From e7492ae808b637ffe5c0d6481cd5c4e9f913998f Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 16 Mar 2018 18:43:42 -0500 Subject: [PATCH] Calico: update chart to deploy calicoctl via init-container This PS moves the installation of calicoctl to an init-container. Change-Id: I2dbd4c605889d86c87455d43a500d8a2697c49af --- .../templates/bin/_install-calicoctl.sh.tpl | 3 - calico/templates/daemonset-calico-node.yaml | 120 +++++++++--------- 2 files changed, 60 insertions(+), 63 deletions(-) diff --git a/calico/templates/bin/_install-calicoctl.sh.tpl b/calico/templates/bin/_install-calicoctl.sh.tpl index be3df90a4..fb24f96c4 100644 --- a/calico/templates/bin/_install-calicoctl.sh.tpl +++ b/calico/templates/bin/_install-calicoctl.sh.tpl @@ -47,6 +47,3 @@ exec /opt/cni/bin/calicoctl.bin \$* EOF chmod +x /host/opt/cni/bin/calicoctl - -# sleep forever -while [ 1 ]; do sleep 86400; done; diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 6d09d7407..2a2e74fb8 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -112,6 +112,66 @@ spec: terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.node.timeout | default "30" }} initContainers: {{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ if .Values.manifests.daemonset_calico_node_calicoctl }} + - name: install-calicoctl +{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/install-calicoctl.sh + env: + - name: ETCD_ENDPOINTS + valueFrom: + configMapKeyRef: + name: calico-etc + key: etcd_endpoints +{{ if .Values.endpoints.etcd.auth.client.tls.ca}} + - name: ETCD_CA_CERT_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.ca }} + - name: ETCD_CA_CERT + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.ca +{{ end }} +{{ if .Values.endpoints.etcd.auth.client.tls.key}} + - name: ETCD_KEY_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.key }} + - name: ETCD_KEY + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.key +{{ end }} +{{ if .Values.endpoints.etcd.auth.client.tls.crt}} + - name: ETCD_CERT_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.crt }} + - name: ETCD_CERT + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.crt +{{ end }} + volumeMounts: + - mountPath: /host/etc/calico + name: calico-cert-dir + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /tmp/install-calicoctl.sh + name: calico-bin + subPath: install-calicoctl.sh + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} + subPath: tls.ca + readOnly: true + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} + subPath: tls.crt + readOnly: true + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} + subPath: tls.key + readOnly: true +{{ end }} containers: # Runs calico/node container on each Kubernetes node. This # container programs network policy and routes on each @@ -219,66 +279,6 @@ spec: mountPath: /host/opt/cni/bin - name: cni-net-dir mountPath: /host/etc/cni/net.d -{{ if .Values.manifests.daemonset_calico_node_calicoctl }} - - name: install-calicoctl -{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/install-calicoctl.sh - env: - - name: ETCD_ENDPOINTS - valueFrom: - configMapKeyRef: - name: calico-etc - key: etcd_endpoints -{{ if .Values.endpoints.etcd.auth.client.tls.ca}} - - name: ETCD_CA_CERT_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.ca }} - - name: ETCD_CA_CERT - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.ca -{{ end }} -{{ if .Values.endpoints.etcd.auth.client.tls.key}} - - name: ETCD_KEY_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.key }} - - name: ETCD_KEY - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.key -{{ end }} -{{ if .Values.endpoints.etcd.auth.client.tls.crt}} - - name: ETCD_CERT_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.crt }} - - name: ETCD_CERT - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.crt -{{ end }} - volumeMounts: - - mountPath: /host/etc/calico - name: calico-cert-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /tmp/install-calicoctl.sh - name: calico-bin - subPath: install-calicoctl.sh - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} - subPath: tls.ca - readOnly: true - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} - subPath: tls.crt - readOnly: true - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} - subPath: tls.key - readOnly: true -{{ end }} volumes: # Used by calico/node. - name: lib-modules