifeng.guo@daocloud.io Signed-off-by: cyclinder qifeng.guo@daocloud.io --- roles/network_plugin/calico/tasks/install.yml | 9 -- .../calico/templates/calico-config.yml.j2 | 84 ++++++++++++++++++ .../calico/templates/calico-node.yml.j2 | 9 +- .../calico/templates/cni-calico.conflist.j2 | 86 ------------------- 4 files changed, 90 insertions(+), 98 deletions(-) delete mode 100644 roles/network_plugin/calico/templates/cni-calico.conflist.j2 diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index bee2e01e3..dd6b71ae0 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -16,15 +16,6 @@ mode: 0755 remote_src: yes -- name: Calico | Write Calico cni config - template: - src: "cni-calico.conflist.j2" - dest: "/etc/cni/net.d/calico.conflist.template" - mode: 0644 - owner: root - register: calico_conflist - notify: reset_calico_cni - - name: Calico | Create calico certs directory file: dest: "{{ calico_cert_dir }}" diff --git a/roles/network_plugin/calico/templates/calico-config.yml.j2 b/roles/network_plugin/calico/templates/calico-config.yml.j2 index 568cc00af..0379b6271 100644 --- a/roles/network_plugin/calico/templates/calico-config.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-config.yml.j2 @@ -25,3 +25,87 @@ data: {% if inventory_hostname in groups['k8s_cluster'] and peer_with_router|default(false) %} as: "{{ local_as|default(global_as_num) }}" {% endif -%} + # The CNI network configuration to install on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "name": "{{ calico_cni_name }}", + "cniVersion":"0.3.1", + "plugins":[ + { + {% if calico_datastore == "kdd" %} + "datastore_type": "kubernetes", + "nodename": "__KUBERNETES_NODE_NAME__", + {% else %} + {% if cloud_provider is defined %} + "nodename": "{{ calico_kubelet_name.stdout }}", + {% else %} + "nodename": "{{ calico_baremetal_nodename }}", + {% endif %} + {% endif %} + "type": "calico", + "log_level": "info", + {% if calico_cni_log_file_path %} + "log_file_path": "{{ calico_cni_log_file_path }}", + {% endif %} + {% if calico_datastore == "etcd" %} + "etcd_endpoints": "{{ etcd_access_addresses }}", + "etcd_cert_file": "{{ calico_cert_dir }}/cert.crt", + "etcd_key_file": "{{ calico_cert_dir }}/key.pem", + "etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt", + {% endif %} + {% if calico_ipam_host_local is defined %} + "ipam": { + "type": "host-local", + "subnet": "usePodCidr" + }, + {% else %} + "ipam": { + "type": "calico-ipam", + {% if enable_dual_stack_networks %} + "assign_ipv6": "true", + {% endif %} + "assign_ipv4": "true" + }, + {% endif %} + {% if calico_allow_ip_forwarding %} + "container_settings": { + "allow_ip_forwarding": true + }, + {% endif %} + {% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %} + "feature_control": { + {% for fc in calico_feature_control -%} + {% set fcval = calico_feature_control[fc] -%} + "{{ fc }}": {{ (fcval | string | lower) if (fcval == true or fcval == false) else "\"" + fcval + "\"" }}{{ "," if not loop.last else "" }} + {% endfor -%} + {{- "" }} + }, + {% endif %} + {% if enable_network_policy %} + "policy": { + "type": "k8s" + }, + {% endif %} + {% if calico_mtu is defined and calico_mtu is number %} + "mtu": {{ calico_mtu }}, + {% endif %} + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__" + } + }, + { + "type":"portmap", + "capabilities": { + "portMappings": true + } + }, + { + "type":"bandwidth", + "capabilities": { + "bandwidth": true + } + } + ] + } + diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2 index 3af01c8e7..bd6c63c24 100644 --- a/roles/network_plugin/calico/templates/calico-node.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-node.yml.j2 @@ -80,15 +80,18 @@ spec: name: kubernetes-services-endpoint optional: true env: + # The CNI network config to install on each node. + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + name: calico-config + key: cni_network_config # Name of the CNI config file to create. - name: CNI_CONF_NAME value: "10-calico.conflist" # Install CNI binaries - name: UPDATE_CNI_BINARIES value: "true" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG_FILE - value: "/host/etc/cni/net.d/calico.conflist.template" # Prevents the container from sleeping forever. - name: SLEEP value: "false" diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2 deleted file mode 100644 index 5cdf1ac86..000000000 --- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 +++ /dev/null @@ -1,86 +0,0 @@ -{ - "name": "{{ calico_cni_name }}", - "cniVersion":"0.3.1", - "plugins":[ - { -{% if calico_datastore == "kdd" %} - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", -{% else %} -{% if cloud_provider is defined %} - "nodename": "{{ calico_kubelet_name.stdout }}", -{% else %} - "nodename": "{{ calico_baremetal_nodename }}", -{% endif %} -{% endif %} - "type": "calico", - "log_level": "info", -{% if calico_cni_log_file_path %} - "log_file_path": "{{ calico_cni_log_file_path }}", -{% endif %} -{% if calico_datastore == "etcd" %} - "etcd_endpoints": "{{ etcd_access_addresses }}", - "etcd_cert_file": "{{ calico_cert_dir }}/cert.crt", - "etcd_key_file": "{{ calico_cert_dir }}/key.pem", - "etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt", -{% endif %} -{% if calico_ipam_host_local is defined %} - "ipam": { - "type": "host-local", - "subnet": "usePodCidr" - }, -{% else %} - "ipam": { - "type": "calico-ipam", -{% if enable_dual_stack_networks %} - "assign_ipv6": "true", -{% if calico_cni_pool_ipv6 %} - "ipv6_pools": ["{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}"], -{% endif %} -{% endif %} -{% if calico_cni_pool %} - "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"], -{% endif %} - "assign_ipv4": "true" - }, -{% endif %} -{% if calico_allow_ip_forwarding %} - "container_settings": { - "allow_ip_forwarding": true - }, -{% endif %} -{% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %} - "feature_control": { - {% for fc in calico_feature_control -%} - {% set fcval = calico_feature_control[fc] -%} - "{{ fc }}": {{ (fcval | string | lower) if (fcval == true or fcval == false) else "\"" + fcval + "\"" }}{{ "," if not loop.last else "" }} - {% endfor -%} - {{- "" }} - }, -{% endif %} -{% if enable_network_policy %} - "policy": { - "type": "k8s" - }, -{% endif %} -{% if calico_mtu is defined and calico_mtu is number %} - "mtu": {{ calico_mtu }}, -{% endif %} - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type":"portmap", - "capabilities": { - "portMappings": true - } - }, - { - "type":"bandwidth", - "capabilities": { - "bandwidth": true - } - } - ] -}