easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update calico 3.0.3

pull/131/head
jmgao 2018-02-28 17:53:26 +08:00
parent 15df0aad41
commit c3af702c7b
3 changed files with 59 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -19,7 +19,7 @@
- kubernetes v1.9.3 - kubernetes v1.9.3
- etcd v3.3.1 - etcd v3.3.1
- docker 17.12.0-ce - docker 17.12.0-ce
- calico/node v2.6.7 - calico/node v3.0.3
- flannel v0.10.0 - flannel v0.10.0
- 附:集群用到的所有二进制文件已打包好供下载 [https://pan.baidu.com/s/1c4RFaA](https://pan.baidu.com/s/1c4RFaA) - 附:集群用到的所有二进制文件已打包好供下载 [https://pan.baidu.com/s/1c4RFaA](https://pan.baidu.com/s/1c4RFaA)
- 注:`Kubernetes v1.8.x` 版本请切换到项目分支 `v1.8`, 若你需要从v1.8 升级至 v1.9,请参考 [升级注意](docs/upgrade.md) - 注:`Kubernetes v1.8.x` 版本请切换到项目分支 `v1.8`, 若你需要从v1.8 升级至 v1.9,请参考 [升级注意](docs/upgrade.md)

4
roles/calico/tasks/main.yml
View File

@ -17,6 +17,10 @@
-config={{ ca_dir }}/ca-config.json \ -config={{ ca_dir }}/ca-config.json \
-profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico" -profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
# 因官方calico.yaml文件中使用特定的证书名所以要重命名
- name: 重命名相关证书
shell: "cd /etc/calico/ssl && cp ca.pem etcd-ca && cp calico.pem etcd-cert && cp calico-key.pem etcd-key"
- name: 准备 calico DaemonSet yaml文件 - name: 准备 calico DaemonSet yaml文件
template: src=calico.yaml.j2 dest=/root/local/kube-system/calico/calico.yaml template: src=calico.yaml.j2 dest=/root/local/kube-system/calico/calico.yaml

