Calico: update chart to deploy calicoctl via init-container
This PS moves the installation of calicoctl to an init-container. Change-Id: I2dbd4c605889d86c87455d43a500d8a2697c49af
This commit is contained in:
Pete Birley
parent
f461e53e52
commit
e7492ae808
@ -47,6 +47,3 @@ exec /opt/cni/bin/calicoctl.bin \$*
|
||||
EOF
|
||||
|
||||
chmod +x /host/opt/cni/bin/calicoctl
|
||||
|
||||
# sleep forever
|
||||
while [ 1 ]; do sleep 86400; done;
|
||||
|
||||
@ -112,6 +112,66 @@ spec:
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.node.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ if .Values.manifests.daemonset_calico_node_calicoctl }}
|
||||
- name: install-calicoctl
|
||||
{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/install-calicoctl.sh
|
||||
env:
|
||||
- name: ETCD_ENDPOINTS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-etc
|
||||
key: etcd_endpoints
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca}}
|
||||
- name: ETCD_CA_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
- name: ETCD_CA_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: calico-certificates
|
||||
key: tls.ca
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key}}
|
||||
- name: ETCD_KEY_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
- name: ETCD_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: calico-certificates
|
||||
key: tls.key
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt}}
|
||||
- name: ETCD_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
- name: ETCD_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: calico-certificates
|
||||
key: tls.crt
|
||||
{{ end }}
|
||||
volumeMounts:
|
||||
- mountPath: /host/etc/calico
|
||||
name: calico-cert-dir
|
||||
- mountPath: /host/opt/cni/bin
|
||||
name: cni-bin-dir
|
||||
- mountPath: /tmp/install-calicoctl.sh
|
||||
name: calico-bin
|
||||
subPath: install-calicoctl.sh
|
||||
- name: calico-certificates
|
||||
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
subPath: tls.ca
|
||||
readOnly: true
|
||||
- name: calico-certificates
|
||||
mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
subPath: tls.crt
|
||||
readOnly: true
|
||||
- name: calico-certificates
|
||||
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
subPath: tls.key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
containers:
|
||||
# Runs calico/node container on each Kubernetes node. This
|
||||
# container programs network policy and routes on each
|
||||
@ -219,66 +279,6 @@ spec:
|
||||
mountPath: /host/opt/cni/bin
|
||||
- name: cni-net-dir
|
||||
mountPath: /host/etc/cni/net.d
|
||||
{{ if .Values.manifests.daemonset_calico_node_calicoctl }}
|
||||
- name: install-calicoctl
|
||||
{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/install-calicoctl.sh
|
||||
env:
|
||||
- name: ETCD_ENDPOINTS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-etc
|
||||
key: etcd_endpoints
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca}}
|
||||
- name: ETCD_CA_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
- name: ETCD_CA_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: calico-certificates
|
||||
key: tls.ca
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key}}
|
||||
- name: ETCD_KEY_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
- name: ETCD_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: calico-certificates
|
||||
key: tls.key
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt}}
|
||||
- name: ETCD_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
- name: ETCD_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: calico-certificates
|
||||
key: tls.crt
|
||||
{{ end }}
|
||||
volumeMounts:
|
||||
- mountPath: /host/etc/calico
|
||||
name: calico-cert-dir
|
||||
- mountPath: /host/opt/cni/bin
|
||||
name: cni-bin-dir
|
||||
- mountPath: /tmp/install-calicoctl.sh
|
||||
name: calico-bin
|
||||
subPath: install-calicoctl.sh
|
||||
- name: calico-certificates
|
||||
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
subPath: tls.ca
|
||||
readOnly: true
|
||||
- name: calico-certificates
|
||||
mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
subPath: tls.crt
|
||||
readOnly: true
|
||||
- name: calico-certificates
|
||||
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
subPath: tls.key
|
||||
readOnly: true
|
||||
{{ end }}
|
||||
volumes:
|
||||
# Used by calico/node.
|
||||
- name: lib-modules
|
||||
|
||||
Loading…
Reference in New Issue
Block a user