Barry Melbourne
4 years ago
GitHub
GPG Key ID:
3 changed files with
22 additions and
7 deletions
docs/calico.md
inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
roles/network_plugin/calico/templates/cni-calico.conflist.j2
@ -248,3 +248,15 @@ calico_node_extra_envs:
neutron security-group-rule-create --protocol 4 --direction egress k8s-a0tp4tneutron security-group-rule-create --protocol 4 --direction egress k8s-a0tp4t
neutron security-group-rule-create --protocol 4 --direction igress k8s-a0tp4tneutron security-group-rule-create --protocol 4 --direction igress k8s-a0tp4t
``````
### Optional : Use Calico CNI host-local IPAM plugin
Calico currently supports two types of CNI IPAM plugins, `host-local` and `calico-ipam` (default).
To allow Calico to determine the subnet to use from the Kubernetes API based on the `Node.podCIDR` field, enable the following setting.
```yml
calico_ipam_host_local: true
```
Refer to Project Calico section [Using host-local IPAM ](https://docs.projectcalico.org/reference/cni-plugin/configuration#using-host-local-ipam ) for further information.
@ -8,6 +8,9 @@
# Enables Internet connectivity from containers # Enables Internet connectivity from containers
# nat_outgoing: true # nat_outgoing: true
# Enables Calico CNI "host-local" IPAM plugin
# calico_ipam_host_local: true
# add default ippool name # add default ippool name
# calico_pool_name: "default-pool" # calico_pool_name: "default-pool"
@ -9,9 +9,9 @@
{% else %}{% else %}
{% if cloud_provider is defined %}{% if cloud_provider is defined %}
"nodename": "{{ calico_kubelet_name.stdout }}", "nodename": "{{ calico_kubelet_name.stdout }}",
{% else %}
{% else %}
"nodename": "{{ calico_baremetal_nodename }}", "nodename": "{{ calico_baremetal_nodename }}",
{% endif %}
{% endif %}
{% endif %}{% endif %}
"type": "calico", "type": "calico",
"log_level": "info", "log_level": "info",
@ -22,7 +22,7 @@
"etcd_key_file": "{{ calico_cert_dir }}/key.pem", "etcd_key_file": "{{ calico_cert_dir }}/key.pem",
"etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt", "etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt",
{% endif %}{% endif %}
{% if calico_datastore == "kdd" and calico_version is version('v3.6.0', '<') %}
{% if calico_ipam_host_local is defined %}
"ipam": { "ipam": {
"type": "host-local", "type": "host-local",
"subnet": "usePodCidr" "subnet": "usePodCidr"
@ -47,18 +47,18 @@
"policy": { "policy": {
"type": "k8s" "type": "k8s"
}, },
{%- endif %}
{% endif %}
{% if calico_mtu is defined and calico_mtu is number %}{% if calico_mtu is defined and calico_mtu is number %}
"mtu": {{ calico_mtu }}, "mtu": {{ calico_mtu }},
{%- endif %}
{% endif %}
"kubernetes": { "kubernetes": {
"kubeconfig": "{% if calico_version is version('v3.3.0', '>=') %}__KUBECONFIG_FILEPATH__{% else %}{{ kube_config_dir }}/node-kubeconfig.yaml{% endif %}" "kubeconfig": "{% if calico_version is version('v3.3.0', '>=') %}__KUBECONFIG_FILEPATH__{% else %}{{ kube_config_dir }}/node-kubeconfig.yaml{% endif %}"
} }
}, },
{ {
"type":"portmap", "type":"portmap",
"capabilities":{
"portMappings":true
"capabilities": {
"portMappings": true
} }
} }
] ]
Barry Melbourne
4 years ago
GitHub