91
roles/calico/templates/calico.yaml.j2
View File

@ -1,9 +1,9 @@
# Calico Version v2.6.7 # Calico Version v3.0.3
# https://docs.projectcalico.org/v2.6/releases#v2.6.7 # https://docs.projectcalico.org/v3.0/releases#v3.0.3
# This manifest includes the following component versions: # This manifest includes the following component versions:
# calico/node:v2.6.7 # calico/node:v3.0.3
# calico/cni:v1.11.2 # calico/cni:v2.0.1
# calico/kube-controllers:v1.0.3 # calico/kube-controllers:v2.0.1
# This ConfigMap is used to configure a self-hosted Calico installation. # This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap kind: ConfigMap
@ -13,7 +13,7 @@ metadata:
namespace: kube-system namespace: kube-system
data: data:
# Configure this with the location of your etcd cluster. # Configure this with the location of your etcd cluster.
etcd_endpoints: "{{ ETCD_ENDPOINTS }}" etcd_endpoints: "{{ ETCD_ENDPOINTS }}"
# Configure the Calico backend to use. # Configure the Calico backend to use.
calico_backend: "bird" calico_backend: "bird"
@ -21,31 +21,41 @@ data:
# The CNI network configuration to install on each node. # The CNI network configuration to install on each node.
cni_network_config: |- cni_network_config: |-
{ {
"name": "k8s-pod-network", "name": "k8s-pod-network",
"cniVersion": "0.1.0", "cniVersion": "0.3.0",
"type": "calico", "plugins": [
"etcd_endpoints": "{{ ETCD_ENDPOINTS }}", {
"etcd_key_file": "/etc/calico/ssl/calico-key.pem", "type": "calico",
"etcd_cert_file": "/etc/calico/ssl/calico.pem", "etcd_endpoints": "{{ ETCD_ENDPOINTS }}",
"etcd_ca_cert_file": "/etc/calico/ssl/ca.pem", "etcd_key_file": "/etc/calico/ssl/calico-key.pem",
"log_level": "info", "etcd_cert_file": "/etc/calico/ssl/calico.pem",
"mtu": 1500, "etcd_ca_cert_file": "/etc/calico/ssl/ca.pem",
"ipam": { "log_level": "info",
"type": "calico-ipam" "mtu": 1500,
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "/root/.kube/config"
}
}, },
"policy": { {
"type": "k8s" "type": "portmap",
}, "snat": true,
"kubernetes": { "capabilities": {"portMappings": true}
"kubeconfig": "/root/.kube/config"
} }
]
} }
# If you're using TLS enabled etcd uncomment the following. # If you're using TLS enabled etcd uncomment the following.
# You must also populate the Secret below with these files. # You must also populate the Secret below with these files.
etcd_ca: "/calico-secrets/ca.pem" etcd_ca: "/calico-secrets/etcd-ca"
etcd_cert: "/calico-secrets/calico.pem" etcd_cert: "/calico-secrets/etcd-cert"
etcd_key: "/calico-secrets/calico-key.pem" etcd_key: "/calico-secrets/etcd-key"
--- ---
# This manifest installs the calico/node container, as well # This manifest installs the calico/node container, as well
@ -62,6 +72,10 @@ spec:
selector: selector:
matchLabels: matchLabels:
k8s-app: calico-node k8s-app: calico-node
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template: template:
metadata: metadata:
labels: labels:
@ -82,8 +96,8 @@ spec:
# container programs network policy and routes on each # container programs network policy and routes on each
# host. # host.
- name: calico-node - name: calico-node
#image: quay.io/calico/node:v2.6.7 #image: quay.io/calico/node:v3.0.3
image: calico/node:v2.6.7 image: calico/node:v3.0.3
env: env:
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS
@ -103,6 +117,11 @@ spec:
# Disable file logging so `kubectl logs` works. # Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING - name: CALICO_DISABLE_FILE_LOGGING
value: "true" value: "true"
# Set noderef for node controller.
- name: CALICO_K8S_NODE_REF
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Set Felix endpoint to host default action to ACCEPT. # Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT" value: "ACCEPT"
@ -111,11 +130,6 @@ spec:
value: "{{ CLUSTER_CIDR }}" value: "{{ CLUSTER_CIDR }}"
- name: CALICO_IPV4POOL_IPIP - name: CALICO_IPV4POOL_IPIP
value: "{{ CALICO_IPV4POOL_IPIP }}" value: "{{ CALICO_IPV4POOL_IPIP }}"
# Set noderef for node controller.
- name: CALICO_K8S_NODE_REF
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Disable IPv6 on Kubernetes. # Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT - name: FELIX_IPV6SUPPORT
value: "false" value: "false"
@ -145,7 +159,7 @@ spec:
key: etcd_cert key: etcd_cert
# Auto-detect the BGP IP address. # Auto-detect the BGP IP address.
- name: IP - name: IP
value: "" value: "autodetect"
- name: IP_AUTODETECTION_METHOD - name: IP_AUTODETECTION_METHOD
value: "{{ IP_AUTODETECTION_METHOD }}" value: "{{ IP_AUTODETECTION_METHOD }}"
- name: FELIX_HEALTHENABLED - name: FELIX_HEALTHENABLED
@ -179,10 +193,13 @@ spec:
# This container installs the Calico CNI binaries # This container installs the Calico CNI binaries
# and CNI network config file on each node. # and CNI network config file on each node.
- name: install-cni - name: install-cni
#image: quay.io/calico/cni:v1.11.2 #image: quay.io/calico/cni:v2.0.1
image: calico/cni:v1.11.2 image: calico/cni:v2.0.1
command: ["/install-cni.sh"] command: ["/install-cni.sh"]
env: env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: "10-calico.conflist"
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS
valueFrom: valueFrom:
@ -259,8 +276,8 @@ spec:
serviceAccountName: calico-kube-controllers serviceAccountName: calico-kube-controllers
containers: containers:
- name: calico-kube-controllers - name: calico-kube-controllers
#image: quay.io/calico/kube-controllers:v1.0.3 #image: quay.io/calico/kube-controllers:v2.0.1
image: calico/kube-controllers:v1.0.3 image: calico/kube-controllers:v2.0.1
env: env:
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS