sigs.k8s.io/cluster-api-provider-azure@v1.14.3/templates/addons/windows/calico/calico.yaml (about) 1 # strictAffinity required for windows 2 apiVersion: crd.projectcalico.org/v1 3 kind: IPAMConfig 4 metadata: 5 name: default 6 spec: 7 autoAllocateBlocks: true 8 strictAffinity: true 9 --- 10 kind: ConfigMap 11 apiVersion: v1 12 metadata: 13 name: calico-static-rules 14 namespace: calico-system 15 labels: 16 tier: node 17 app: calico 18 data: 19 static-rules.json: | 20 { 21 "Provider": "azure", 22 "Version": "0.1", 23 "Rules": [ 24 { 25 "Name": "EndpointPolicy", 26 "Rule": { 27 "Id": "wireserver", 28 "Type": "ACL", 29 "Protocol": 6, 30 "Action": "Block", 31 "Direction": "Out", 32 "RemoteAddresses": "168.63.129.16/32", 33 "RemotePorts": "80", 34 "Priority": 200, 35 "RuleType": "Switch" 36 } 37 } 38 ] 39 } 40 --- 41 kind: ConfigMap 42 apiVersion: v1 43 metadata: 44 name: calico-config-windows 45 namespace: calico-system 46 labels: 47 tier: node 48 app: calico 49 data: 50 veth_mtu: "1350" 51 52 cni_network_config: | 53 { 54 "name": "Calico", 55 "cniVersion": "0.3.1", 56 "plugins": [ 57 { 58 "windows_use_single_network": true, 59 "type": "calico", 60 "mode": "vxlan", 61 "nodename": "__KUBERNETES_NODE_NAME__", 62 "nodename_file_optional": true, 63 "log_file_path": "c:/cni.log", 64 "log_level": "debug", 65 66 "vxlan_mac_prefix": "0E-2A", 67 "vxlan_vni": 4096, 68 "mtu": __CNI_MTU__, 69 "policy": { 70 "type": "k8s" 71 }, 72 73 "log_level": "info", 74 75 "capabilities": {"dns": true}, 76 "DNS": { 77 "Search": [ 78 "svc.cluster.local" 79 ] 80 }, 81 82 "datastore_type": "kubernetes", 83 84 "kubernetes": { 85 "kubeconfig": "__KUBECONFIG_FILEPATH__" 86 }, 87 88 "ipam": { 89 "type": "calico-ipam", 90 "subnet": "usePodCidr" 91 }, 92 93 "policies": [ 94 { 95 "Name": "EndpointPolicy", 96 "Value": { 97 "Type": "OutBoundNAT", 98 "ExceptionList": [ 99 "__K8S_SERVICE_CIDR__" 100 ] 101 } 102 }, 103 { 104 "Name": "EndpointPolicy", 105 "Value": { 106 "Type": "SDNROUTE", 107 "DestinationPrefix": "__K8S_SERVICE_CIDR__", 108 "NeedEncap": true 109 } 110 } 111 ] 112 } 113 ] 114 115 } 116 --- 117 apiVersion: apps/v1 118 kind: DaemonSet 119 metadata: 120 name: calico-node-windows 121 labels: 122 tier: node 123 app: calico 124 namespace: calico-system 125 spec: 126 selector: 127 matchLabels: 128 app: calico 129 template: 130 metadata: 131 labels: 132 tier: node 133 app: calico 134 spec: 135 affinity: 136 nodeAffinity: 137 requiredDuringSchedulingIgnoredDuringExecution: 138 nodeSelectorTerms: 139 - matchExpressions: 140 - key: kubernetes.io/os 141 operator: In 142 values: 143 - windows 144 - key: kubernetes.io/arch 145 operator: In 146 values: 147 - amd64 148 securityContext: 149 windowsOptions: 150 hostProcess: true 151 runAsUserName: "NT AUTHORITY\\system" 152 hostNetwork: true 153 serviceAccountName: calico-node 154 tolerations: 155 - operator: Exists 156 effect: NoSchedule 157 # Mark the pod as a critical add-on for rescheduling. 158 - key: CriticalAddonsOnly 159 operator: Exists 160 - effect: NoExecute 161 operator: Exists 162 initContainers: 163 # This container installs the CNI binaries 164 # and CNI network config file on each node. 165 - name: install-cni 166 image: sigwindowstools/calico-install:v3.26.1-hostprocess 167 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/install.ps1"] 168 imagePullPolicy: Always 169 env: 170 # Name of the CNI config file to create. 171 - name: CNI_CONF_NAME 172 value: "10-calico.conflist" 173 # The CNI network config to install on each node. 174 - name: CNI_NETWORK_CONFIG 175 valueFrom: 176 configMapKeyRef: 177 name: calico-config-windows 178 key: cni_network_config 179 # Set the hostname based on the k8s node name. 180 - name: KUBERNETES_NODE_NAME 181 valueFrom: 182 fieldRef: 183 fieldPath: spec.nodeName 184 # CNI MTU Config variable 185 - name: CNI_MTU 186 valueFrom: 187 configMapKeyRef: 188 name: calico-config-windows 189 key: veth_mtu 190 # Prevents the container from sleeping forever. 