Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Canal CNI to v3.10 #718

Merged
merged 2 commits into from
Oct 29, 2019
Merged

Update Canal CNI to v3.10 #718

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e9cacb0
Update Canal CNI to v3.10
xmudrii Oct 28, 2019
a851614
Revert change to FLANNELD_IFACE env variable
xmudrii Oct 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 21 additions & 10 deletions pkg/templates/canal/canal.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,17 @@ import (
)

const (
installCNIImage = "quay.io/calico/cni:v3.4.0"
calicoImage = "quay.io/calico/node:v3.4.0"
flannelImage = "quay.io/coreos/flannel:v0.9.1"
installCNIImage = "calico/cni:v3.10.0"
flexVolDriverImage = "calico/pod2daemon-flexvol:v3.10.0"
calicoImage = "calico/node:v3.10.0"
flannelImage = "quay.io/coreos/flannel:v0.11.0"

// cniNetworkConfig configures installation on the each node. The special values in this config will be
// automatically populated
cniNetworkConfig = `
{
"name": "k8s-pod-network",
"cniVersion": "0.3.0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "calico",
Expand Down Expand Up @@ -106,19 +107,29 @@ func Deploy(s *state.State) error {
configMap(buf),
daemonSet(s.PatchCNI),
serviceAccount(),

// RBAC
calicoClusterRole(),
flannelClusterRole(),
calicoClusterRoleBinding(),
flannelClusterRoleBinding(),
canalClusterRoleBinding(),

// CRDs
felixConfigurationCRD(),
ipamBlockCRD(),
blockAffinityCRD(),
ipamHandleCRD(),
ipamConfigCRD(),
bgpPeerCRD(),
bgpConfigurationCRD(),
ipPoolsConfigurationCRD(),
hostEndpointsConfigurationCRD(),
clusterInformationsConfigurationCRD(),
globalNetworkPoliciesConfigurationCRD(),
globalNetworksetsConfigurationCRD(),
networkPoliciesConfigurationCRD(),
ipPoolCRD(),
hostEndpointCRD(),
clusterInformationCRD(),
globalNetworkPolicyCRD(),
globalNetworksetCRD(),
networkPolicyCRD(),
networkSetCRD(),
}

for _, obj := range k8sobjects {
Expand Down
174 changes: 162 additions & 12 deletions pkg/templates/canal/crd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,131 @@ func felixConfigurationCRD() *apiextensions.CustomResourceDefinition {
}
}

// ipamBlockCRD creates the IPAMBlocks CRD
func ipamBlockCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "ipamblocks.crd.projectcalico.org",
},
Spec: apiextensions.CustomResourceDefinitionSpec{
Scope: apiextensions.ClusterScoped,
Group: "crd.projectcalico.org",
Versions: []apiextensions.CustomResourceDefinitionVersion{
{
Name: "v1",
Served: true,
Storage: true,
},
},
Names: apiextensions.CustomResourceDefinitionNames{
Kind: "IPAMBlock",
Plural: "ipamblocks",
Singular: "ipamblock",
},
},
}
}

// blockAffinityCRD creates the BlockAffinity CRD
func blockAffinityCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "blockaffinities.crd.projectcalico.org",
},
Spec: apiextensions.CustomResourceDefinitionSpec{
Scope: apiextensions.ClusterScoped,
Group: "crd.projectcalico.org",
Versions: []apiextensions.CustomResourceDefinitionVersion{
{
Name: "v1",
Served: true,
Storage: true,
},
},
Names: apiextensions.CustomResourceDefinitionNames{
Kind: "BlockAffinity",
Plural: "blockaffinities",
Singular: "blockaffinity",
},
},
}
}

// ipamHandleCRD creates the IPAMHandle CRD
func ipamHandleCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "ipamhandles.crd.projectcalico.org",
},
Spec: apiextensions.CustomResourceDefinitionSpec{
Scope: apiextensions.ClusterScoped,
Group: "crd.projectcalico.org",
Versions: []apiextensions.CustomResourceDefinitionVersion{
{
Name: "v1",
Served: true,
Storage: true,
},
},
Names: apiextensions.CustomResourceDefinitionNames{
Kind: "IPAMHandle",
Plural: "ipamhandles",
Singular: "ipamhandle",
},
},
}
}

