From 60a217766fee54f68fae58dc9a69069c7571c625 Mon Sep 17 00:00:00 2001
From: Aleksandr Didenko <adidenko@mirantis.com>
Date: Tue, 8 Nov 2016 12:13:20 +0100
Subject: [PATCH] Add ConfigMap for basic configuration options
Container settings moved from deamonset yaml to a separate
configmap.
---
roles/kubernetes-apps/ansible/tasks/main.yaml | 3 +-
.../network_plugin/canal/tasks/main.yaml | 9 ++++
.../node/templates/cni-canal.conf.j2 | 8 ++--
roles/network_plugin/canal/tasks/main.yml | 7 ++-
.../canal/templates/canal-config.yml.j2 | 22 +++++++++
.../canal/templates/canal-node.yml.j2 | 48 ++++++++++++++++---
6 files changed, 83 insertions(+), 14 deletions(-)
create mode 100644 roles/network_plugin/canal/templates/canal-config.yml.j2
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yaml b/roles/kubernetes-apps/ansible/tasks/main.yaml
index ccbca3c80..130a17a6f 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yaml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yaml
@@ -19,4 +19,5 @@
when: inventory_hostname == groups['kube-master'][0]
- include: tasks/calico-policy-controller.yml
- when: enable_network_policy is defined and enable_network_policy == True
+ when: ( enable_network_policy is defined and enable_network_policy == True ) or
+ ( kube_network_plugin == 'canal' )
diff --git a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yaml b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yaml
index 46105126b..c6bcd6992 100644
--- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yaml
+++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yaml
@@ -1,3 +1,12 @@
+- name: Create canal ConfigMap
+ run_once: true
+ kube:
+ name: "canal-config"
+ kubectl: "{{bin_dir}}/kubectl"
+ filename: "/etc/kubernetes/canal-config.yaml"
+ resource: "configmap"
+ namespace: "kube-system"
+
- name: Start flannel and calico-node
run_once: true
kube:
diff --git a/roles/kubernetes/node/templates/cni-canal.conf.j2 b/roles/kubernetes/node/templates/cni-canal.conf.j2
index db3e9231c..b835443c7 100644
--- a/roles/kubernetes/node/templates/cni-canal.conf.j2
+++ b/roles/kubernetes/node/templates/cni-canal.conf.j2
@@ -5,11 +5,9 @@
"type": "calico",
"etcd_endpoints": "{{ etcd_access_endpoint }}",
"log_level": "info",
- {% if enable_network_policy is defined and enable_network_policy == True %}
- "policy": {
- "type": "k8s"
- },
- {% endif %}
+ "policy": {
+ "type": "k8s"
+ },
"kubernetes": {
"kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml"
}
diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml
index eb833bf0a..ba83edee8 100644
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -5,7 +5,12 @@
dest: /etc/flannel-network.json
backup: yes
-- name: Canal | Write canal configuration
+- name: Canal | Write canal configmap
+ template:
+ src: canal-config.yml.j2
+ dest: /etc/kubernetes/canal-config.yaml
+
+- name: Canal | Write canal node configuration
template:
src: canal-node.yml.j2
dest: /etc/kubernetes/canal-node.yaml
diff --git a/roles/network_plugin/canal/templates/canal-config.yml.j2 b/roles/network_plugin/canal/templates/canal-config.yml.j2
new file mode 100644
index 000000000..34f3faedb
--- /dev/null
+++ b/roles/network_plugin/canal/templates/canal-config.yml.j2
@@ -0,0 +1,22 @@
+# This ConfigMap can be used to configure a self-hosted Canal installation.
+# See `canal.yaml` for an example of a Canal deployment which uses
+# the config in this ConfigMap.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: canal-config
+data:
+ # Configure this with the location of your etcd cluster.
+ etcd_endpoints: "{{ etcd_access_endpoint }}"
+
+ # The interface used by canal for host <-> host communication.
+ # If left blank, then the interface is chosing using the node's
+ # default route.
+ flanneld_iface: "{{ canal_iface }}"
+
+ # Whether or not to masquerade traffic to destinations not within
+ # the pod network.
+ masquerade: "{{ canal_masquerade }}"
+
+ # Cluster name for Flannel etcd path
+ cluster_name: "{{ cluster_name }}"
diff --git a/roles/network_plugin/canal/templates/canal-node.yml.j2 b/roles/network_plugin/canal/templates/canal-node.yml.j2
index 0b4ea24e4..bdeae6cfd 100644
--- a/roles/network_plugin/canal/templates/canal-node.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yml.j2
@@ -47,10 +47,23 @@ spec:
containers:
- name: "flannel-server-helper"
image: "{{ flannel_server_helper_image_repo }}:{{ flannel_server_helper_image_tag }}"
+ env:
+ # Cluster name
+ - name: CLUSTER_NAME
+ valueFrom:
+ configMapKeyRef:
+ name: canal-config
+ key: cluster_name
+ # The location of the etcd cluster.
+ - name: FLANNELD_ETCD_ENDPOINTS
+ valueFrom:
+ configMapKeyRef:
+ name: canal-config
+ key: etcd_endpoints
args:
- "--network-config=/etc/flannel-network.json"
- - "--etcd-prefix=/{{ cluster_name }}/network"
- - "--etcd-server={{ etcd_endpoint }}"
+ - "--etcd-prefix=/$(CLUSTER_NAME)/network"
+ - "--etcd-server=$(FLANNELD_ETCD_ENDPOINTS)"
volumeMounts:
- name: "networkconfig"
mountPath: "/etc/flannel-network.json"
@@ -60,22 +73,40 @@ spec:
- name: flannel
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
env:
+ # Cluster name
+ - name: CLUSTER_NAME
+ valueFrom:
+ configMapKeyRef:
+ name: canal-config
+ key: cluster_name
# The location of the etcd cluster.
- name: FLANNELD_ETCD_ENDPOINTS
- value: "{{ etcd_access_endpoint }}"
+ valueFrom:
+ configMapKeyRef:
+ name: canal-config
+ key: etcd_endpoints
# The interface flannel should run on.
- name: FLANNELD_IFACE
- value: "{{ canal_iface }}"
+ valueFrom:
+ configMapKeyRef:
+ name: canal-config
+ key: flanneld_iface
# Perform masquerade on traffic leaving the pod cidr.
- name: FLANNELD_IP_MASQ
- value: "{{ canal_masquerade }}"
+ valueFrom:
+ configMapKeyRef:
+ name: canal-config
+ key: masquerade
+ # Set etcd-prefix
+ - name: DOCKER_OPT_ETCD_PREFIX
+ value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
# Write the subnet.env file to the mounted directory.
- name: FLANNELD_SUBNET_FILE
value: "/run/flannel/subnet.env"
command:
- "/bin/sh"
- "-c"
- - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network {% if canal_iface %}-iface {{ canal_iface }}{% endif %}"
+ - "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network"
ports:
- hostPort: 10253
containerPort: 10253
@@ -94,7 +125,10 @@ spec:
env:
# The location of the etcd cluster.
- name: ETCD_ENDPOINTS
- value: "{{ etcd_access_endpoint }}"
+ valueFrom:
+ configMapKeyRef:
+ name: canal-config
+ key: etcd_endpoints
# Disable Calico BGP. Calico is simply enforcing policy.
- name: CALICO_NETWORKING
value: "false"
--
GitLab