diff --git a/cluster/addons/calico-policy-controller/README.md b/cluster/addons/calico-policy-controller/README.md index ef8a94e3f34..920cb84d2cf 100644 --- a/cluster/addons/calico-policy-controller/README.md +++ b/cluster/addons/calico-policy-controller/README.md @@ -1,7 +1,11 @@ # Calico Policy Controller ============== -Calico is an implementation of the Kubernetes network policy API. The provided manifest installs a DaemonSet which runs Calico on each node in the cluster. +Calico is an implementation of the Kubernetes network policy API. The provided manifests install: + +- A DaemonSet which runs Calico on each node in the cluster. +- A Deployment which installs the Calico Typha agent. +- A Service for the Calico Typha agent. ### Learn More diff --git a/cluster/addons/calico-policy-controller/calico-node.yaml b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml similarity index 95% rename from cluster/addons/calico-policy-controller/calico-node.yaml rename to cluster/addons/calico-policy-controller/calico-node-daemonset.yaml index ac4c4ba8c32..1f93c8ee9c2 100644 --- a/cluster/addons/calico-policy-controller/calico-node.yaml +++ b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml @@ -26,7 +26,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: calico/node:v1.2.1 + image: calico/node:v1.3.0-rc1 env: - name: CALICO_DISABLE_FILE_LOGGING value: "true" @@ -34,6 +34,8 @@ spec: value: "none" - name: DATASTORE_TYPE value: "kubernetes" + - name: FELIX_TYPHAK8SSERVICENAME + value: "calico-typha" - name: FELIX_DEFAULTENDPOINTTOHOSTACTION value: "ACCEPT" - name: FELIX_IPV6SUPPORT @@ -67,7 +69,7 @@ spec: # This container installs the Calico CNI binaries # and CNI network config file on each node. - name: install-cni - image: calico/cni:v1.8.3-hostport + image: calico/cni:v1.9.1 command: ["/install-cni.sh"] env: - name: CNI_CONF_NAME @@ -130,5 +132,5 @@ spec: hostPath: path: /etc/cni/net.d tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" + - key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/cluster/addons/calico-policy-controller/typha-deployment.yaml b/cluster/addons/calico-policy-controller/typha-deployment.yaml new file mode 100644 index 00000000000..fb16b29c1ae --- /dev/null +++ b/cluster/addons/calico-policy-controller/typha-deployment.yaml @@ -0,0 +1,48 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: calico-typha + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile + k8s-app: calico-typha +spec: + replicas: 1 + revisionHistoryLimit: 2 + template: + metadata: + labels: + k8s-app: calico-typha + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + tolerations: + - key: CriticalAddonsOnly + operator: Exists + nodeSelector: + projectcalico.org/ds-ready: "true" + hostNetwork: true + containers: + - image: calico/typha:v0.1.7 + name: calico-typha + ports: + - containerPort: 5473 + name: calico-typha + protocol: TCP + env: + - name: TYPHA_LOGFILEPATH + value: "none" + - name: TYPHA_LOGSEVERITYSYS + value: "none" + - name: TYPHA_LOGSEVERITYSCREEN + value: "info" + - name: TYPHA_PROMETHEUSMETRICSENABLED + value: "true" + - name: TYPHA_PROMETHEUSMETRICSPORT + value: "9093" + - name: TYPHA_DATASTORETYPE + value: "kubernetes" + resources: + requests: + cpu: 1000m diff --git a/cluster/addons/calico-policy-controller/typha-service.yaml b/cluster/addons/calico-policy-controller/typha-service.yaml new file mode 100644 index 00000000000..a1281db2158 --- /dev/null +++ b/cluster/addons/calico-policy-controller/typha-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: calico-typha + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile + k8s-app: calico-typha +spec: + ports: + - port: 5473 + protocol: TCP + targetPort: calico-typha + name: calico-typha + selector: + k8s-app: calico-typha +