// ipamConfigCRD creates the IPAMConfig CRD
func ipamConfigCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "ipamconfigs.crd.projectcalico.org",
},
Spec: apiextensions.CustomResourceDefinitionSpec{
Scope: apiextensions.ClusterScoped,
Group: "crd.projectcalico.org",
Versions: []apiextensions.CustomResourceDefinitionVersion{
{
Name: "v1",
Served: true,
Storage: true,
},
},
Names: apiextensions.CustomResourceDefinitionNames{
Kind: "IPAMConfig",
Plural: "ipamconfigs",
Singular: "ipamconfig",
},
},
}
}

// bgpPeerCRD creates the BGPPeer CRD
func bgpPeerCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "bgppeers.crd.projectcalico.org",
},
Spec: apiextensions.CustomResourceDefinitionSpec{
Scope: apiextensions.ClusterScoped,
Group: "crd.projectcalico.org",
Versions: []apiextensions.CustomResourceDefinitionVersion{
{
Name: "v1",
Served: true,
Storage: true,
},
},
Names: apiextensions.CustomResourceDefinitionNames{
Kind: "BGPPeer",
Plural: "bgppeers",
Singular: "bgppeer",
},
},
}
}

// bgpConfigurationCRD creates the BGPConfiguration CRD
func bgpConfigurationCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
Expand All @@ -71,8 +196,8 @@ func bgpConfigurationCRD() *apiextensions.CustomResourceDefinition {
}
}

// ipPoolsConfigurationCRD creates the IPPool CRD
func ipPoolsConfigurationCRD() *apiextensions.CustomResourceDefinition {
// ipPoolCRD creates the IPPool CRD
func ipPoolCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "ippools.crd.projectcalico.org",
Expand All @@ -96,8 +221,8 @@ func ipPoolsConfigurationCRD() *apiextensions.CustomResourceDefinition {
}
}

// hostEndpointsConfigurationCRD creates the HostEndpoint CRD
func hostEndpointsConfigurationCRD() *apiextensions.CustomResourceDefinition {
// hostEndpointCRD creates the HostEndpoint CRD
func hostEndpointCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "hostendpoints.crd.projectcalico.org",
Expand All @@ -121,8 +246,8 @@ func hostEndpointsConfigurationCRD() *apiextensions.CustomResourceDefinition {
}
}

// clusterInformationsConfigurationCRD creates the ClusterInformation CRD
func clusterInformationsConfigurationCRD() *apiextensions.CustomResourceDefinition {
// clusterInformationCRD creates the ClusterInformation CRD
func clusterInformationCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "clusterinformations.crd.projectcalico.org",
Expand All @@ -146,8 +271,8 @@ func clusterInformationsConfigurationCRD() *apiextensions.CustomResourceDefiniti
}
}

// globalNetworkPoliciesConfigurationCRD creates the GlobalNetworkPolicy CRD
func globalNetworkPoliciesConfigurationCRD() *apiextensions.CustomResourceDefinition {
// globalNetworkPolicyCRD creates the GlobalNetworkPolicy CRD
func globalNetworkPolicyCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "globalnetworkpolicies.crd.projectcalico.org",
Expand All @@ -171,8 +296,8 @@ func globalNetworkPoliciesConfigurationCRD() *apiextensions.CustomResourceDefini
}
}

// globalNetworksetsConfigurationCRD creates the GlobalNetworkSet CRD
func globalNetworksetsConfigurationCRD() *apiextensions.CustomResourceDefinition {
// globalNetworksetCRD creates the GlobalNetworkSet CRD
func globalNetworksetCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "globalnetworksets.crd.projectcalico.org",
Expand All @@ -196,8 +321,8 @@ func globalNetworksetsConfigurationCRD() *apiextensions.CustomResourceDefinition
}
}

