github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/calico/templates/calico.yaml (about) 1 # This ConfigMap is used to configure a self-hosted Calico installation. 2 kind: ConfigMap 3 apiVersion: v1 4 metadata: 5 name: calico-config 6 namespace: kube-system 7 data: 8 # Configure this with the location of your etcd cluster. 9 etcd_endpoints: "{{ etcd_networking_cluster_ip_list }}" 10 11 # Configure the Calico backend to use. 12 calico_backend: "bird" 13 14 cni_network_config: |- 15 { 16 "name": "k8s-pod-network", 17 "cniVersion": "0.3.0", 18 "plugins": [ 19 { 20 "type": "calico", 21 "etcd_endpoints": "__ETCD_ENDPOINTS__", 22 "etcd_key_file": "{{ kubernetes_certificates.etcd_client_key }}", 23 "etcd_cert_file": "{{ kubernetes_certificates.etcd_client }}", 24 "etcd_ca_cert_file": "{{ kubernetes_certificates.ca }}", 25 "log_level": "{{ cni.options.calico.log_level }}", 26 "mtu": {{ cni.options.calico.workload_mtu }}, 27 "ipam": { 28 "type": "calico-ipam" 29 }, 30 "policy": { 31 "type": "k8s", 32 "k8s_api_root": "{{ kubernetes_master_ip }}", 33 "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" 34 }, 35 "kubernetes": { 36 "kubeconfig": "__KUBECONFIG_FILEPATH__" 37 } 38 }{% if cni.options.portmap.enabled == true %}, 39 { 40 "type": "portmap", 41 "snat": true, 42 "capabilities": {"portMappings": true} 43 }{% endif %} 44 ] 45 } 46 # If you're using TLS enabled etcd uncomment the following. 47 # You must also populate the Secret below with these files. 48 etcd_ca: "{{ kubernetes_certificates.ca }}" 49 etcd_cert: "{{ kubernetes_certificates.etcd_client }}" 50 etcd_key: "{{ kubernetes_certificates.etcd_client_key }}" 51 52 --- 53 54 # This manifest installs the calico/node container, as well 55 # as the Calico CNI plugins and network config on 56 # each master and worker node in a Kubernetes cluster. 57 kind: DaemonSet 58 apiVersion: apps/v1 59 metadata: 60 name: calico-node 61 namespace: kube-system 62 labels: 63 tier: control-plane 64 component: calico-node 65 k8s-app: calico-node 66 annotations: 67 kismatic/version: "{{ kismatic_short_version }}" 68 spec: 69 selector: 70 matchLabels: 71 k8s-app: calico-node 72 template: 73 metadata: 74 labels: 75 k8s-app: calico-node 76 annotations: 77 scheduler.alpha.kubernetes.io/critical-pod: '' 78 prometheus.io/port: "9091" 79 prometheus.io/scrape: "true" 80 spec: 81 hostNetwork: true 82 serviceAccountName: calico-node 83 # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force 84 # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. 85 terminationGracePeriodSeconds: 0 86 tolerations: 87 - effect: NoSchedule 88 operator: Exists 89 - effect: NoExecute 90 operator: Exists 91 - key: CriticalAddonsOnly 92 operator: Exists 93 containers: 94 # Runs calico/node container on each Kubernetes node. This 95 # container programs network policy and routes on each 96 # host. 97 - name: calico-node 98 image: {{ images.calico_node }} 99 imagePullPolicy: IfNotPresent 100 env: 101 # The location of the Calico etcd cluster. 102 - name: ETCD_ENDPOINTS 103 valueFrom: 104 configMapKeyRef: 105 name: calico-config 106 key: etcd_endpoints 107 # Choose the backend to use. 108 - name: CALICO_NETWORKING_BACKEND 109 valueFrom: 110 configMapKeyRef: 111 name: calico-config 112 key: calico_backend 113 # Cluster type to identify the deployment type 114 - name: CLUSTER_TYPE 115 value: "k8s,bgp" 116 # Disable file logging so `kubectl logs` works. 117 - name: CALICO_DISABLE_FILE_LOGGING 118 value: "true" 119 # Configure the IP Pool from which Pod IPs will be chosen. 120 - name: CALICO_IPV4POOL_CIDR 121 value: "{{ kubernetes_pods_cidr }}" 122 - name: CALICO_IPV4POOL_IPIP 123 value: {% if cni.options.calico.mode == 'overlay' %}"always"{% else %}"off"{% endif %} 124 # Disable IPv6 on Kubernetes. 