Create network policy directory for canal

8 years ago · cf042b2a4c
3 changed files with 11 additions and 1 deletions
--- a/roles/network_plugin/canal/defaults/main.yml
+++ b/roles/network_plugin/canal/defaults/main.yml
@ -14,6 +14,9 @@ canal_log_level: "info"
 canal_cert_dir: /etc/canal/certs
 etcd_cert_dir: /etc/ssl/etcd/ssl

+# Canal Network Policy directory
+canal_policy_dir: /etc/kubernetes/policy
+
 # Limits for apps
 calico_node_memory_limit: 500M
 calico_node_cpu_limit: 200m
@ -27,3 +30,4 @@ calicoctl_memory_limit: 170M
 calicoctl_cpu_limit: 100m
 calicoctl_memory_requests: 70M
 calicoctl_cpu_requests: 50m
+
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@ -68,3 +68,8 @@
    owner: root
    group: root
  changed_when: false
+
+- name: Canal | Create network policy directory
+  file:
+    path: "{{ canal_policy_dir }}"
+    state: directory
--- a/roles/network_plugin/canal/templates/calicoctl-container.j2
+++ b/roles/network_plugin/canal/templates/calicoctl-container.j2
@ -8,7 +8,8 @@
 -v {{ docker_bin_dir }}/docker:{{ docker_bin_dir }}/docker \
 -v /var/run/docker.sock:/var/run/docker.sock \
 -v /var/run/calico:/var/run/calico \
-v {{ canal_cert_dir }}:{{ calico_cert_dir }}:ro \
+-v {{ canal_cert_dir }}:{{ canal_cert_dir }}:ro \
+-v {{ canal_policy_dir }}:{{ canal_policy_dir }}:ro \
 --memory={{ calicoctl_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ calicoctl_cpu_limit|regex_replace('m', '') }} \
 {{ calicoctl_image_repo }}:{{ calicoctl_image_tag}} \
 $@