C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use CNI to assign kube_pods_subnet for calico

Browse source 
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
This commit is contained in:
Matthew Mosesohn 2018-02-21 18:16:32 +03:00
parent bfe196236f
commit 87f33a4644
4 changed files with 6 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/etcd/defaults/main.yml
View file

@ -32,7 +32,7 @@ etcd_memory_limit: "{% if ansible_memtotal_mb < 4096 %}512M{% else %}0{% endif %
etcd_blkio_weight: 1000 etcd_blkio_weight: 1000
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}" etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) | union(groups.get('vault', [])) }}"
etcd_compaction_retention: "8" etcd_compaction_retention: "8"

3
roles/network_plugin/calico/defaults/main.yml
View file

@ -16,9 +16,6 @@ etcd_cert_dir: /etc/ssl/etcd/ssl
# Global as_num (/calico/bgp/v1/global/as_num) # Global as_num (/calico/bgp/v1/global/as_num)
global_as_num: "64512" global_as_num: "64512"
# Set to true if you need to configure multiple pools (this is not common)
calico_ignore_extra_pools: false
# You can set MTU value here. If left undefined or empty, it will # You can set MTU value here. If left undefined or empty, it will
# not be specified in calico CNI config, so Calico will use built-in # not be specified in calico CNI config, so Calico will use built-in
# defaults. The value should be a number, not a string. # defaults. The value should be a number, not a string.

8
roles/network_plugin/calico/tasks/main.yml
View file

@ -138,14 +138,6 @@
calico_pools: "{{ calico_pools_raw.stdout | from_json }}" calico_pools: "{{ calico_pools_raw.stdout | from_json }}"
run_once: true run_once: true
- name: Calico | Check if calico pool is properly configured
fail:
msg: 'Only one network pool must be configured and it must be the subnet {{ kube_pods_subnet }}.
Please erase calico configuration and run the playbook again ("etcdctl rm --recursive /calico/v1/ipam/v4/pool")'
when: ( calico_pools['node']['nodes'] | length > 1 and not calico_ignore_extra_pools ) or
( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
run_once: true
- name: Calico | Set global as_num - name: Calico | Set global as_num
command: "{{ bin_dir}}/calicoctl config set asNumber {{ global_as_num }}" command: "{{ bin_dir}}/calicoctl config set asNumber {{ global_as_num }}"
run_once: true run_once: true

8
roles/network_plugin/calico/templates/cni-calico.conflist.j2
View file

@ -15,16 +15,18 @@
"etcd_ca_cert_file": "{{ etcd_cert_dir }}/ca.pem", "etcd_ca_cert_file": "{{ etcd_cert_dir }}/ca.pem",
"log_level": "info", "log_level": "info",
"ipam": { "ipam": {
"type": "calico-ipam" "type": "calico-ipam",
"assign_ipv4": "true",
"ipv4_pools": ["{{ kube_pods_subnet }}"]
}, },
{% if enable_network_policy %} {% if enable_network_policy %}
"policy": { "policy": {
"type": "k8s" "type": "k8s"
}, },
{% endif %} {%- endif %}
{% if calico_mtu is defined and calico_mtu is number %} {% if calico_mtu is defined and calico_mtu is number %}
"mtu": {{ calico_mtu }}, "mtu": {{ calico_mtu }},
{% endif %} {%- endif %}
"kubernetes": { "kubernetes": {
"kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml" "kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml"
} }