Commit graph

87 commits

Author SHA1 Message Date
Shelming.Song
d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml () 2022-09-26 21:57:45 -07:00
Ho Kim
09d9bc910e
Fix typos in calico comments () 2022-09-05 18:46:54 -07:00
lou-lan
133a7a0e1b
Add featureDetectOverride configration of calico () 2022-09-02 04:58:05 -07:00
Cyclinder
2e1863af78
feat: change default blockSize for calico ()
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-07-19 13:05:27 -07:00
Samuel Liu
d821bed2ea
Fix some typo ()
* fix ingress controller task name

* fix calico word

* add check typo
2022-07-11 09:49:48 -07:00
Ilya Margolin
cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path ()
* Allow disabling calico CNI logs with calico_cni_log_file_path

Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size	100	Max file size in MB log files can reach before they are rotated.
log_file_max_age	30	Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count	10	Max number of rotated log files allowed on the host before they are cleaned up.

See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging

To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`

* Fix markdown

* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-06-07 09:22:56 -07:00
Tamas Pasztor
9d3a894991
Possible remove ippools from cni config ()
* Possible remove ippools from cni config

* Typo

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

* Update cni-calico.conflist.j2

Incorrectly deleted calico forwarding content.

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
2022-05-19 23:45:13 -07:00
Samuel Liu
a28b58dbd0
[calico]use ipamconfig instead of calico ipam command ()
* use ipamconfig instead of calico ipam command

* fix ansible lint
2022-05-19 11:13:20 -07:00
Cyclinder
3eb0a4071a
set default value of name to "k8s-pod-network" ()
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2022-05-12 08:29:14 -07:00
Samuel Liu
1294fd5730
check calico ipv6 ()
* check calico ipv6

* just check ipip mode for ipv6
2022-04-29 00:35:13 -07:00
Samuel Liu
424ef3b3f9
[calico] add calico apiserver ()
* [calico] add calico apiserver

* fix yamllint

* remove addext argument

* Configure API server with the CA bundle

* add check kdd
2022-04-08 00:02:42 -07:00
Cristian Calin
dd2d95ecdf
[calico] don't enable ipip encapsulation by default and use vxlan in CI ()
* [calico] make vxlan encapsulation the default

* don't enable ipip encapsulation by default
* set calico_network_backend by default to vxlan
* update sample inventory and documentation

* [CI] pin default calico parameters for upgrade tests to ensure proper upgrade

* [CI] improve netchecker connectivity testing

* [CI] show logs for tests

* [calico] tweak task name

* [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh

* [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check

* service proxy mode still fails connectivity tests so keeping it manual mode

* [kube-router] account for containerd use-case
2022-03-17 18:05:39 -07:00
Toni Tauro
5a49ac52f9
feat(calico): add configurable ipam strictaffinity ()
Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>
2022-03-07 22:58:33 -08:00
kakkotetsu
1ebe456f2d
add support for Calico IP6_AUTODETECTION_METHOD () 2022-02-14 17:26:14 -08:00
Cristian Calin
ef34f5fe7d
[calico] switch default iptables backend detection to Auto () 2022-01-23 23:47:57 -08:00
zhengtianbao
a08d82d94e
calico add support for container ip forwarding setting () 2021-11-12 19:06:46 -08:00
Cristian Calin
a2cf6816ce
Calico wireguard ()
* Calico: add Wireguard support

* CI: Add Calico Wireguard scenario
2021-06-25 03:22:45 -07:00
Cristian Calin
ec0c0d4a28
Calico enable support for eBPF ()
* Calico: align manifests with upstream

* allow enabling typha prometheus metrics

* Calico: enable eBPF support

* manage the kubernetes-services-endpoint configmap

* Calico: document the use of eBPF dataplane

* Calico: improve checks before deployment

* enforce disabling kube-proxy when using eBPF dataplane
* ensure calico_version is supported
2021-06-07 04:58:39 -07:00
efrikin
7db76f8809
Add nodeSelctor for other services and node labels before CNI setup () 2021-05-25 13:40:43 -07:00
Cristian Calin
14cf3e138b
Support Calico advertisement of MetalLB LoadBalancer IPs ()
* add initial MetalLB docs

* metallb allow disabling the deployment of the metallb speaker

* calico>=3.18 allow using calico to advertise service loadbalancer IPs

* Document the use of MetalLB and Calico

* clean MetalLB docs
2021-05-12 05:22:17 -07:00
holmesb
1e7d48846a
Fixes issue - allow configuring CALICO_STARTUP_LOGLEVEL via a new variable: calico_node_startup_loglevel ()
Signed-off-by: Brendan Holmes <5072156+holmesb@users.noreply.github.com>
2021-04-20 15:37:42 -07:00
Fernando
5dbce6a2bd
add support for custom calico port () 2021-03-29 08:38:45 -07:00
Etienne Champetier
3749729d5a
Remove calico-upgrade leftovers ()
This is dead code since 28073c76ac

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 11:24:58 -08:00
Matt Calvert
4cc065e66d Changes to support Dual Stack networking 2021-02-05 00:04:52 -08:00
Andrii
8a153ed38e
Add serviceExternalIPs option for calico installation () 2020-11-25 05:34:39 -08:00
Hans Feldt
6141b98bf8
calico: default to using kdd datastore ()
If already deployed, get current datastore from CNI config file
2020-09-23 08:38:09 -07:00
David Louks
1e79dcfcaa
Added ability to set calico vxlan vni and port. defaults to calico's … ()
* Added ability to set calico vxlan vni and port. defaults to calico's documented defaults.

