diff --git a/calico/templates/configmap-calico-config.yaml b/calico/templates/configmap-calico-config.yaml index a5ce055db..c10570852 100644 --- a/calico/templates/configmap-calico-config.yaml +++ b/calico/templates/configmap-calico-config.yaml @@ -16,6 +16,19 @@ limitations under the License. {{- if .Values.manifests.configmap_calico_config }} {{- $envAll := . }} + +{{- if empty .Values.conf.cni_network_config.mtu -}} +{{/* +#NOTE(portdirect): to err on the side of caution we subtract 20 from the physical +# MTU to account for IPIP overhead unless explicty turned off. +*/}} +{{- if eq .Values.conf.node.CALICO_IPV4POOL_IPIP "off" -}} +{{- set .Values.conf.cni_network_config "mtu" .Values.networking.mtu | quote | trunc 0 -}} +{{- else -}} +{{- set .Values.conf.cni_network_config "mtu" (sub .Values.networking.mtu 20) | quote | trunc 0 -}} +{{- end -}} +{{- end -}} + --- # This ConfigMap is used to configure a self-hosted Calico installation. kind: ConfigMap diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 5f9dbb171..5bdbe876c 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -16,6 +16,23 @@ limitations under the License. {{- if .Values.manifests.daemonset_calico_node }} {{- $envAll := . }} + +{{- if empty .Values.conf.node.CALICO_IPV4POOL_CIDR -}} +{{- set .Values.conf.node "CALICO_IPV4POOL_CIDR" .Values.networking.podSubnet | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.node.FELIX_IPINIPMTU -}} +{{/* +#NOTE(portdirect): to err on the side of caution we subtract 20 from the physical +# MTU to account for IPIP overhead unless explicty turned off. +*/}} +{{- if eq .Values.conf.node.CALICO_IPV4POOL_IPIP "off" -}} +{{- set .Values.conf.node "FELIX_IPINIPMTU" .Values.networking.mtu | quote | trunc 0 -}} +{{- else -}} +{{- set .Values.conf.node "FELIX_IPINIPMTU" (sub .Values.networking.mtu 20) | quote | trunc 0 -}} +{{- end -}} +{{- end -}} + {{- if .Values.images.local_registry.active -}} {{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_node .Values.conditional_dependencies.local_image_registry) -}} {{- else -}} @@ -108,44 +125,12 @@ spec: configMapKeyRef: name: calico-config key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "kubeadm,bgp" # Set noderef for node controller. - name: CALICO_K8S_NODE_REF valueFrom: fieldRef: fieldPath: spec.nodeName - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - # Configure the IP Pool from which Pod IPs will be chosen. - - name: CALICO_IPV4POOL_CIDR - value: "{{ .Values.networking.podSubnet }}" - - name: CALICO_IPV4POOL_IPIP - value: "always" - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - value: "1440" - # Set Felix logging to "info" - - name: FELIX_LOGSEVERITYSCREEN - value: "info" - - name: FELIX_HEALTHENABLED - value: "true" - # Set Felix experimental Prometheus metrics server - - name: FELIX_PROMETHEUSMETRICSENABLED - value: "true" - - name: FELIX_PROMETHEUSMETRICSPORT - value: "9091" - # Auto-detect the BGP IP address. - - name: IP - value: "" +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.node | indent 12 }} securityContext: privileged: true resources: diff --git a/calico/values.yaml b/calico/values.yaml index 1707ebcce..a693c4635 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -106,6 +106,9 @@ endpoints: networking: podSubnet: 192.168.0.0/16 + #NOTE(portdirect): this should be the physical MTU, the appropriate MTU + # that calico should use will be calculated. + mtu: 1500 conf: cni_network_config: @@ -114,7 +117,7 @@ conf: type: calico etcd_endpoints: __ETCD_ENDPOINTS__ log_level: info - mtu: 1500 + mtu: null ipam: type: calico-ipam policy: @@ -123,6 +126,31 @@ conf: k8s_auth_token: __SERVICEACCOUNT_TOKEN__ kubernetes: kubeconfig: "/etc/cni/net.d/__KUBECONFIG_FILENAME__" + node: + # Cluster type to identify the deployment type + CLUSTER_TYPE: + - kubeadm + - bgp + # Disable file logging so `kubectl logs` works. + CALICO_DISABLE_FILE_LOGGING: "true" + # Set Felix endpoint to host default action to ACCEPT. + FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT" + # Configure the IP Pool from which Pod IPs will be chosen. + CALICO_IPV4POOL_CIDR: null + # Change this to 'off' in environments with direct L2 communication + CALICO_IPV4POOL_IPIP: "always" + # Disable IPv6 on Kubernetes. + FELIX_IPV6SUPPORT: "false" + # Set MTU for tunnel device used if ipip is enabled + FELIX_IPINIPMTU: null + # Set Felix logging to "info" + FELIX_LOGSEVERITYSCREEN: "info" + FELIX_HEALTHENABLED: "true" + # Set Felix experimental Prometheus metrics server + FELIX_PROMETHEUSMETRICSENABLED: "true" + FELIX_PROMETHEUSMETRICSPORT: "9091" + # Auto-detect the BGP IP address. + IP: "" manifests: configmap_bin: true diff --git a/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl new file mode 100644 index 000000000..5fe11114d --- /dev/null +++ b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.to_k8s_env_vars" -}} +{{range $key, $value := . -}} +{{- if kindIs "slice" $value -}} +- name: {{ $key }} + value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }} +{{else -}} +- name: {{ $key }} + value: {{ $value | quote }} +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml index 614a3efc9..3e35cc774 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml @@ -46,6 +46,14 @@ retries: 120 delay: 5 +- name: kubeadm | cni | get default mtu + block: + - name: getting default route device mtu + shell: echo $(cat /sys/class/net/$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')/mtu) + args: + executable: /bin/bash + register: cni_default_device_mtu + - name: kubeadm | cni | calico when: cluster.cni == 'calico' delegate_to: 127.0.0.1 @@ -55,7 +63,7 @@ environment: KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - name: kubeadm | cni | calico - command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --wait --timeout=600 + command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --wait --timeout=600 environment: HELM_HOST: 'localhost:44134' - name: kubeadm | cni | calico @@ -65,7 +73,7 @@ register: kubeadm_helm_cni_status - name: kubeadm | cni | status debug: - msg: "{{ kubeadm_helm_cni_status }}" + msg: "{{ kubeadm_helm_cni_status.stdout_lines }}" - name: kubeadm | cni | flannel when: cluster.cni == 'flannel' @@ -82,7 +90,7 @@ register: kubeadm_helm_cni_status - name: kubeadm | cni | status debug: - msg: "{{ kubeadm_helm_cni_status }}" + msg: "{{ kubeadm_helm_cni_status.stdout_lines }}" - name: "removing bootstrap tiller container" become: true