Merge pull request #1872 from dominicgunn/v0.16.x-calico

[v0.16.x] Setup Calico Networking Option

Author: dominicgunn

.travis.yml

@@ -4,7 +4,7 @@ go:
   - 1.13.x
 
 script:
-  - travis_wait 40 make test-with-cover
+  - travis_wait 50 make test-with-cover
 
 after_success:
   - bash <(curl -s https://codecov.io/bash)

builtin/files/cluster.yaml.tmpl

@@ -1206,10 +1206,10 @@ kubernetes:
 #          cpu: "250m"
 #          memory: "200Mi"
 #      calicoNodeImage:
-#        repo: quay.io/calico/node
+#        repo: calico/node
 #        tag: v3.9.1
 #      calicoCniImage:
-#        repo: quay.io/calico/cni
+#        repo: calico/cni
 #        tag: v3.9.1
 #      flannelImage:
 #        repo: quay.io/coreos/flannel
@@ -1218,16 +1218,20 @@ kubernetes:
 #        repo: quay.io/coreos/flannel-cni
 #        tag: v0.3.0
 #      typhaImage:
-#        repo: quay.io/calico/typha
+#        repo: calico/typha
 #        tag: v3.9.1
 #      # By default, flannel assigns a /24 per node for pod's ips, this is effectively limiting your cluster size
 #      # to 255 nodes since each lease will be preserved for 24h.
 #      # If you have a bigger cluster you may want to tune this number to assign an smaller block per node.
 #      # Be aware that network should be able to accomodate at least 4 subnets, and networks smaller than /28
 #      # will make flannel panic and exit.
 #      # Ref: https://github.com/coreos/flannel/blob/62a1314e51047e25606b4e4e30bd23d7a8d746bc/subnet/config.go#L69
-#      flannelConfig:
-#        subnetLen: 24
+#     flannelConfig:
+#       subnetLen: 24
+#     calicoConfig:
+#        # If false, we will run with bird in bgp/ip-in-ip mode.
+#        vxlanMode: true
+
 
 # Create MountTargets to subnets managed by kube-aws for a pre-existing Elastic File System (Amazon EFS),
 # and then mount to every node.

builtin/files/stack-templates/network.json.tmpl

@@ -194,6 +194,61 @@
       },
       "Type": "AWS::EC2::SecurityGroupIngress"
     },
+    "SecurityGroupControllerIngressFromControllerToController": {
+      "Properties": {
+        "GroupId": {
+          "Ref": "SecurityGroupController"
+        },
+        "IpProtocol": "-1",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupController"
+        }
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
+    "SecurityGroupControllerIngressFromWorkerToControllelr": {
+      "Properties": {
+        "GroupId": {
+          "Ref": "SecurityGroupController"
+        },
+        "Description": "controller to controller sg",
+        "IpProtocol": "-1",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupWorker"
+        }
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
+    "SecurityGroupControllerIngressFromControllerToCalico": {
+      "Properties": {
+        "FromPort": 4789,
+        "GroupId": {
+          "Ref": "SecurityGroupController"
+        },
+        "Description": "controller to calico",
+        "IpProtocol": "udp",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupController"
+        },
+        "ToPort": 4789
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
+    "SecurityGroupControllerIngressFromWorkerToCalico": {
+      "Properties": {
+        "FromPort": 4789,
+        "GroupId": {
+          "Ref": "SecurityGroupController"
+        },
+        "Description": "worker to calico sg",
+        "IpProtocol": "udp",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupWorker"
+        },
+        "ToPort": 4789
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
     "SecurityGroupWorker": {
       "Properties": {
         "GroupDescription": {
@@ -331,6 +386,58 @@
       },
       "Type": "AWS::EC2::SecurityGroupIngress"
     },
+    "SecurityGroupWorkerIngressFromControllerToWorker": {
+      "Properties": {
+        "GroupId": {
+          "Ref": "SecurityGroupWorker"
+        },
+        "IpProtocol": "-1",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupController"
+        }
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
+    "SecurityGroupWorkerIngressFromWorkerToWorker": {
+      "Properties": {
+        "GroupId": {
+          "Ref": "SecurityGroupWorker"
+        },
+        "IpProtocol": "-1",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupWorker"
+        }
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
+    "SecurityGroupWorkerIngressFromControllerToCalico": {
+      "Properties": {
+        "FromPort": 4789,
+        "GroupId": {
+          "Ref": "SecurityGroupWorker"
+        },
+        "IpProtocol": "udp",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupController"
+        },
+        "ToPort": 4789
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
+    "SecurityGroupWorkerIngressFromWorkerToCalico": {
+      "Properties": {
+        "FromPort": 4789,
+        "GroupId": {
+          "Ref": "SecurityGroupWorker"
+        },
+        "IpProtocol": "udp",
+        "SourceSecurityGroupId": {
+          "Ref": "SecurityGroupWorker"
+        },
+        "ToPort": 4789
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
+    },
     "SecurityGroupWorkerIngressFromControllerTocAdvisor": {
       "Properties": {
         "FromPort": 4194,