191 - name: SLEEP 192 value: "false" 193 - name: K8S_SERVICE_CIDR 194 value: "10.96.0.0/12" 195 volumeMounts: 196 - mountPath: /host/opt/cni/bin 197 name: cni-bin-dir 198 - mountPath: /host/etc/cni/net.d 199 name: cni-net-dir 200 - name: kubeadm-config 201 mountPath: /etc/kubeadm-config/ 202 securityContext: 203 windowsOptions: 204 hostProcess: true 205 runAsUserName: "NT AUTHORITY\\system" 206 containers: 207 - name: calico-node-startup 208 image: sigwindowstools/calico-node:v3.26.1-hostprocess 209 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/node-service.ps1"] 210 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/" 211 imagePullPolicy: Always 212 volumeMounts: 213 - name: calico-config-windows 214 mountPath: /etc/kube-calico-windows/ 215 env: 216 - name: POD_NAME 217 valueFrom: 218 fieldRef: 219 apiVersion: v1 220 fieldPath: metadata.name 221 - name: POD_NAMESPACE 222 valueFrom: 223 fieldRef: 224 apiVersion: v1 225 fieldPath: metadata.namespace 226 - name: CNI_IPAM_TYPE 227 value: "calico-ipam" 228 - name: CALICO_NETWORKING_BACKEND 229 value: "vxlan" 230 - name: KUBECONFIG 231 value: "C:/etc/cni/net.d/calico-kubeconfig" 232 - name: VXLAN_VNI 233 value: "4096" 234 - name: calico-node-felix 235 image: sigwindowstools/calico-node:v3.26.1-hostprocess 236 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/felix-service.ps1"] 237 imagePullPolicy: Always 238 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/" 239 volumeMounts: 240 - name: calico-config-windows 241 mountPath: /etc/kube-calico-windows/ 242 - name: calico-static-rules 243 mountPath: /calico/static-rules.json 244 subPath: static-rules.json 245 env: 246 - name: POD_NAME 247 valueFrom: 248 fieldRef: 249 apiVersion: v1 250 fieldPath: metadata.name 251 - name: POD_NAMESPACE 252 valueFrom: 253 fieldRef: 254 apiVersion: v1 255 fieldPath: metadata.namespace 256 - name: VXLAN_VNI 257 value: "4096" 258 - name: KUBECONFIG 259 value: "C:/etc/cni/net.d/calico-kubeconfig" 260 volumes: 261 - name: calico-config-windows 262 configMap: 263 name: calico-config-windows 264 - name: calico-static-rules 265 configMap: 266 name: calico-static-rules 267 # Used to install CNI. 268 - name: cni-bin-dir 269 hostPath: 270 path: /opt/cni/bin 271 - name: cni-net-dir 272 hostPath: 273 path: /etc/cni/net.d 274 - name: kubeadm-config 275 configMap: 276 name: kubeadm-config 277 --- 278 apiVersion: apiextensions.k8s.io/v1 279 kind: CustomResourceDefinition 280 metadata: 281 name: ipamconfigs.crd.projectcalico.org 282 spec: 283 group: crd.projectcalico.org 284 names: 285 kind: IPAMConfig 286 listKind: IPAMConfigList 287 plural: ipamconfigs 288 singular: ipamconfig 289 preserveUnknownFields: false 290 scope: Cluster 291 versions: 292 - name: v1 293 schema: 294 openAPIV3Schema: 295 properties: 296 apiVersion: 297 description: 'APIVersion defines the versioned schema of this representation 298 of an object. Servers should convert recognized schemas to the latest 299 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 300 type: string 301 kind: 302 description: 'Kind is a string value representing the REST resource this 303 object represents. Servers may infer this from the endpoint the client 304 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 305 type: string 306 metadata: 307 type: object 308 spec: 309 description: IPAMConfigSpec contains the specification for an IPAMConfig 310 resource. 311 properties: 312 autoAllocateBlocks: 313 type: boolean 314 maxBlocksPerHost: 315 description: MaxBlocksPerHost, if non-zero, is the max number of blocks 316 that can be affine to each host. 317 maximum: 2147483647 318 minimum: 0 319 type: integer 320 strictAffinity: 321 type: boolean 322 required: 323 - autoAllocateBlocks 324 - strictAffinity 325 type: object 326 type: object 327 served: true 328 storage: true 329 status: 330 acceptedNames: 331 kind: "" 332 plural: "" 333 conditions: [] 334 storedVersions: []