[PR-Calico]Support calico 3.4.0 (#4102)
* Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12pull/4131/head
parent
d790ec96d8
commit
a096761306
|
@ -18,3 +18,6 @@
|
||||||
# not be specified in calico CNI config, so Calico will use built-in
|
# not be specified in calico CNI config, so Calico will use built-in
|
||||||
# defaults. The value should be a number, not a string.
|
# defaults. The value should be a number, not a string.
|
||||||
# calico_mtu: 1500
|
# calico_mtu: 1500
|
||||||
|
|
||||||
|
# Advertise Cluster IPs
|
||||||
|
# calico_advertise_cluster_ips: true
|
||||||
|
|
|
@ -44,10 +44,10 @@ kube_image_repo: "gcr.io/google-containers"
|
||||||
|
|
||||||
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
||||||
# after migration to container download
|
# after migration to container download
|
||||||
calico_version: "v3.1.3"
|
calico_version: "v3.4.0"
|
||||||
calico_ctl_version: "v3.1.3"
|
calico_ctl_version: "v3.4.0"
|
||||||
calico_cni_version: "v3.1.3"
|
calico_cni_version: "v3.4.0"
|
||||||
calico_policy_version: "v3.1.3"
|
calico_policy_version: "v3.4.0"
|
||||||
calico_rr_version: "v0.6.1"
|
calico_rr_version: "v0.6.1"
|
||||||
|
|
||||||
flannel_version: "v0.10.0"
|
flannel_version: "v0.10.0"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: apps/v1beta2
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-kube-controllers
|
name: calico-kube-controllers
|
||||||
|
@ -9,7 +9,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
strategy:
|
strategy:
|
||||||
type: RollingUpdate
|
type: Recreate
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
||||||
|
@ -22,11 +22,15 @@ spec:
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
||||||
k8s-app: calico-kube-controllers
|
k8s-app: calico-kube-controllers
|
||||||
spec:
|
spec:
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
serviceAccountName: calico-kube-controllers
|
serviceAccountName: calico-kube-controllers
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- key: CriticalAddonsOnly
|
||||||
operator: Exists
|
operator: Exists
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
{% if kube_version is version('v1.11.1', '>=') %}
|
{% if kube_version is version('v1.11.1', '>=') %}
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -50,6 +54,13 @@ spec:
|
||||||
value: "{{ calico_cert_dir }}/cert.crt"
|
value: "{{ calico_cert_dir }}/cert.crt"
|
||||||
- name: ETCD_KEY_FILE
|
- name: ETCD_KEY_FILE
|
||||||
value: "{{ calico_cert_dir }}/key.pem"
|
value: "{{ calico_cert_dir }}/key.pem"
|
||||||
|
{% if calico_version is version('v3.3.0', '>=') %}
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /usr/bin/check-status
|
||||||
|
- -r
|
||||||
|
{% endif %}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: {{ calico_cert_dir }}
|
- mountPath: {{ calico_cert_dir }}
|
||||||
name: etcd-certs
|
name: etcd-certs
|
||||||
|
|
|
@ -99,7 +99,9 @@
|
||||||
dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: yes
|
||||||
when: kube_network_plugin in ['calico','canal']
|
when:
|
||||||
|
- kube_network_plugin in ['calico','canal']
|
||||||
|
- calico_version is version('v3.3.0', '<')
|
||||||
|
|
||||||
# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
|
# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
|
||||||
# is fixed
|
# is fixed
|
||||||
|
|
|
@ -32,7 +32,7 @@ calico_node_cpu_requests: 150m
|
||||||
calicoctl_memory_limit: 170M
|
calicoctl_memory_limit: 170M
|
||||||
calicoctl_cpu_limit: 100m
|
calicoctl_cpu_limit: 100m
|
||||||
calicoctl_memory_requests: 32M
|
calicoctl_memory_requests: 32M
|
||||||
calicoctl_cpu_requests: 50m
|
calicoctl_cpu_requests: 250m
|
||||||
|
|
||||||
# Enable Prometheus Metrics endpoint for felix
|
# Enable Prometheus Metrics endpoint for felix
|
||||||
calico_felix_prometheusmetricsenabled: "false"
|
calico_felix_prometheusmetricsenabled: "false"
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: Calico | Write Calico cni config
|
- name: Calico | Write Calico cni config
|
||||||
template:
|
template:
|
||||||
src: "cni-calico.conflist.j2"
|
src: "cni-calico.conflist.j2"
|
||||||
dest: "/etc/cni/net.d/10-calico.conflist"
|
dest: "/etc/cni/net.d/{% if calico_version is version('v3.3.0', '>=') %}calico.conflist.template{% else %}10-calico.conflist{% endif %}"
|
||||||
owner: kube
|
owner: kube
|
||||||
|
|
||||||
- name: Calico | Create calico certs directory
|
- name: Calico | Create calico certs directory
|
||||||
|
|
|
@ -9,8 +9,21 @@ rules:
|
||||||
resources:
|
resources:
|
||||||
- pods
|
- pods
|
||||||
- nodes
|
- nodes
|
||||||
|
- namespaces
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- endpoints
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- watch
|
||||||
|
- list
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- nodes/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- policy
|
- policy
|
||||||
resourceNames:
|
resourceNames:
|
||||||
|
|
|
@ -31,14 +31,62 @@ spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
serviceAccountName: calico-node
|
serviceAccountName: calico-node
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- effect: NoExecute
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
|
# Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
|
||||||
- key: CriticalAddonsOnly
|
- key: CriticalAddonsOnly
|
||||||
operator: "Exists"
|
operator: "Exists"
|
||||||
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
|
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
|
||||||
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
|
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
|
||||||
terminationGracePeriodSeconds: 0
|
terminationGracePeriodSeconds: 0
|
||||||
|
{% if calico_version is version('v3.4.0', '>=') %}
|
||||||
|
initContainers:
|
||||||
|
# This container installs the Calico CNI binaries
|
||||||
|
# and CNI network config file on each node.
|
||||||
|
- name: install-cni
|
||||||
|
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
|
||||||
|
command: ["/install-cni.sh"]
|
||||||
|
env:
|
||||||
|
# Name of the CNI config file to create.
|
||||||
|
- name: CNI_CONF_NAME
|
||||||
|
value: "10-calico.conflist"
|
||||||
|
# CNI binaries are already on the host
|
||||||
|
- name: UPDATE_CNI_BINARIES
|
||||||
|
value: "false"
|
||||||
|
# The CNI network config to install on each node.
|
||||||
|
- name: CNI_NETWORK_CONFIG_FILE
|
||||||
|
value: "/host/etc/cni/net.d/calico.conflist.template"
|
||||||
|
# Prevents the container from sleeping forever.
|
||||||
|
- name: SLEEP
|
||||||
|
value: "false"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /host/etc/cni/net.d
|
||||||
|
name: cni-net-dir
|
||||||
|
{% endif %}
|
||||||
containers:
|
containers:
|
||||||
|
{% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
|
||||||
|
- name: install-cni
|
||||||
|
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
|
||||||
|
command: ["/install-cni.sh"]
|
||||||
|
env:
|
||||||
|
# Name of the CNI config file to create.
|
||||||
|
- name: CNI_CONF_NAME
|
||||||
|
value: "10-calico.conflist"
|
||||||
|
# CNI binaries are already on the host
|
||||||
|
- name: UPDATE_CNI_BINARIES
|
||||||
|
value: "false"
|
||||||
|
# The CNI network config to install on each node.
|
||||||
|
- name: CNI_NETWORK_CONFIG_FILE
|
||||||
|
value: "/host/etc/cni/net.d/calico.conflist.template"
|
||||||
|
# Prevents the container from sleeping forever.
|
||||||
|
- name: SLEEP
|
||||||
|
value: "false"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /host/etc/cni/net.d
|
||||||
|
name: cni-net-dir
|
||||||
|
{% endif %}
|
||||||
# Runs calico/node container on each Kubernetes node. This
|
# Runs calico/node container on each Kubernetes node. This
|
||||||
# container programs network policy and routes on each
|
# container programs network policy and routes on each
|
||||||
# host.
|
# host.
|
||||||
|
@ -107,6 +155,10 @@ spec:
|
||||||
value: "{{ calico_felix_prometheusgometricsenabled }}"
|
value: "{{ calico_felix_prometheusgometricsenabled }}"
|
||||||
- name: FELIX_PROMETHEUSPROCESSMETRICSENABLED
|
- name: FELIX_PROMETHEUSPROCESSMETRICSENABLED
|
||||||
value: "{{ calico_felix_prometheusprocessmetricsenabled }}"
|
value: "{{ calico_felix_prometheusprocessmetricsenabled }}"
|
||||||
|
{% if calico_version is version('v3.4.0', '>=') and calico_advertise_cluster_ips|default(false) %}
|
||||||
|
- name: CALICO_ADVERTISE_CLUSTER_IPS
|
||||||
|
value: "{{ kube_service_addresses }}"
|
||||||
|
{% endif %}
|
||||||
# Location of the CA certificate for etcd.
|
# Location of the CA certificate for etcd.
|
||||||
- name: ETCD_CA_CERT_FILE
|
- name: ETCD_CA_CERT_FILE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
@ -162,10 +214,18 @@ spec:
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 10
|
||||||
failureThreshold: 6
|
failureThreshold: 6
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
|
{% if calico_version is version('v3.3.0', '<') %}
|
||||||
httpGet:
|
httpGet:
|
||||||
host: 127.0.0.1
|
host: 127.0.0.1
|
||||||
path: /readiness
|
path: /readiness
|
||||||
port: 9099
|
port: 9099
|
||||||
|
{% else %}
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /bin/calico-node
|
||||||
|
- -bird-ready
|
||||||
|
- -felix-ready
|
||||||
|
{% endif %}
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
|
@ -193,9 +253,6 @@ spec:
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/lib/calico
|
path: /var/lib/calico
|
||||||
# Used to install CNI.
|
# Used to install CNI.
|
||||||
- name: cni-bin-dir
|
|
||||||
hostPath:
|
|
||||||
path: /opt/cni/bin
|
|
||||||
- name: cni-net-dir
|
- name: cni-net-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/cni/net.d
|
path: /etc/cni/net.d
|
||||||
|
|
|
@ -10,9 +10,9 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
"type": "calico",
|
"type": "calico",
|
||||||
"etcd_endpoints": "{{ etcd_access_addresses }}",
|
"etcd_endpoints": "{{ etcd_access_addresses }}",
|
||||||
"etcd_cert_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem",
|
"etcd_cert_file": "{{ calico_cert_dir }}/cert.crt",
|
||||||
"etcd_key_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem",
|
"etcd_key_file": "{{ calico_cert_dir }}/key.pem",
|
||||||
"etcd_ca_cert_file": "{{ etcd_cert_dir }}/ca.pem",
|
"etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt",
|
||||||
"log_level": "info",
|
"log_level": "info",
|
||||||
"ipam": {
|
"ipam": {
|
||||||
"type": "calico-ipam",
|
"type": "calico-ipam",
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
"mtu": {{ calico_mtu }},
|
"mtu": {{ calico_mtu }},
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
"kubernetes": {
|
"kubernetes": {
|
||||||
"kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
"kubeconfig": "{% if calico_version is version('v3.3.0', '>=') %}__KUBECONFIG_FILEPATH__{% else %}{{ kube_config_dir }}/node-kubeconfig.yaml{% endif %}"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: Canal | Write Canal cni config
|
- name: Canal | Write Canal cni config
|
||||||
template:
|
template:
|
||||||
src: "cni-canal.conflist.j2"
|
src: "cni-canal.conflist.j2"
|
||||||
dest: "/etc/cni/net.d/10-canal.conflist"
|
dest: "/etc/cni/net.d/{% if calico_version is version('v3.3.0', '>=') %}canal.conflist.template{% else %}10-canal.conflist{% endif %}"
|
||||||
owner: kube
|
owner: kube
|
||||||
|
|
||||||
- name: Canal | Create canal certs directory
|
- name: Canal | Create canal certs directory
|
||||||
|
|
|
@ -57,7 +57,49 @@ spec:
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /run/xtables.lock
|
path: /run/xtables.lock
|
||||||
type: FileOrCreate
|
type: FileOrCreate
|
||||||
|
{% if calico_version is version('v3.4.0', '>=') %}
|
||||||
|
initContainers:
|
||||||
|
# This container installs the Calico CNI binaries
|
||||||
|
# and CNI network config file on each node.
|
||||||
|
- name: install-cni
|
||||||
|
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
|
||||||
|
command: ["/install-cni.sh"]
|
||||||
|
env:
|
||||||
|
# Name of the CNI config file to create.
|
||||||
|
- name: CNI_CONF_NAME
|
||||||
|
value: "10-canal.conflist"
|
||||||
|
# CNI binaries are already on the host
|
||||||
|
- name: UPDATE_CNI_BINARIES
|
||||||
|
value: "false"
|
||||||
|
# The CNI network config to install on each node.
|
||||||
|
- name: CNI_NETWORK_CONFIG_FILE
|
||||||
|
value: "/host/etc/cni/net.d/canal.conflist.template"
|
||||||
|
# Prevents the container from sleeping forever.
|
||||||
|
- name: SLEEP
|
||||||
|
value: "false"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /host/etc/cni/net.d
|
||||||
|
name: cni-net-dir
|
||||||
|
{% endif %}
|
||||||
containers:
|
containers:
|
||||||
|
{% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
|
||||||
|
- name: install-cni
|
||||||
|
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
|
||||||
|
command: ["/install-cni.sh"]
|
||||||
|
env:
|
||||||
|
# Name of the CNI config file to create.
|
||||||
|
- name: CNI_CONF_NAME
|
||||||
|
value: "10-canal.conflist"
|
||||||
|
# CNI binaries are already on the host
|
||||||
|
- name: UPDATE_CNI_BINARIES
|
||||||
|
value: "false"
|
||||||
|
# The CNI network config to install on each node.
|
||||||
|
- name: CNI_NETWORK_CONFIG_FILE
|
||||||
|
value: "/host/etc/cni/net.d/canal.conflist.template"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /host/etc/cni/net.d
|
||||||
|
name: cni-net-dir
|
||||||
|
{% endif %}
|
||||||
# Runs the flannel daemon to enable vxlan networking between
|
# Runs the flannel daemon to enable vxlan networking between
|
||||||
# container hosts.
|
# container hosts.
|
||||||
- name: flannel
|
- name: flannel
|
||||||
|
@ -209,9 +251,17 @@ spec:
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 10
|
||||||
failureThreshold: 6
|
failureThreshold: 6
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
|
{% if calico_version is version('v3.3.0', '<')%}
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /readiness
|
path: /readiness
|
||||||
port: 9099
|
port: 9099
|
||||||
|
{% else %}
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /bin/calico-node
|
||||||
|
- -bird-ready
|
||||||
|
- -felix-ready
|
||||||
|
{% endif %}
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
"type": "k8s"
|
"type": "k8s"
|
||||||
},
|
},
|
||||||
"kubernetes": {
|
"kubernetes": {
|
||||||
"kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
"kubeconfig": "{% if calico_version is version('v3.3.0', '>=') %}__KUBECONFIG_FILEPATH__{% else %}{{ kube_config_dir }}/node-kubeconfig.yaml{% endif %}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue