KubeADM-AIO: Drive basic CNI configuration via values

This PS drives basic CNI options via ansible playbook in the KubeADM-AIO container and modifies the calico chart to support configuration via values. Change-Id: Iaf2f9807438c3a34e797c62c2c6913edb677997c
2018-01-07 11:08:09 -05:00 · 2018-01-07 11:08:09 -05:00 · 2e0b57ad93
commit 2e0b57ad93
parent 227df8bf87
5 changed files with 98 additions and 37 deletions
--- a/calico/templates/configmap-calico-config.yaml
+++ b/calico/templates/configmap-calico-config.yaml
@ -16,6 +16,19 @@ limitations under the License.

 {{- if .Values.manifests.configmap_calico_config }}
 {{- $envAll := . }}
+
+{{- if empty .Values.conf.cni_network_config.mtu -}}
+{{/*
+#NOTE(portdirect): to err on the side of caution we subtract 20 from the physical
+# MTU to account for IPIP overhead unless explicty turned off.
+*/}}
+{{- if eq .Values.conf.node.CALICO_IPV4POOL_IPIP "off" -}}
+{{- set .Values.conf.cni_network_config "mtu" .Values.networking.mtu | quote | trunc 0 -}}
+{{- else -}}
+{{- set .Values.conf.cni_network_config "mtu" (sub .Values.networking.mtu 20) | quote | trunc 0 -}}
+{{- end -}}
+{{- end -}}
+
 ---
 # This ConfigMap is used to configure a self-hosted Calico installation.
 kind: ConfigMap
--- a/calico/templates/daemonset-calico-node.yaml
+++ b/calico/templates/daemonset-calico-node.yaml
@ -16,6 +16,23 @@ limitations under the License.

 {{- if .Values.manifests.daemonset_calico_node }}
 {{- $envAll := . }}
+
+{{- if empty .Values.conf.node.CALICO_IPV4POOL_CIDR -}}
+{{- set .Values.conf.node "CALICO_IPV4POOL_CIDR" .Values.networking.podSubnet | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.node.FELIX_IPINIPMTU -}}
+{{/*
+#NOTE(portdirect): to err on the side of caution we subtract 20 from the physical
+# MTU to account for IPIP overhead unless explicty turned off.
+*/}}
+{{- if eq .Values.conf.node.CALICO_IPV4POOL_IPIP "off" -}}
+{{- set .Values.conf.node "FELIX_IPINIPMTU" .Values.networking.mtu | quote | trunc 0 -}}
+{{- else -}}
+{{- set .Values.conf.node "FELIX_IPINIPMTU" (sub .Values.networking.mtu 20) | quote | trunc 0 -}}
+{{- end -}}
+{{- end -}}
+
 {{- if .Values.images.local_registry.active -}}
 {{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_node .Values.conditional_dependencies.local_image_registry) -}}
 {{- else -}}
@ -108,44 +125,12 @@ spec:
                configMapKeyRef:
                  name: calico-config
                  key: calico_backend
-            # Cluster type to identify the deployment type
-            - name: CLUSTER_TYPE
-              value: "kubeadm,bgp"
            # Set noderef for node controller.
            - name: CALICO_K8S_NODE_REF
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
-            # Disable file logging so `kubectl logs` works.
-            - name: CALICO_DISABLE_FILE_LOGGING
-              value: "true"
-            # Set Felix endpoint to host default action to ACCEPT.
-            - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
-              value: "ACCEPT"
-            # Configure the IP Pool from which Pod IPs will be chosen.
-            - name: CALICO_IPV4POOL_CIDR
-              value: "{{ .Values.networking.podSubnet }}"
-            - name: CALICO_IPV4POOL_IPIP
-              value: "always"
-            # Disable IPv6 on Kubernetes.
-            - name: FELIX_IPV6SUPPORT
-              value: "false"
-            # Set MTU for tunnel device used if ipip is enabled
-            - name: FELIX_IPINIPMTU
-              value: "1440"
-            # Set Felix logging to "info"
-            - name: FELIX_LOGSEVERITYSCREEN
-              value: "info"
-            - name: FELIX_HEALTHENABLED
-              value: "true"
-            # Set Felix experimental Prometheus metrics server
-            - name: FELIX_PROMETHEUSMETRICSENABLED
-              value: "true"
-            - name: FELIX_PROMETHEUSMETRICSPORT
-              value: "9091"
-            # Auto-detect the BGP IP address.
-            - name: IP
-              value: ""
+{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.node | indent 12 }}
          securityContext:
            privileged: true
          resources:
--- a/calico/values.yaml
+++ b/calico/values.yaml
@ -106,6 +106,9 @@ endpoints:

 networking:
  podSubnet: 192.168.0.0/16
+  #NOTE(portdirect): this should be the physical MTU, the appropriate MTU
+  # that calico should use will be calculated.
+  mtu: 1500

 conf:
  cni_network_config:
@ -114,7 +117,7 @@ conf:
    type: calico
    etcd_endpoints: __ETCD_ENDPOINTS__
    log_level: info
-    mtu: 1500
+    mtu: null
    ipam:
      type: calico-ipam
    policy:
@ -123,6 +126,31 @@ conf:
      k8s_auth_token: __SERVICEACCOUNT_TOKEN__
    kubernetes:
      kubeconfig: "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
+  node:
+    # Cluster type to identify the deployment type
+    CLUSTER_TYPE:
+      - kubeadm
+      - bgp
+    # Disable file logging so `kubectl logs` works.
+    CALICO_DISABLE_FILE_LOGGING: "true"
+    # Set Felix endpoint to host default action to ACCEPT.
+    FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT"
+    # Configure the IP Pool from which Pod IPs will be chosen.
+    CALICO_IPV4POOL_CIDR: null
+    # Change this to 'off' in environments with direct L2 communication
+    CALICO_IPV4POOL_IPIP: "always"
+    # Disable IPv6 on Kubernetes.
+    FELIX_IPV6SUPPORT: "false"
+    # Set MTU for tunnel device used if ipip is enabled
+    FELIX_IPINIPMTU: null
+    # Set Felix logging to "info"
+    FELIX_LOGSEVERITYSCREEN: "info"
+    FELIX_HEALTHENABLED: "true"
+    # Set Felix experimental Prometheus metrics server
+    FELIX_PROMETHEUSMETRICSENABLED: "true"
+    FELIX_PROMETHEUSMETRICSPORT: "9091"
+    # Auto-detect the BGP IP address.
+    IP: ""

 manifests:
  configmap_bin: true
--- a/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl
+++ b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl
@ -0,0 +1,27 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "helm-toolkit.utils.to_k8s_env_vars" -}}
+{{range $key, $value := . -}}
+{{- if kindIs "slice" $value -}}
+- name: {{ $key }}
+  value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }}
+{{else -}}
+- name: {{ $key }}
+  value: {{ $value | quote }}
+{{ end -}}
+{{- end -}}
+{{- end -}}
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml
@ -46,6 +46,14 @@
      retries: 120
      delay: 5

+- name: kubeadm | cni | get default mtu
+  block:
+    - name: getting default route device mtu
+      shell: echo $(cat /sys/class/net/$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')/mtu)
+      args:
+        executable: /bin/bash
+      register: cni_default_device_mtu
+
 - name: kubeadm | cni | calico
  when: cluster.cni == 'calico'
  delegate_to: 127.0.0.1
@ -55,7 +63,7 @@
      environment:
        KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf'
    - name: kubeadm | cni | calico
-      command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}"  --wait --timeout=600
+      command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --wait --timeout=600
      environment:
        HELM_HOST: 'localhost:44134'
    - name: kubeadm | cni | calico
@ -65,7 +73,7 @@
      register: kubeadm_helm_cni_status
    - name: kubeadm | cni | status
      debug:
-        msg: "{{ kubeadm_helm_cni_status }}"
+        msg: "{{ kubeadm_helm_cni_status.stdout_lines }}"

 - name: kubeadm | cni | flannel
  when: cluster.cni == 'flannel'
@ -82,7 +90,7 @@
      register: kubeadm_helm_cni_status
    - name: kubeadm | cni | status
      debug:
-        msg: "{{ kubeadm_helm_cni_status }}"
+        msg: "{{ kubeadm_helm_cni_status.stdout_lines }}"

 - name: "removing bootstrap tiller container"
  become: true