125 - name: FELIX_IPV6SUPPORT 126 value: "false" 127 # Set Felix endpoint to host default action to ACCEPT. 128 - name: FELIX_DEFAULTENDPOINTTOHOSTACTION 129 value: ACCEPT 130 - name: FELIX_LOGSEVERITYSCREEN 131 value: "{{ cni.options.calico.log_level }}" 132 # Set MTU for tunnel device used if ipip is enabled 133 - name: FELIX_IPINIPMTU 134 value: "{{ cni.options.calico.felix_input_mtu }}" 135 # Set to enable the Prometheus metrics server in Felix. 136 - name: FELIX_PROMETHEUSMETRICSENABLED 137 value: "true" 138 # Set to false to disable Go runtime metrics collection. 139 - name: FELIX_PROMETHEUSGOMETRICSENABLED 140 value: "false" 141 # Set to false to disable process metrics collection, which the Prometheus client does by default. 142 - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED 143 value: "false" 144 # Reports anonymous Calico version number and cluster size to projectcalico.org. Logs warnings returned by the usage server. 145 - name: FELIX_USAGEREPORTINGENABLED 146 value: "false" 147 # Location of the CA certificate for etcd. 148 - name: ETCD_CA_CERT_FILE 149 valueFrom: 150 configMapKeyRef: 151 name: calico-config 152 key: etcd_ca 153 # Location of the client key for etcd. 154 - name: ETCD_KEY_FILE 155 valueFrom: 156 configMapKeyRef: 157 name: calico-config 158 key: etcd_key 159 # Location of the client certificate for etcd. 160 - name: ETCD_CERT_FILE 161 valueFrom: 162 configMapKeyRef: 163 name: calico-config 164 key: etcd_cert 165 # Auto-detect the BGP IP address. 166 - name: IP 167 value: "" 168 - name: IP_AUTODETECTION_METHOD 169 value: "{{ cni.options.calico.ip_autodetection_method }}" 170 - name: FELIX_HEALTHENABLED 171 value: "true" 172 securityContext: 173 privileged: true 174 resources: 175 requests: 176 cpu: 250m 177 livenessProbe: 178 httpGet: 179 path: /liveness 180 port: 9099 181 periodSeconds: 10 182 initialDelaySeconds: 10 183 failureThreshold: 6 184 readinessProbe: 185 httpGet: 186 path: /readiness 187 port: 9099 188 periodSeconds: 10 189 volumeMounts: 190 - mountPath: /lib/modules 191 name: lib-modules 192 readOnly: true 193 - mountPath: /var/run/calico 194 name: var-run-calico 195 readOnly: false 196 - mountPath: {{ kubernetes_certificates_dir }} 197 name: etcd-certs 198 # This container installs the Calico CNI binaries 199 # and CNI network config file on each node. 200 - name: install-cni 201 image: {{ images.calico_cni }} 202 imagePullPolicy: IfNotPresent 203 command: ["/install-cni.sh"] 204 env: 205 # Use apprenda/cni-bin image for all plugins 206 - name: SKIP_CNI_BINARIES 207 value: "true" 208 # The location of the Calico etcd cluster. 209 - name: ETCD_ENDPOINTS 210 valueFrom: 211 configMapKeyRef: 212 name: calico-config 213 key: etcd_endpoints 214 # The CNI network config to install on each node. 215 - name: CNI_NETWORK_CONFIG 216 valueFrom: 217 configMapKeyRef: 218 name: calico-config 219 key: cni_network_config 220 - name: CNI_CONF_NAME 221 value: "00-calico.conflist" 222 securityContext: 223 privileged: true 224 volumeMounts: 225 - mountPath: /host/opt/cni/bin 226 name: cni-bin-dir 227 - mountPath: /host/etc/cni/net.d 228 name: cni-net-dir 229 - mountPath: {{ kubernetes_certificates_dir }} 230 name: etcd-certs 231 volumes: 232 # Used by calico/node. 233 - name: lib-modules 234 hostPath: 235 path: /lib/modules 236 - name: var-run-calico 237 hostPath: 238 path: /var/run/calico 239 # Used to install CNI. 240 - name: cni-bin-dir 241 hostPath: 242 path: /opt/cni/bin 243 - name: cni-net-dir 244 hostPath: 245 path: {{ network_plugin_dir }} 246 # Mount in the etcd TLS secrets. 247 - name: etcd-certs 248 hostPath: 249 path: {{ kubernetes_certificates_dir }} 250 251 --- 252 253 apiVersion: v1 254 kind: ServiceAccount 255 metadata: 256 name: calico-node 257 namespace: kube-system