Browse Source
weave: Upgrade to 2.4.0
weave: Upgrade to 2.4.0
Upstream Changes: - weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0) - Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924) - Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305) - Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317) Our Changes: - Revamp weave-net.yml.j2 with upstream changes - Add more variables for customization - Replace WEAVE_PASSWORD with k8s secret - Remove hard-corded seed mode support, in favor of variables customizationpull/3022/head
Wong Hoi Sing Edison
6 years ago
8 changed files with 137 additions and 144 deletions
Split View
Diff Options
-
2README.md
-
34inventory/sample/group_vars/k8s-cluster.yml
-
2roles/download/defaults/main.yml
-
6roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
-
81roles/network_plugin/weave/defaults/main.yml
-
17roles/network_plugin/weave/tasks/main.yml
-
56roles/network_plugin/weave/tasks/seed.yml
-
83roles/network_plugin/weave/templates/weave-net.yml.j2
@ -1,29 +1,58 @@ |
|||
--- |
|||
# Limits |
|||
weave_memory_limits: 400M |
|||
weave_cpu_limits: 300m |
|||
weave_memory_requests: 64M |
|||
weave_cpu_requests: 10m |
|||
|
|||
# This two variable are automatically changed by the weave's role, do not manually change these values |
|||
# To reset values : |
|||
# weave_seed: unset |
|||
# weave_peers: unset |
|||
weave_seed: uninitialized |
|||
weave_peers: uninitialized |
|||
|
|||
# weave's network password for encryption |
|||
# if null then no network encryption |
|||
# you can use --extra-vars to pass the password in command line |
|||
weave_password: EnterPasswordHere |
|||
|
|||
# Weave uses consensus mode by default |
|||
# Enabling seed mode allow to dynamically add or remove hosts |
|||
# https://www.weave.works/docs/net/latest/ipam/ |
|||
weave_mode_seed: false |
|||
|
|||
# Set the MTU of Weave (default 1376, Jumbo Frames: 8916) |
|||
|
|||
# Weave's network password for encryption, if null then no network encryption. |
|||
weave_password: ~ |
|||
|
|||
# If set to 1, disable checking for new Weave Net versions (default is blank, |
|||
# i.e. check is enabled) |
|||
weave_checkpoint_disable: false |
|||
|
|||
# Soft limit on the number of connections between peers. Defaults to 100. |
|||
weave_conn_limit: 100 |
|||
|
|||
# Weave Net defaults to enabling hairpin on the bridge side of the veth pair |
|||
# for containers attached. If you need to disable hairpin, e.g. your kernel is |
|||
# one of those that can panic if hairpin is enabled, then you can disable it by |
|||
# setting `HAIRPIN_MODE=false`. |
|||
weave_hairpin_mode: true |
|||
|
|||
# The range of IP addresses used by Weave Net and the subnet they are placed in |
|||
# (CIDR format; default 10.32.0.0/12) |
|||
weave_ipalloc_range: "{{ kube_pods_subnet }}" |
|||
|
|||
# Set to 0 to disable Network Policy Controller (default is on) |
|||
weave_expect_npc: "{{ enable_network_policy }}" |
|||
|
|||
# List of addresses of peers in the Kubernetes cluster (default is to fetch the |
|||
# list from the api-server) |
|||
weave_kube_peers: ~ |
|||
|
|||
# Set the initialization mode of the IP Address Manager (defaults to consensus |
|||
# amongst the KUBE_PEERS) |
|||
weave_ipalloc_init: ~ |
|||
|
|||
# Set the IP address used as a gateway from the Weave network to the host |
|||
# network - this is useful if you are configuring the addon as a static pod. |
|||
weave_expose_ip: ~ |
|||
|
|||
# Address and port that the Weave Net daemon will serve Prometheus-style |
|||
# metrics on (defaults to 0.0.0.0:6782) |
|||
weave_metrics_addr: ~ |
|||
|
|||
# Address and port that the Weave Net daemon will serve status requests on |
|||
# (defaults to disabled) |
|||
weave_status_addr: ~ |
|||
|
|||
# Weave Net defaults to 1376 bytes, but you can set a smaller size if your |
|||
# underlying network has a tighter limit, or set a larger size for better |
|||
# performance if your network supports jumbo frames (e.g. 8916) |
|||
weave_mtu: 1376 |
|||
|
|||
# this variable is use in seed mode |
|||
weave_ip_current_cluster: "{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}" |
|||
# Set to 1 to preserve the client source IP address when accessing Service |
|||
# annotated with `service.spec.externalTrafficPolicy=Local`. The feature works |
|||
# only with Weave IPAM (default). |
|||
weave_no_masq_local: true |
|||
|
|||
# Extra variables that passing to launch.sh, useful for enabling seed mode, see |
|||
# https://www.weave.works/docs/net/latest/tasks/ipam/ipam/ |
|||
weave_extra_args: ~ |
|||
@ -1,56 +0,0 @@ |
|||
--- |
|||
- name: Weave seed | Set seed if first time |
|||
set_fact: |
|||
seed: '{% for host in groups["k8s-cluster"] %}{{ hostvars[host]["ansible_default_ipv4"]["macaddress"] }}{% if not loop.last %},{% endif %}{% endfor %}' |
|||
when: "weave_seed == 'uninitialized'" |
|||
run_once: true |
|||
tags: |
|||
- confweave |
|||
|
|||
- name: Weave seed | Set seed if not first time |
|||
set_fact: |
|||
seed: '{{ weave_seed }}' |
|||
when: "weave_seed != 'uninitialized'" |
|||
run_once: true |
|||
tags: |
|||
- confweave |
|||
|
|||
- name: Weave seed | Set peers if fist time |
|||
set_fact: |
|||
peers: '{{ weave_ip_current_cluster }}' |
|||
when: "weave_peers == 'uninitialized'" |
|||
run_once: true |
|||
tags: |
|||
- confweave |
|||
|
|||
- name: Weave seed | Set peers if existing peers |
|||
set_fact: |
|||
peers: '{{ weave_peers }}{% for ip in weave_ip_current_cluster.split(" ") %}{% if ip not in weave_peers.split(" ") %} {{ ip }}{% endif %}{% endfor %}' |
|||
when: "weave_peers != 'uninitialized'" |
|||
run_once: true |
|||
tags: |
|||
- confweave |
|||
|
|||
- name: Weave seed | Save seed |
|||
lineinfile: |
|||
dest: "{{ inventory_dir }}/group_vars/k8s-cluster.yml" |
|||
state: present |
|||
regexp: '^weave_seed:' |
|||
line: 'weave_seed: {{ seed }}' |
|||
become: no |
|||
delegate_to: 127.0.0.1 |
|||
run_once: true |
|||
tags: |
|||
- confweave |
|||
|
|||
- name: Weave seed | Save peers |
|||
lineinfile: |
|||
dest: "{{ inventory_dir }}/group_vars/k8s-cluster.yml" |
|||
state: present |
|||
regexp: '^weave_peers:' |
|||
line: 'weave_peers: {{ peers }}' |
|||
become: no |
|||
delegate_to: 127.0.0.1 |
|||
run_once: true |
|||
tags: |
|||
- confweave |
|||
Write
Preview
Loading…
Cancel
Save