openstack/openstack-helm-infra
Code Issues Proposed changes

KubeADM-AIO: Drive basic CNI configuration via values

Browse Source 
This PS drives basic CNI options via ansible playbook in the
KubeADM-AIO container and modifies the calico chart to support
configuration via values.

Change-Id: Iaf2f9807438c3a34e797c62c2c6913edb677997c
This commit is contained in:
portdirect 2018-01-07 11:08:09 -05:00
parent 227df8bf87
commit 2e0b57ad93
5 changed files with 98 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
calico/templates/configmap-calico-config.yaml
View File

@ -16,6 +16,19 @@ limitations under the License.
{{- if .Values.manifests.configmap_calico_config }} {{- if .Values.manifests.configmap_calico_config }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if empty .Values.conf.cni_network_config.mtu -}}
{{/*
#NOTE(portdirect): to err on the side of caution we subtract 20 from the physical
# MTU to account for IPIP overhead unless explicty turned off.
*/}}
{{- if eq .Values.conf.node.CALICO_IPV4POOL_IPIP "off" -}}
{{- set .Values.conf.cni_network_config "mtu" .Values.networking.mtu | quote | trunc 0 -}}
{{- else -}}
{{- set .Values.conf.cni_network_config "mtu" (sub .Values.networking.mtu 20) | quote | trunc 0 -}}
{{- end -}}
{{- end -}}
--- ---
# This ConfigMap is used to configure a self-hosted Calico installation. # This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap kind: ConfigMap

51
calico/templates/daemonset-calico-node.yaml
View File

@ -16,6 +16,23 @@ limitations under the License.
{{- if .Values.manifests.daemonset_calico_node }} {{- if .Values.manifests.daemonset_calico_node }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if empty .Values.conf.node.CALICO_IPV4POOL_CIDR -}}
{{- set .Values.conf.node "CALICO_IPV4POOL_CIDR" .Values.networking.podSubnet | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.node.FELIX_IPINIPMTU -}}
{{/*
#NOTE(portdirect): to err on the side of caution we subtract 20 from the physical
# MTU to account for IPIP overhead unless explicty turned off.
*/}}
{{- if eq .Values.conf.node.CALICO_IPV4POOL_IPIP "off" -}}
{{- set .Values.conf.node "FELIX_IPINIPMTU" .Values.networking.mtu | quote | trunc 0 -}}
{{- else -}}
{{- set .Values.conf.node "FELIX_IPINIPMTU" (sub .Values.networking.mtu 20) | quote | trunc 0 -}}
{{- end -}}
{{- end -}}
{{- if .Values.images.local_registry.active -}} {{- if .Values.images.local_registry.active -}}
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_node .Values.conditional_dependencies.local_image_registry) -}} {{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_node .Values.conditional_dependencies.local_image_registry) -}}
{{- else -}} {{- else -}}
@ -108,44 +125,12 @@ spec:
configMapKeyRef: configMapKeyRef:
name: calico-config name: calico-config
key: calico_backend key: calico_backend
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: "kubeadm,bgp"
# Set noderef for node controller. # Set noderef for node controller.
- name: CALICO_K8S_NODE_REF - name: CALICO_K8S_NODE_REF
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
# Disable file logging so `kubectl logs` works. {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.node | indent 12 }}
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT"
# Configure the IP Pool from which Pod IPs will be chosen.
- name: CALICO_IPV4POOL_CIDR
value: "{{ .Values.networking.podSubnet }}"
- name: CALICO_IPV4POOL_IPIP
value: "always"
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
value: "1440"
# Set Felix logging to "info"
- name: FELIX_LOGSEVERITYSCREEN
value: "info"
- name: FELIX_HEALTHENABLED
value: "true"
# Set Felix experimental Prometheus metrics server
- name: FELIX_PROMETHEUSMETRICSENABLED
value: "true"
- name: FELIX_PROMETHEUSMETRICSPORT
value: "9091"
# Auto-detect the BGP IP address.
- name: IP
value: ""
securityContext: securityContext:
privileged: true privileged: true
resources: resources:

30
calico/values.yaml
View File

@ -106,6 +106,9 @@ endpoints:
networking: networking:
podSubnet: 192.168.0.0/16 podSubnet: 192.168.0.0/16
#NOTE(portdirect): this should be the physical MTU, the appropriate MTU
# that calico should use will be calculated.
mtu: 1500
conf: conf:
cni_network_config: cni_network_config:
@ -114,7 +117,7 @@ conf:
type: calico type: calico
etcd_endpoints: __ETCD_ENDPOINTS__ etcd_endpoints: __ETCD_ENDPOINTS__
log_level: info log_level: info
mtu: 1500 mtu: null
ipam: ipam:
type: calico-ipam type: calico-ipam
policy: policy:
@ -123,6 +126,31 @@ conf:
k8s_auth_token: __SERVICEACCOUNT_TOKEN__ k8s_auth_token: __SERVICEACCOUNT_TOKEN__
kubernetes: kubernetes:
kubeconfig: "/etc/cni/net.d/__KUBECONFIG_FILENAME__" kubeconfig: "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
node:
# Cluster type to identify the deployment type
CLUSTER_TYPE:
- kubeadm
- bgp
# Disable file logging so `kubectl logs` works.
CALICO_DISABLE_FILE_LOGGING: "true"
# Set Felix endpoint to host default action to ACCEPT.
FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT"
# Configure the IP Pool from which Pod IPs will be chosen.
CALICO_IPV4POOL_CIDR: null
# Change this to 'off' in environments with direct L2 communication
CALICO_IPV4POOL_IPIP: "always"
# Disable IPv6 on Kubernetes.
FELIX_IPV6SUPPORT: "false"
# Set MTU for tunnel device used if ipip is enabled
FELIX_IPINIPMTU: null
# Set Felix logging to "info"
FELIX_LOGSEVERITYSCREEN: "info"
FELIX_HEALTHENABLED: "true"
# Set Felix experimental Prometheus metrics server
FELIX_PROMETHEUSMETRICSENABLED: "true"
FELIX_PROMETHEUSMETRICSPORT: "9091"
# Auto-detect the BGP IP address.
IP: ""
manifests: manifests:
configmap_bin: true configmap_bin: true

27
helm-toolkit/templates/utils/_to_k8s_env_vars.tpl Normal file
View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "helm-toolkit.utils.to_k8s_env_vars" -}}
{{range $key, $value := . -}}
{{- if kindIs "slice" $value -}}
- name: {{ $key }}
value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }}
{{else -}}
- name: {{ $key }}
value: {{ $value | quote }}
{{ end -}}
{{- end -}}
{{- end -}}

14
tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml
View File

@ -46,6 +46,14 @@
retries: 120 retries: 120
delay: 5 delay: 5
- name: kubeadm | cni | get default mtu
block:
- name: getting default route device mtu
shell: echo $(cat /sys/class/net/$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')/mtu)
args:
executable: /bin/bash
register: cni_default_device_mtu
- name: kubeadm | cni | calico - name: kubeadm | cni | calico
when: cluster.cni == 'calico' when: cluster.cni == 'calico'
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -55,7 +63,7 @@
environment: environment:
KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf'
- name: kubeadm | cni | calico - name: kubeadm | cni | calico
command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --wait --timeout=600 command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --wait --timeout=600
environment: environment:
HELM_HOST: 'localhost:44134' HELM_HOST: 'localhost:44134'
- name: kubeadm | cni | calico - name: kubeadm | cni | calico
@ -65,7 +73,7 @@
register: kubeadm_helm_cni_status register: kubeadm_helm_cni_status
- name: kubeadm | cni | status - name: kubeadm | cni | status
debug: debug:
msg: "{{ kubeadm_helm_cni_status }}" msg: "{{ kubeadm_helm_cni_status.stdout_lines }}"
- name: kubeadm | cni | flannel - name: kubeadm | cni | flannel
when: cluster.cni == 'flannel' when: cluster.cni == 'flannel'
@ -82,7 +90,7 @@
register: kubeadm_helm_cni_status register: kubeadm_helm_cni_status
- name: kubeadm | cni | status - name: kubeadm | cni | status
debug: debug:
msg: "{{ kubeadm_helm_cni_status }}" msg: "{{ kubeadm_helm_cni_status.stdout_lines }}"
- name: "removing bootstrap tiller container" - name: "removing bootstrap tiller container"
become: true become: true