// networkPoliciesConfigurationCRD creates the NetworkPolicy CRD
func networkPoliciesConfigurationCRD() *apiextensions.CustomResourceDefinition {
// networkPolicyCRD creates the NetworkPolicy CRD
func networkPolicyCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "networkpolicies.crd.projectcalico.org",
Expand All @@ -220,3 +345,28 @@ func networkPoliciesConfigurationCRD() *apiextensions.CustomResourceDefinition {
},
}
}

// networkSetCRD creates the NetworkSet CRD
func networkSetCRD() *apiextensions.CustomResourceDefinition {
return &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{
Name: "networksets.crd.projectcalico.org",
},
Spec: apiextensions.CustomResourceDefinitionSpec{
Scope: apiextensions.NamespaceScoped,
Group: "crd.projectcalico.org",
Versions: []apiextensions.CustomResourceDefinitionVersion{
{
Name: "v1",
Served: true,
Storage: true,
},
},
Names: apiextensions.CustomResourceDefinitionNames{
Kind: "NetworkSet",
Plural: "networksets",
Singular: "networkset",
},
},
}
}
56 changes: 55 additions & 1 deletion pkg/templates/canal/daemonset.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ func daemonSet(ifacePatch bool) *appsv1.DaemonSet {
terminationGracePeriodSeconds := int64(0)
privileged := true
fileOrCreate := corev1.HostPathFileOrCreate
directoryOrCreate := corev1.HostPathDirectoryOrCreate

flannelEnv := []corev1.EnvVar{
{
Expand Down Expand Up @@ -181,6 +182,19 @@ func daemonSet(ifacePatch bool) *appsv1.DaemonSet {
},
},
},
{
// Adds a Flex Volume Driver that creates a per-pod
// Unix Domain Socket to allow Dikastes to communicate
// with Felix over the Policy Sync API
Name: "flexvol-driver",
Image: flexVolDriverImage,
VolumeMounts: []corev1.VolumeMount{
{
Name: "flexvol-driver-host",
MountPath: "/host/driver",
},
},
},
},
Containers: []corev1.Container{
{
Expand All @@ -192,6 +206,11 @@ func daemonSet(ifacePatch bool) *appsv1.DaemonSet {
Name: "DATASTORE_TYPE",
Value: "kubernetes",
},
{
// Configure route aggregation based on pod CIDR
Name: "USE_POD_CIDR",
Value: "true",
},
{
// Wait for the datastore
Name: "WAIT_FOR_DATASTORE",
Expand Down Expand Up @@ -267,9 +286,22 @@ func daemonSet(ifacePatch bool) *appsv1.DaemonSet {
},
},
LivenessProbe: &corev1.Probe{
Handler: corev1.Handler{
Exec: &corev1.ExecAction{
Command: []string{
"/bin/calico-node",
"-felix-live",
},
},
},
PeriodSeconds: int32(10),
InitialDelaySeconds: int32(10),
FailureThreshold: int32(6),
},
ReadinessProbe: &corev1.Probe{
Handler: corev1.Handler{
HTTPGet: &corev1.HTTPGetAction{
Path: "/liveness",
Path: "/readiness",
Port: intstr.FromInt(9099),
Host: "localhost",
},
Expand Down Expand Up @@ -297,6 +329,10 @@ func daemonSet(ifacePatch bool) *appsv1.DaemonSet {
Name: "var-lib-calico",
ReadOnly: false,
},
{
MountPath: "/var/run/nodeagent",
Name: "policysync",
},
},
},
{
Expand Down Expand Up @@ -387,6 +423,24 @@ func daemonSet(ifacePatch bool) *appsv1.DaemonSet {
},
},
},
{
Name: "policysync",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/var/run/nodeagent",
Type: &directoryOrCreate,
},
},
},
{
Name: "flexvol-driver-host",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds",
Type: &directoryOrCreate,
},
},
},
},
},
},
Expand Down
Loading