From 249a5c9f0f79885451dc86234098cbc6c2a335d2 Mon Sep 17 00:00:00 2001 From: OHTAKE Tomohiro Date: Tue, 15 Mar 2016 23:49:11 +0900 Subject: [PATCH] Use host-gw flannel for better performance --- .../fragments/provision-network-master.sh | 3 +-- .../kubernetes-heat/kubecluster.yaml | 22 ++++++++++++------- .../openstack/kubernetes-heat/kubeminion.yaml | 17 +++++++------- 3 files changed, 23 insertions(+), 19 deletions(-) diff --git a/cluster/openstack/kubernetes-heat/fragments/provision-network-master.sh b/cluster/openstack/kubernetes-heat/fragments/provision-network-master.sh index 3cdf9b8b2bc..901734e8273 100644 --- a/cluster/openstack/kubernetes-heat/fragments/provision-network-master.sh +++ b/cluster/openstack/kubernetes-heat/fragments/provision-network-master.sh @@ -49,8 +49,7 @@ cat < /etc/flannel-config.json "Network": "${CONTAINER_SUBNET}", "SubnetLen": 24, "Backend": { - "Type": "udp", - "Port": 8285 + "Type": "host-gw" } } EOF diff --git a/cluster/openstack/kubernetes-heat/kubecluster.yaml b/cluster/openstack/kubernetes-heat/kubecluster.yaml index 3832f4c4fda..bd1cc4643b1 100644 --- a/cluster/openstack/kubernetes-heat/kubecluster.yaml +++ b/cluster/openstack/kubernetes-heat/kubecluster.yaml @@ -144,21 +144,23 @@ resources: - protocol: tcp port_range_min: 22 port_range_max: 22 + - remote_mode: remote_group_id - secgroup_kubernetes: + secgroup_master: type: OS::Neutron::SecurityGroup properties: rules: - - protocol: tcp # etcd for flanneld - port_range_min: 4379 - port_range_max: 4380 - - protocol: udp # flannel backend - port_range_min: 8285 - port_range_max: 8285 - protocol: tcp # api-server port_range_min: 443 port_range_max: 443 + secgroup_node: + type: OS::Neutron::SecurityGroup + properties: + rules: + - protocol: icmp + - protocol: tcp + - protocol: udp ###################################################################### # @@ -261,9 +263,11 @@ resources: network: {get_resource: fixed_network} security_groups: - {get_resource: secgroup_base} - - {get_resource: secgroup_kubernetes} + - {get_resource: secgroup_master} fixed_ips: - subnet: {get_resource: fixed_subnet} + allowed_address_pairs: + - ip_address: 10.246.0.0/16 replacement_policy: AUTO kube_master_floating: @@ -302,6 +306,8 @@ resources: wait_condition_timeout: {get_param: wait_condition_timeout} metadata: {"metering.stack": {get_param: "OS::stack_id"}} cluster_name: {get_param: "OS::stack_name"} + secgroup_base: {get_resource: secgroup_base} + secgroup_node: {get_resource: secgroup_node} min_size: {get_param: number_of_minions} desired_capacity: {get_param: number_of_minions} max_size: {get_param: max_number_of_minions} diff --git a/cluster/openstack/kubernetes-heat/kubeminion.yaml b/cluster/openstack/kubernetes-heat/kubeminion.yaml index 76075c76079..f33dd2008fd 100644 --- a/cluster/openstack/kubernetes-heat/kubeminion.yaml +++ b/cluster/openstack/kubernetes-heat/kubeminion.yaml @@ -60,6 +60,10 @@ parameters: description: metadata for ceilometer query cluster_name: type: string + secgroup_base: + type: string + secgroup_node: + type: string resources: @@ -73,14 +77,6 @@ resources: handle: {get_resource: minion_wait_handle} timeout: {get_param: wait_condition_timeout} - secgroup_all_open: - type: OS::Neutron::SecurityGroup - properties: - rules: - - protocol: icmp - - protocol: tcp - - protocol: udp - ###################################################################### # # software configs. these are components that are combined into @@ -182,9 +178,12 @@ resources: properties: network: {get_param: fixed_network} security_groups: - - get_resource: secgroup_all_open + - {get_param: secgroup_base} + - {get_param: secgroup_node} fixed_ips: - subnet: {get_param: fixed_subnet} + allowed_address_pairs: + - ip_address: 10.246.0.0/16 replacement_policy: AUTO kube_minion_floating: