Adding support for canal network plugin
This patch provides support for Canal network plugin installation as a self-hosted app, see the following link for details: https://github.com/tigera/canal/tree/master/k8s-install
This commit is contained in:
parent
6b7b8a2303
commit
309240cd6f
16 changed files with 218 additions and 8 deletions
|
@ -27,6 +27,8 @@
|
||||||
- hosts: kube-master
|
- hosts: kube-master
|
||||||
roles:
|
roles:
|
||||||
- { role: kubernetes/master, tags: master }
|
- { role: kubernetes/master, tags: master }
|
||||||
|
- { role: kubernetes-apps/lib, tags: apps }
|
||||||
|
- { role: kubernetes-apps/network_plugin, tags: network }
|
||||||
|
|
||||||
- hosts: k8s-cluster
|
- hosts: k8s-cluster
|
||||||
roles:
|
roles:
|
||||||
|
@ -34,4 +36,5 @@
|
||||||
|
|
||||||
- hosts: kube-master[0]
|
- hosts: kube-master[0]
|
||||||
roles:
|
roles:
|
||||||
|
- { role: kubernetes-apps/lib, tags: apps }
|
||||||
- { role: kubernetes-apps, tags: apps }
|
- { role: kubernetes-apps, tags: apps }
|
||||||
|
|
|
@ -42,6 +42,8 @@ calicoctl_image_repo: "calico/ctl"
|
||||||
calicoctl_image_tag: "{{ calico_version }}"
|
calicoctl_image_tag: "{{ calico_version }}"
|
||||||
calico_node_image_repo: "calico/node"
|
calico_node_image_repo: "calico/node"
|
||||||
calico_node_image_tag: "{{ calico_version }}"
|
calico_node_image_tag: "{{ calico_version }}"
|
||||||
|
calico_cni_image_repo: "calico/cni"
|
||||||
|
calico_cni_image_tag: "{{ calico_cni_version }}"
|
||||||
hyperkube_image_repo: "quay.io/coreos/hyperkube"
|
hyperkube_image_repo: "quay.io/coreos/hyperkube"
|
||||||
hyperkube_image_tag: "{{ kube_version }}_coreos.0"
|
hyperkube_image_tag: "{{ kube_version }}_coreos.0"
|
||||||
pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
|
pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
|
||||||
|
@ -56,7 +58,7 @@ downloads:
|
||||||
url: "{{ calico_cni_download_url }}"
|
url: "{{ calico_cni_download_url }}"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
enabled: "{{ kube_network_plugin == 'calico' }}"
|
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||||
calico_cni_plugin_ipam:
|
calico_cni_plugin_ipam:
|
||||||
dest: calico/bin/calico-ipam
|
dest: calico/bin/calico-ipam
|
||||||
version: "{{calico_cni_version}}"
|
version: "{{calico_cni_version}}"
|
||||||
|
@ -95,22 +97,27 @@ downloads:
|
||||||
container: true
|
container: true
|
||||||
repo: "{{ flannel_image_repo }}"
|
repo: "{{ flannel_image_repo }}"
|
||||||
tag: "{{ flannel_image_tag }}"
|
tag: "{{ flannel_image_tag }}"
|
||||||
enabled: "{{ kube_network_plugin == 'flannel' }}"
|
enabled: "{{ kube_network_plugin == 'flannel' or kube_network_plugin == 'canal' }}"
|
||||||
flannel_server_helper:
|
flannel_server_helper:
|
||||||
container: true
|
container: true
|
||||||
repo: "{{ flannel_server_helper_image_repo }}"
|
repo: "{{ flannel_server_helper_image_repo }}"
|
||||||
tag: "{{ flannel_server_helper_image_tag }}"
|
tag: "{{ flannel_server_helper_image_tag }}"
|
||||||
enabled: "{{ kube_network_plugin == 'flannel' }}"
|
enabled: "{{ kube_network_plugin == 'flannel' or kube_network_plugin == 'canal' }}"
|
||||||
calicoctl:
|
calicoctl:
|
||||||
container: true
|
container: true
|
||||||
repo: "{{ calicoctl_image_repo }}"
|
repo: "{{ calicoctl_image_repo }}"
|
||||||
tag: "{{ calicoctl_image_tag }}"
|
tag: "{{ calicoctl_image_tag }}"
|
||||||
enabled: "{{ kube_network_plugin == 'calico' }}"
|
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||||
calico_node:
|
calico_node:
|
||||||
container: true
|
container: true
|
||||||
repo: "{{ calico_node_image_repo }}"
|
repo: "{{ calico_node_image_repo }}"
|
||||||
tag: "{{ calico_node_image_tag }}"
|
tag: "{{ calico_node_image_tag }}"
|
||||||
enabled: "{{ kube_network_plugin == 'calico' }}"
|
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||||
|
calico_cni:
|
||||||
|
container: true
|
||||||
|
repo: "{{ calico_cni_image_repo }}"
|
||||||
|
tag: "{{ calico_cni_image_tag }}"
|
||||||
|
enabled: "{{ kube_network_plugin == 'canal' }}"
|
||||||
pod_infra:
|
pod_infra:
|
||||||
container: true
|
container: true
|
||||||
repo: "{{ pod_infra_image_repo }}"
|
repo: "{{ pod_infra_image_repo }}"
|
||||||
|
|
|
@ -18,6 +18,5 @@
|
||||||
with_items: "{{ manifests.results }}"
|
with_items: "{{ manifests.results }}"
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
|
|
||||||
- include: tasks/calico-policy-controller.yml
|
- include: tasks/calico-policy-controller.yml
|
||||||
when: enable_network_policy is defined and enable_network_policy == True
|
when: enable_network_policy is defined and enable_network_policy == True
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
- name: Start flannel and calico-node
|
||||||
|
run_once: true
|
||||||
|
kube:
|
||||||
|
name: "canal-node"
|
||||||
|
kubectl: "{{bin_dir}}/kubectl"
|
||||||
|
filename: "/etc/kubernetes/canal-node.yaml"
|
||||||
|
resource: "ds"
|
||||||
|
namespace: "kube-system"
|
4
roles/kubernetes-apps/network_plugin/meta/main.yml
Normal file
4
roles/kubernetes-apps/network_plugin/meta/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: kubernetes-apps/network_plugin/canal
|
||||||
|
when: kube_network_plugin == 'canal'
|
|
@ -11,6 +11,13 @@
|
||||||
owner: kube
|
owner: kube
|
||||||
when: kube_network_plugin == "calico"
|
when: kube_network_plugin == "calico"
|
||||||
|
|
||||||
|
- name: Write Canal cni config
|
||||||
|
template:
|
||||||
|
src: "cni-canal.conf.j2"
|
||||||
|
dest: "/etc/cni/net.d/10-canal.conf"
|
||||||
|
owner: kube
|
||||||
|
when: kube_network_plugin == "canal"
|
||||||
|
|
||||||
- name: Write kubelet config file
|
- name: Write kubelet config file
|
||||||
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
|
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
|
||||||
notify:
|
notify:
|
||||||
|
|
17
roles/kubernetes/node/templates/cni-canal.conf.j2
Normal file
17
roles/kubernetes/node/templates/cni-canal.conf.j2
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{
|
||||||
|
"name": "canal-k8s-network",
|
||||||
|
"type": "flannel",
|
||||||
|
"delegate": {
|
||||||
|
"type": "calico",
|
||||||
|
"etcd_endpoints": "{{ etcd_access_endpoint }}",
|
||||||
|
"log_level": "info",
|
||||||
|
{% if enable_network_policy is defined and enable_network_policy == True %}
|
||||||
|
"policy": {
|
||||||
|
"type": "k8s"
|
||||||
|
},
|
||||||
|
{% endif %}
|
||||||
|
"kubernetes": {
|
||||||
|
"kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -26,7 +26,7 @@ KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} -
|
||||||
{% else %}
|
{% else %}
|
||||||
KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
|
KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave"] %}
|
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave", "canal"] %}
|
||||||
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
|
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
|
||||||
{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
|
{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
|
||||||
DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
|
DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
|
||||||
|
|
|
@ -74,7 +74,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "/etc/cni/net.d"
|
- "/etc/cni/net.d"
|
||||||
- "/opt/cni/bin"
|
- "/opt/cni/bin"
|
||||||
when: kube_network_plugin in ["calico", "weave"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
||||||
|
|
||||||
- name: Update package management cache (YUM)
|
- name: Update package management cache (YUM)
|
||||||
yum: update_cache=yes name='*'
|
yum: update_cache=yes name='*'
|
||||||
|
|
11
roles/network_plugin/canal/defaults/main.yml
Normal file
11
roles/network_plugin/canal/defaults/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# The interface used by canal for host <-> host communication.
|
||||||
|
# If left blank, then the interface is chosing using the node's
|
||||||
|
# default route.
|
||||||
|
canal_iface: ""
|
||||||
|
|
||||||
|
# Whether or not to masquerade traffic to destinations not within
|
||||||
|
# the pod network.
|
||||||
|
canal_masquerade: "true"
|
||||||
|
|
||||||
|
# Log-level
|
||||||
|
canal_log_level: "info"
|
12
roles/network_plugin/canal/meta/main.yml
Normal file
12
roles/network_plugin/canal/meta/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.flannel_server_helper }}"
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.flannel }}"
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.calico_node }}"
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.calicoctl }}"
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.calico_cni }}"
|
27
roles/network_plugin/canal/tasks/main.yml
Normal file
27
roles/network_plugin/canal/tasks/main.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: Canal | Write flannel configuration
|
||||||
|
template:
|
||||||
|
src: network.json.j2
|
||||||
|
dest: /etc/flannel-network.json
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
- name: Canal | Write canal configuration
|
||||||
|
template:
|
||||||
|
src: canal-node.yml.j2
|
||||||
|
dest: /etc/kubernetes/canal-node.yaml
|
||||||
|
|
||||||
|
- name: Canal | Copy cni plugins from hyperkube
|
||||||
|
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
|
||||||
|
register: cni_task_result
|
||||||
|
until: cni_task_result.rc == 0
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Canal | Copy cni plugins from calico/cni
|
||||||
|
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
|
||||||
|
register: cni_task_result
|
||||||
|
until: cni_task_result.rc == 0
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
|
changed_when: false
|
112
roles/network_plugin/canal/templates/canal-node.yml.j2
Normal file
112
roles/network_plugin/canal/templates/canal-node.yml.j2
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
---
|
||||||
|
kind: DaemonSet
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: canal-node
|
||||||
|
labels:
|
||||||
|
k8s-app: canal-node
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: canal-node
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
|
||||||
|
labels:
|
||||||
|
k8s-app: canal-node
|
||||||
|
spec:
|
||||||
|
hostNetwork: true
|
||||||
|
volumes:
|
||||||
|
# Used by flannel-server-helper
|
||||||
|
- name: "networkconfig"
|
||||||
|
hostPath:
|
||||||
|
path: "/etc/flannel-network.json"
|
||||||
|
# Used by calico/node.
|
||||||
|
- name: lib-modules
|
||||||
|
hostPath:
|
||||||
|
path: /lib/modules
|
||||||
|
- name: var-run-calico
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/calico
|
||||||
|
# Used to install CNI.
|
||||||
|
- name: cni-bin-dir
|
||||||
|
hostPath:
|
||||||
|
path: /opt/cni/bin
|
||||||
|
- name: cni-net-dir
|
||||||
|
hostPath:
|
||||||
|
path: /etc/cni/net.d
|
||||||
|
# Used by flannel daemon.
|
||||||
|
- name: run-flannel
|
||||||
|
hostPath:
|
||||||
|
path: /run/flannel
|
||||||
|
- name: resolv
|
||||||
|
hostPath:
|
||||||
|
path: /etc/resolv.conf
|
||||||
|
containers:
|
||||||
|
- name: "flannel-server-helper"
|
||||||
|
image: "{{ flannel_server_helper_image_repo }}:{{ flannel_server_helper_image_tag }}"
|
||||||
|
args:
|
||||||
|
- "--network-config=/etc/flannel-network.json"
|
||||||
|
- "--etcd-prefix=/{{ cluster_name }}/network"
|
||||||
|
- "--etcd-server={{ etcd_endpoint }}"
|
||||||
|
volumeMounts:
|
||||||
|
- name: "networkconfig"
|
||||||
|
mountPath: "/etc/flannel-network.json"
|
||||||
|
imagePullPolicy: "Always"
|
||||||
|
# Runs the flannel daemon to enable vxlan networking between
|
||||||
|
# container hosts.
|
||||||
|
- name: flannel
|
||||||
|
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
|
||||||
|
env:
|
||||||
|
# The location of the etcd cluster.
|
||||||
|
- name: FLANNELD_ETCD_ENDPOINTS
|
||||||
|
value: "{{ etcd_access_endpoint }}"
|
||||||
|
# The interface flannel should run on.
|
||||||
|
- name: FLANNELD_IFACE
|
||||||
|
value: "{{ canal_iface }}"
|
||||||
|
# Perform masquerade on traffic leaving the pod cidr.
|
||||||
|
- name: FLANNELD_IP_MASQ
|
||||||
|
value: "{{ canal_masquerade }}"
|
||||||
|
# Write the subnet.env file to the mounted directory.
|
||||||
|
- name: FLANNELD_SUBNET_FILE
|
||||||
|
value: "/run/flannel/subnet.env"
|
||||||
|
command:
|
||||||
|
- "/bin/sh"
|
||||||
|
- "-c"
|
||||||
|
- "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network {% if canal_iface %}-iface {{ canal_iface }}{% endif %}"
|
||||||
|
ports:
|
||||||
|
- hostPort: 10253
|
||||||
|
containerPort: 10253
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
volumeMounts:
|
||||||
|
- name: "resolv"
|
||||||
|
mountPath: "/etc/resolv.conf"
|
||||||
|
- name: "run-flannel"
|
||||||
|
mountPath: "/run/flannel"
|
||||||
|
# Runs calico/node container on each Kubernetes node. This
|
||||||
|
# container programs network policy and local routes on each
|
||||||
|
# host.
|
||||||
|
- name: calico-node
|
||||||
|
image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
|
||||||
|
env:
|
||||||
|
# The location of the etcd cluster.
|
||||||
|
- name: ETCD_ENDPOINTS
|
||||||
|
value: "{{ etcd_access_endpoint }}"
|
||||||
|
# Disable Calico BGP. Calico is simply enforcing policy.
|
||||||
|
- name: CALICO_NETWORKING
|
||||||
|
value: "false"
|
||||||
|
# Disable file logging so `kubectl logs` works.
|
||||||
|
- name: CALICO_DISABLE_FILE_LOGGING
|
||||||
|
value: "true"
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /lib/modules
|
||||||
|
name: lib-modules
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /var/run/calico
|
||||||
|
name: var-run-calico
|
||||||
|
readOnly: false
|
1
roles/network_plugin/canal/templates/network.json.j2
Normal file
1
roles/network_plugin/canal/templates/network.json.j2
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }
|
|
@ -6,3 +6,5 @@ dependencies:
|
||||||
when: kube_network_plugin == 'flannel'
|
when: kube_network_plugin == 'flannel'
|
||||||
- role: network_plugin/weave
|
- role: network_plugin/weave
|
||||||
when: kube_network_plugin == 'weave'
|
when: kube_network_plugin == 'weave'
|
||||||
|
- role: network_plugin/canal
|
||||||
|
when: kube_network_plugin == 'canal'
|
||||||
|
|
Loading…
Reference in a new issue