From 65c86377fc3e361b387a8dba1650ed57afb616a1 Mon Sep 17 00:00:00 2001 From: Brad Beam Date: Wed, 4 Jan 2017 16:46:00 -0600 Subject: [PATCH 1/2] Adding calicoctl to canal deployment --- roles/network_plugin/canal/defaults/main.yml | 4 ++++ roles/network_plugin/canal/tasks/main.yml | 9 +++++++++ .../canal/templates/calicoctl-container.j2 | 14 ++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 roles/network_plugin/canal/templates/calicoctl-container.j2 diff --git a/roles/network_plugin/canal/defaults/main.yml b/roles/network_plugin/canal/defaults/main.yml index f8482fb1a..7caf6dcd9 100644 --- a/roles/network_plugin/canal/defaults/main.yml +++ b/roles/network_plugin/canal/defaults/main.yml @@ -23,3 +23,7 @@ flannel_memory_limit: 500M flannel_cpu_limit: 200m flannel_memory_requests: 256M flannel_cpu_requests: 100m +calicoctl_memory_limit: 170M +calicoctl_cpu_limit: 100m +calicoctl_memory_requests: 70M +calicoctl_cpu_requests: 50m diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml index 3d3b19bdc..dcfb5e118 100644 --- a/roles/network_plugin/canal/tasks/main.yml +++ b/roles/network_plugin/canal/tasks/main.yml @@ -59,3 +59,12 @@ delay: "{{ retry_stagger | random + 3 }}" changed_when: false tags: [hyperkube, upgrade] + +- name: Canal | Install calicoctl container script + template: + src: calicoctl-container.j2 + dest: "{{ bin_dir }}/calicoctl" + mode: 0755 + owner: root + group: root + changed_when: false diff --git a/roles/network_plugin/canal/templates/calicoctl-container.j2 b/roles/network_plugin/canal/templates/calicoctl-container.j2 new file mode 100644 index 000000000..df11a85ef --- /dev/null +++ b/roles/network_plugin/canal/templates/calicoctl-container.j2 @@ -0,0 +1,14 @@ +#!/bin/bash +{{ docker_bin_dir }}/docker run -i --privileged --rm \ +--net=host --pid=host \ +-e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \ +-e ETCD_CA_CERT_FILE={{ canal_cert_dir }}/ca_cert.crt \ +-e ETCD_CERT_FILE={{ canal_cert_dir }}/cert.crt \ +-e ETCD_KEY_FILE={{ canal_cert_dir }}/key.pem \ +-v {{ docker_bin_dir }}/docker:{{ docker_bin_dir }}/docker \ +-v /var/run/docker.sock:/var/run/docker.sock \ +-v /var/run/calico:/var/run/calico \ +-v {{ canal_cert_dir }}:{{ calico_cert_dir }}:ro \ +--memory={{ calicoctl_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ calicoctl_cpu_limit|regex_replace('m', '') }} \ +{{ calicoctl_image_repo }}:{{ calicoctl_image_tag}} \ +$@ From cf042b2a4c212358b550ca9a791bd972d74674bd Mon Sep 17 00:00:00 2001 From: Brad Beam Date: Wed, 4 Jan 2017 16:51:11 -0600 Subject: [PATCH 2/2] Create network policy directory for canal --- roles/network_plugin/canal/defaults/main.yml | 4 ++++ roles/network_plugin/canal/tasks/main.yml | 5 +++++ roles/network_plugin/canal/templates/calicoctl-container.j2 | 3 ++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/network_plugin/canal/defaults/main.yml b/roles/network_plugin/canal/defaults/main.yml index 7caf6dcd9..60adff59f 100644 --- a/roles/network_plugin/canal/defaults/main.yml +++ b/roles/network_plugin/canal/defaults/main.yml @@ -14,6 +14,9 @@ canal_log_level: "info" canal_cert_dir: /etc/canal/certs etcd_cert_dir: /etc/ssl/etcd/ssl +# Canal Network Policy directory +canal_policy_dir: /etc/kubernetes/policy + # Limits for apps calico_node_memory_limit: 500M calico_node_cpu_limit: 200m @@ -27,3 +30,4 @@ calicoctl_memory_limit: 170M calicoctl_cpu_limit: 100m calicoctl_memory_requests: 70M calicoctl_cpu_requests: 50m + diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml index dcfb5e118..7ccbcdf2e 100644 --- a/roles/network_plugin/canal/tasks/main.yml +++ b/roles/network_plugin/canal/tasks/main.yml @@ -68,3 +68,8 @@ owner: root group: root changed_when: false + +- name: Canal | Create network policy directory + file: + path: "{{ canal_policy_dir }}" + state: directory diff --git a/roles/network_plugin/canal/templates/calicoctl-container.j2 b/roles/network_plugin/canal/templates/calicoctl-container.j2 index df11a85ef..d65d88d46 100644 --- a/roles/network_plugin/canal/templates/calicoctl-container.j2 +++ b/roles/network_plugin/canal/templates/calicoctl-container.j2 @@ -8,7 +8,8 @@ -v {{ docker_bin_dir }}/docker:{{ docker_bin_dir }}/docker \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/calico:/var/run/calico \ --v {{ canal_cert_dir }}:{{ calico_cert_dir }}:ro \ +-v {{ canal_cert_dir }}:{{ canal_cert_dir }}:ro \ +-v {{ canal_policy_dir }}:{{ canal_policy_dir }}:ro \ --memory={{ calicoctl_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ calicoctl_cpu_limit|regex_replace('m', '') }} \ {{ calicoctl_image_repo }}:{{ calicoctl_image_tag}} \ $@