External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-18 11:40:10 -03:30
Code Issues Packages Projects Releases Wiki Activity

Adding support for canal network plugin

Browse Source 
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:

https://github.com/tigera/canal/tree/master/k8s-install
This commit is contained in:
Aleksandr Didenko
2016-11-03 16:57:11 +01:00
parent 6b7b8a2303
commit 309240cd6f
16 changed files with 218 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/network_plugin/canal/defaults/main.yml Normal file
View File

@@ -0,0 +1,11 @@
# The interface used by canal for host <-> host communication.
# If left blank, then the interface is chosing using the node's
# default route.
canal_iface: ""
# Whether or not to masquerade traffic to destinations not within
# the pod network.
canal_masquerade: "true"
# Log-level
canal_log_level: "info"

12
roles/network_plugin/canal/meta/main.yml Normal file
View File

@@ -0,0 +1,12 @@
---
dependencies:
- role: download
file: "{{ downloads.flannel_server_helper }}"
- role: download
file: "{{ downloads.flannel }}"
- role: download
file: "{{ downloads.calico_node }}"
- role: download
file: "{{ downloads.calicoctl }}"
- role: download
file: "{{ downloads.calico_cni }}"

27
roles/network_plugin/canal/tasks/main.yml Normal file
View File

@@ -0,0 +1,27 @@
---
- name: Canal | Write flannel configuration
template:
src: network.json.j2
dest: /etc/flannel-network.json
backup: yes
- name: Canal | Write canal configuration
template:
src: canal-node.yml.j2
dest: /etc/kubernetes/canal-node.yaml
- name: Canal | Copy cni plugins from hyperkube
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
register: cni_task_result
until: cni_task_result.rc == 0
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
- name: Canal | Copy cni plugins from calico/cni
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
register: cni_task_result
until: cni_task_result.rc == 0
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false

112
roles/network_plugin/canal/templates/canal-node.yml.j2 Normal file
View File

@@ -0,0 +1,112 @@
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: canal-node
labels:
k8s-app: canal-node
spec:
selector:
matchLabels:
k8s-app: canal-node
template:
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
labels:
k8s-app: canal-node
spec:
hostNetwork: true
volumes:
# Used by flannel-server-helper
- name: "networkconfig"
hostPath:
path: "/etc/flannel-network.json"
# Used by calico/node.
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run-calico
hostPath:
path: /var/run/calico
# Used to install CNI.
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
# Used by flannel daemon.
- name: run-flannel
hostPath:
path: /run/flannel
- name: resolv
hostPath:
path: /etc/resolv.conf
containers:
- name: "flannel-server-helper"
image: "{{ flannel_server_helper_image_repo }}:{{ flannel_server_helper_image_tag }}"
args:
- "--network-config=/etc/flannel-network.json"
- "--etcd-prefix=/{{ cluster_name }}/network"
- "--etcd-server={{ etcd_endpoint }}"
volumeMounts:
- name: "networkconfig"
mountPath: "/etc/flannel-network.json"
imagePullPolicy: "Always"
# Runs the flannel daemon to enable vxlan networking between
# container hosts.
- name: flannel
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
env:
# The location of the etcd cluster.
- name: FLANNELD_ETCD_ENDPOINTS
value: "{{ etcd_access_endpoint }}"
# The interface flannel should run on.
- name: FLANNELD_IFACE
value: "{{ canal_iface }}"
# Perform masquerade on traffic leaving the pod cidr.
- name: FLANNELD_IP_MASQ
value: "{{ canal_masquerade }}"
# Write the subnet.env file to the mounted directory.
- name: FLANNELD_SUBNET_FILE
value: "/run/flannel/subnet.env"
command:
- "/bin/sh"
- "-c"
- "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network {% if canal_iface %}-iface {{ canal_iface }}{% endif %}"
ports:
- hostPort: 10253
containerPort: 10253
securityContext:
privileged: true
volumeMounts:
- name: "resolv"
mountPath: "/etc/resolv.conf"
- name: "run-flannel"
mountPath: "/run/flannel"
# Runs calico/node container on each Kubernetes node. This
# container programs network policy and local routes on each
# host.
- name: calico-node
image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
env:
# The location of the etcd cluster.
- name: ETCD_ENDPOINTS
value: "{{ etcd_access_endpoint }}"
# Disable Calico BGP. Calico is simply enforcing policy.
- name: CALICO_NETWORKING
value: "false"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
securityContext:
privileged: true
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /var/run/calico
name: var-run-calico
readOnly: false

1
roles/network_plugin/canal/templates/network.json.j2 Normal file
View File

@@ -0,0 +1 @@
{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }

2
roles/network_plugin/meta/main.yml
View File

@@ -6,3 +6,5 @@ dependencies:
when: kube_network_plugin == 'flannel'
- role: network_plugin/weave
when: kube_network_plugin == 'weave'
- role: network_plugin/canal
when: kube_network_plugin == 'canal'