Skip to content
This repository was archived by the owner on Sep 30, 2020. It is now read-only.

Commit 8769d92

Browse files
dominicgunndominicgunn
authored
Merge pull request #1846 from dominicgunn/feature/v0.14.x-improve-canal-configuration
[v0.14.x] Improve Canal Configuration
2 parents 0946c6a + 4bfc947 commit 8769d92

File tree

1 file changed

+135
-88
lines changed

1 file changed

+135
-88
lines changed

builtin/files/userdata/cloud-config-controller

Lines changed: 135 additions & 88 deletions
Original file line numberDiff line numberDiff line change
@@ -1320,6 +1320,9 @@ write_files:
13201320
typha_service_name: "none"
13211321
{{- end }}
13221322

1323+
# Configure the MTU to use
1324+
veth_mtu: "1440"
1325+
13231326
# The CNI network configuration to install on each node.
13241327
cni_network_config: |-
13251328
{
@@ -1502,6 +1505,7 @@ write_files:
15021505
metadata:
15031506
labels:
15041507
k8s-app: canal-master
1508+
role.kubernetes.io/networking: "1"
15051509
annotations:
15061510
scheduler.alpha.kubernetes.io/critical-pod: ''
15071511
spec:
@@ -1531,16 +1535,44 @@ write_files:
15311535
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
15321536
terminationGracePeriodSeconds: 0
15331537
initContainers:
1534-
- name: remove-cni-networks
1535-
image: {{.HyperkubeImage.RepoWithTag}}
1536-
command:
1537-
- /bin/rm
1538-
- -rf
1539-
- /etc/kubernetes/cni/net.d/10-flannel.conflist
1540-
- /etc/kubernetes/cni/net.d/10-calico.conf
1538+
# This container installs the CNI binaries
1539+
# and CNI network config file on each node.
1540+
- name: install-cni
1541+
image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1542+
command: ["/install-cni.sh"]
1543+
env:
1544+
- name: CNI_NET_DIR
1545+
value: /etc/kubernetes/cni/net.d
1546+
# Name of the CNI config file to create.
1547+
- name: CNI_CONF_NAME
1548+
value: "10-canal.conflist"
1549+
# The CNI network config to install on each node.
1550+
- name: CNI_NETWORK_CONFIG
1551+
valueFrom:
1552+
configMapKeyRef:
1553+
name: canal-config
1554+
key: cni_network_config
1555+
# Set the hostname based on the k8s node name.
1556+
- name: KUBERNETES_NODE_NAME
1557+
valueFrom:
1558+
fieldRef:
1559+
fieldPath: spec.nodeName
1560+
# CNI MTU Config variable
1561+
- name: CNI_MTU
1562+
valueFrom:
1563+
configMapKeyRef:
1564+
name: canal-config
1565+
key: veth_mtu
1566+
# Prevents the container from sleeping forever.
1567+
- name: SLEEP
1568+
value: "false"
15411569
volumeMounts:
1542-
- mountPath: /etc/kubernetes/cni/net.d
1543-
name: cni-net-dir
1570+
- mountPath: /host/opt/cni/bin
1571+
name: cni-bin-dir
1572+
- mountPath: /host/etc/cni/net.d
1573+
name: cni-net-dir
1574+
securityContext:
1575+
privileged: true
15441576
containers:
15451577
# Runs calico/node container on each Kubernetes node. This
15461578
# container programs network policy and routes on each
@@ -1551,6 +1583,9 @@ write_files:
15511583
# Use Kubernetes API as the backing datastore.
15521584
- name: DATASTORE_TYPE
15531585
value: "kubernetes"
1586+
# Configure route aggregation based on pod CIDR.
1587+
- name: USE_POD_CIDR
1588+
value: "true"
15541589
# Enable felix logging.
15551590
- name: FELIX_LOGSEVERITYSYS
15561591
value: "info"
@@ -1578,6 +1613,12 @@ write_files:
15781613
# Typha support: is never enabled on masters
15791614