* Check if calico_network_backend is defined prior to checking value

* Removed calico hidden defaults for vxlan port and vni

* Fixed FELIX_VXLANVNI typo
2020-09-22 01:04:48 -07:00
Florian Ruynat
3ff6a2e7ff
Update default (erroneous) backend value for calico () 2020-04-27 00:03:39 -07:00
Florian Ruynat
1ee3ff738e
Add option to enable usage reports to calico servers () 2020-04-27 00:03:30 -07:00
Florian Ruynat
299e35ebe4
Cleanup unused/erroneous variables () 2020-04-24 01:54:07 -07:00
hfinucane
158d998ec4
Support configuring the Calico iptables insert mode ()
* Support configuring the insert mode

Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration

so nothing should change for existing deployments.

This allows coexistence with other firewall management technologies.

* Add a note to the sample config
2020-03-14 06:36:35 -07:00
Sergey
e60b9f796e
add calico VXLAN mode, update docs and vars in sample inventory ()
* calico VXLAN mode

* check vars if calico backend defined
2020-03-12 01:20:37 -07:00
Chad Swenson
a15a0b5eb9
Make calico iptables lock timeout configurable ()
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
2020-02-19 02:28:25 -08:00
Matthew Mosesohn
b35b816287 Raise typha max connections to 300 ()
Raises limit from 100 to 300 because the default is far too low
and the pod can handle 300 with the given resources.

Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
2020-01-10 00:24:33 -08:00
Etienne Champetier
2c2ffa846c Calico: update to 3.11.1, allow to configure calico_iptables_backend ()
I've tested this update by deploying a containerd / etcd cluster on top CentOS7,
MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-08 02:27:40 -08:00
Matthew Mosesohn
a1fff30bd9 Generate TLS certs for calico typha ()
* Generate TLS certs for calico typha

Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707

* Add group vars note

Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
2019-10-17 07:02:38 -07:00
Sergey
81d57fe658 set calico_datastore default value in role kubespray-default () 2019-10-17 05:58:38 -07:00
Tony Fouchard
f67a24499b Allow to specify feature_control in calico cni config ()
* Allow to specify feature_control in calico cni config

* list length checking

* double check

* remove 2 conditions
2019-06-16 23:14:07 -07:00
grialeyur
82119ca923 Add support calico kubernetes datastore and typha. ()
* Add support calico kubernetes datastore and typha.

* Add typha_enabled to kubespray-defaults.
2019-04-25 05:00:48 -07:00
Matthew Mosesohn
05dc2b3a09 Use K8s 1.14 and add kubeadm experimental control plane mode ()
* Use K8s 1.14 and add kubeadm experimental control plane mode

This reverts commit d39c273d96.

* Cleanup kubeadm setup run on first master

* pin kubeadm_certificate_key in test

* Remove kubelet autolabel of kube-node, add symlink for pki dir

Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
2019-04-19 06:01:54 -07:00
Matthew Mosesohn
d39c273d96 Revert "Use K8s 1.14 and add kubeadm experimental control plane mode ()" ()
This reverts commit 316508626d.
2019-04-11 12:52:43 -07:00
Matthew Mosesohn
316508626d Use K8s 1.14 and add kubeadm experimental control plane mode ()
* Use Kubernetes 1.14 and experimental control plane support

* bump to v1.14.0
2019-04-11 05:30:13 -07:00
Maxime Guyot
353afa7cb0 Fix ipip: false in calico v3 () 2019-04-10 05:50:15 -07:00
Matthew Mosesohn
4fe2aa6bf7 Use install_cni init container for cni copy for calico/canal () 2019-04-02 03:32:36 -07:00
ml
483f1d2ca0 Calico felix - Fix jinja2 boolean condition ()
* Fix jinja2 boolean condition

* Convert all felix variable to booleans instead.
2019-03-29 16:07:09 -07:00
Chad Swenson
8872b2e0c6 Fix calico when kube_override_hostname is set ()
This fixes an issue where the `nodename` in calico's cni config json can fall out of sync with the k8s node name used by the calico pod if `kube_override_hostname` is set
2019-02-13 16:02:48 -08:00
wangxf
a096761306 [PR-Calico]Support calico 3.4.0 ()
* Suport calico 3.4.0

Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com>

* Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips

* scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
2019-01-28 11:03:49 -08:00
Douglas Hellinger
4479cc48fe Introduce calico_upgrade_url var for Calico upgrade tool.
So that binary can be sourced from anywhere - not only github.
2019-01-23 16:19:27 +08:00
Andreas Krüger
d5ce5874e8 Streamline path to certs dir ()
* Streamline path to certs dir

* More fixes

* Set path to etcd certs in kubernetes defaults instead
2018-12-06 23:11:53 -08:00
Joost Cassee
f2635776cd Make Calico Felix log level configurable () 2018-11-28 00:55:01 -08:00