mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-07 20:21:20 +00:00
Update Calico add-on
This commit is contained in:
Casey Davenport
@@ -1,11 +1,17 @@
|
||||
# Calico Policy Controller
|
||||
==============
|
||||
|
||||
Calico Policy Controller is an implementation of the Kubernetes network policy API.
|
||||
Calico is an implementation of the Kubernetes network policy API. The provided manifest installs a DaemonSet which runs Calico on each node in the cluster.
|
||||
|
||||
Learn more at:
|
||||
- https://github.com/projectcalico/k8s-policy
|
||||
- http://kubernetes.io/docs/user-guide/networkpolicies/
|
||||
### Templating
|
||||
|
||||
The provided `calico-node.yaml` manifest includes the following placeholders which are populated
|
||||
via templating.
|
||||
|
||||
- `__CLUSTER_CIDR__`: The IP range from which Pod IP addresses are assigned.
|
||||
|
||||
### Learn More
|
||||
|
||||
Learn more about Calico at http://docs.projectcalico.org
|
||||
|
||||
[]()
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: calico-etcd
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
name: calico-etcd
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: 10.0.0.17
|
||||
ports:
|
||||
- port: 6666
|
||||
selector:
|
||||
k8s-app: calico-etcd
|
||||
@@ -1,42 +0,0 @@
|
||||
apiVersion: "apps/v1beta1"
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: calico-etcd
|
||||
namespace: kube-system
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: calico-etcd
|
||||
spec:
|
||||
serviceName: calico-etcd
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
k8s-app: calico-etcd
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: calico-etcd
|
||||
image: gcr.io/google_containers/etcd:2.2.1
|
||||
env:
|
||||
- name: CALICO_ETCD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
command: ["/bin/sh","-c"]
|
||||
args: ["/usr/local/bin/etcd --name=calico --data-dir=/var/etcd/calico-data --advertise-client-urls=http://$CALICO_ETCD_IP:6666 --listen-client-urls=http://0.0.0.0:6666 --listen-peer-urls=http://0.0.0.0:6667"]
|
||||
volumeMounts:
|
||||
- name: var-etcd
|
||||
mountPath: /var/etcd
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: var-etcd
|
||||
annotations:
|
||||
volume.alpha.kubernetes.io/storage-class: anything
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
136
cluster/addons/calico-policy-controller/calico-node.yaml
Normal file
136
cluster/addons/calico-policy-controller/calico-node.yaml
Normal file
@@ -0,0 +1,136 @@
|
||||
kind: DaemonSet
|
||||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
name: calico-node
|
||||
namespace: kube-system
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
k8s-app: calico-node
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: calico-node
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: calico-node
|
||||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
scheduler.alpha.kubernetes.io/tolerations: |
|
||||
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" },
|
||||
{"key":"CriticalAddonsOnly", "operator":"Exists"}]
|
||||
spec:
|
||||
nodeSelector:
|
||||
projectcalico.org/ds-ready: "true"
|
||||
hostNetwork: true
|
||||
containers:
|
||||
# Runs calico/node container on each Kubernetes node. This
|
||||
# container programs network policy and routes on each
|
||||
# host.
|
||||
- name: calico-node
|
||||
image: calico/node:v1.2.1
|
||||
env:
|
||||
- name: CALICO_DISABLE_FILE_LOGGING
|
||||
value: "true"
|
||||
- name: CALICO_NETWORKING_BACKEND
|
||||
value: "none"
|
||||
- name: CALICO_IPV4POOL_CIDR
|
||||
value: "__CLUSTER_CIDR__"
|
||||
- name: CALICO_IPV4POOL_IPIP
|
||||
value: "off"
|
||||
- name: DATASTORE_TYPE
|
||||
value: "kubernetes"
|
||||
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
|
||||
value: "ACCEPT"
|
||||
- name: FELIX_IPV6SUPPORT
|
||||
value: "false"
|
||||
- name: FELIX_LOGSEVERITYSYS
|
||||
value: "none"
|
||||
- name: FELIX_PROMETHEUSMETRICSENABLED
|
||||
value: "true"
|
||||
- name: IP
|
||||
value: ""
|
||||
- name: NODENAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: WAIT_FOR_DATASTORE
|
||||
value: "true"
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 250m
|
||||
volumeMounts:
|
||||
- mountPath: /lib/modules
|
||||
name: lib-modules
|
||||
readOnly: true
|
||||
- mountPath: /etc/calico
|
||||
name: etc-calico
|
||||
readOnly: true
|
||||
# This container installs the Calico CNI binaries
|
||||
# and CNI network config file on each node.
|
||||
- name: install-cni
|
||||
image: calico/cni:v1.8.3-hostport
|
||||
command: ["/install-cni.sh"]
|
||||
env:
|
||||
- name: CNI_CONF_NAME
|
||||
value: "10-calico.conflist"
|
||||
- name: CNI_NETWORK_CONFIG
|
||||
value: |-
|
||||
{
|
||||
"name": "k8s-pod-network",
|
||||
"cniVersion": "0.3.0",
|
||||
"plugins": [
|
||||
{
|
||||
"type": "calico",
|
||||
"log_level": "debug",
|
||||
"datastore_type": "kubernetes",
|
||||
"nodename": "__KUBERNETES_NODE_NAME__",
|
||||
"ipam": {
|
||||
"type": "host-local",
|
||||
"subnet": "usePodCidr"
|
||||
},
|
||||
"policy": {
|
||||
"type": "k8s",
|
||||
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
|
||||
},
|
||||
"kubernetes": {
|
||||
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
|
||||
"kubeconfig": "__KUBECONFIG_FILEPATH__"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "portmap",
|
||||
"capabilities": {"portMappings": true},
|
||||
"noSnat": true
|
||||
}
|
||||
]
|
||||
}
|
||||
- name: KUBERNETES_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
volumeMounts:
|
||||
- mountPath: /host/opt/cni/bin
|
||||
name: cni-bin-dir
|
||||
- mountPath: /host/etc/cni/net.d
|
||||
name: cni-net-dir
|
||||
volumes:
|
||||
# Used to ensure proper kmods are installed.
|
||||
- name: lib-modules
|
||||
hostPath:
|
||||
path: /lib/modules
|
||||
# Mount in the Felix config file from the host.
|
||||
- name: etc-calico
|
||||
hostPath:
|
||||
path: /etc/calico
|
||||
# Used to install CNI binaries.
|
||||
- name: cni-bin-dir
|
||||
hostPath:
|
||||
path: /home/kubernetes/bin
|
||||
# Used to install CNI network config.
|
||||
- name: cni-net-dir
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
@@ -1,32 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ReplicationController
|
||||
metadata:
|
||||
name: calico-policy-controller
|
||||
namespace: kube-system
|
||||
labels:
|
||||
k8s-app: calico-policy
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
k8s-app: calico-policy
|
||||
template:
|
||||
metadata:
|
||||
name: calico-policy-controller
|
||||
namespace: kube-system
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
k8s-app: calico-policy
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: calico-policy-controller
|
||||
image: calico/kube-policy-controller:v0.2.0
|
||||
env:
|
||||
- name: ETCD_ENDPOINTS
|
||||
value: "http://10.0.0.17:6666"
|
||||
- name: K8S_API
|
||||
value: "https://kubernetes.default:443"
|
||||
- name: CONFIGURE_ETC_HOSTS
|
||||
value: "true"
|
||||
Reference in New Issue
Block a user