- name: FELIX_TYPHAK8SSERVICENAME
15801615
value: "none"
1616+
# Set MTU for tunnel device used if ipip is enabled
1617+
- name: FELIX_IPINIPMTU
1618+
valueFrom:
1619+
configMapKeyRef:
1620+
name: canal-config
1621+
key: veth_mtu
15811622
- name: NODENAME
15821623
valueFrom:
15831624
fieldRef:
@@ -1612,37 +1653,17 @@ write_files:
16121653
- mountPath: /lib/modules
16131654
name: lib-modules
16141655
readOnly: true
1656+
- mountPath: /run/xtables.lock
1657+
name: xtables-lock
1658+
readOnly: false
16151659
- mountPath: /var/run/calico
16161660
name: var-run-calico
16171661
readOnly: false
16181662
- mountPath: /var/lib/calico
16191663
name: var-lib-calico
16201664
readOnly: false
1621-
# This container installs the Calico CNI binaries
1622-
# and CNI network config file on each node.
1623-
- name: install-cni
1624-
image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1625-
command: ["/install-cni.sh"]
1626-
env:
1627-
- name: CNI_NET_DIR
1628-
value: "/etc/kubernetes/cni/net.d"
1629-
- name: CNI_CONF_NAME
1630-
value: "10-calico.conflist"
1631-
# The CNI network config to install on each node.
1632-
- name: CNI_NETWORK_CONFIG
1633-
valueFrom:
1634-
configMapKeyRef:
1635-
name: canal-config
1636-
key: cni_network_config
1637-
- name: KUBERNETES_NODE_NAME
1638-
valueFrom:
1639-
fieldRef:
1640-
fieldPath: spec.nodeName
1641-
volumeMounts:
1642-
- mountPath: /host/opt/cni/bin
1643-
name: cni-bin-dir
1644-
- mountPath: /host/etc/cni/net.d
1645-
name: cni-net-dir
1665+
- name: policysync
1666+
mountPath: /var/run/nodeagent
16461667
# This container runs flannel using the kube-subnet-mgr backend
16471668
# for allocating subnets.
16481669
- name: flannel
@@ -1651,6 +1672,8 @@ write_files:
16511672
securityContext:
16521673
privileged: true
16531674
env:
1675+
- name: FLANNELD_IPTABLES_FORWARD_RULES
1676+
value: "false"
16541677
- name: POD_NAME
16551678
valueFrom:
16561679
fieldRef:
@@ -1670,12 +1693,13 @@ write_files:
16701693
name: canal-config
16711694
key: masquerade
16721695
volumeMounts:
1673-
- name: run
1674-
mountPath: /run
1675-
- name: flannel-cfg
1676-
mountPath: /etc/kube-flannel/
1696+
- mountPath: /run/xtables.lock
1697+
name: xtables-lock
1698+
readOnly: false
1699+
- name: flannel-cfg
1700+
mountPath: /etc/kube-flannel/
16771701
volumes:
1678-
# Used by calico/node.
1702+
# Used by canal.
16791703
- name: lib-modules
16801704
hostPath:
16811705
path: /lib/modules
@@ -1685,20 +1709,26 @@ write_files:
16851709
- name: var-lib-calico
16861710
hostPath:
16871711
path: /var/lib/calico
1712+
- name: xtables-lock
1713+
hostPath:
1714+
path: /run/xtables.lock
1715+
type: FileOrCreate
1716+
# Used by flannel.
1717+
- name: flannel-cfg
1718+
configMap:
1719+
name: canal-config
16881720
# Used to install CNI.
16891721
- name: cni-bin-dir
16901722
hostPath:
16911723
path: /opt/cni/bin
16921724
- name: cni-net-dir
16931725
hostPath:
16941726
path: /etc/kubernetes/cni/net.d
1695-
# Used by flannel.
1696-
- name: run
1727+
# Used to create per-pod Unix Domain Sockets
1728+
- name: policysync
16971729
hostPath:
1698-
path: /run
1699-
- name: flannel-cfg
1700-
configMap:
1701-
name: canal-config
1730+
type: DirectoryOrCreate
1731+
path: /var/run/nodeagent
17021732

17031733
# Canal DaemonSet for Nodes - Typha can be enabled.
17041734
---
@@ -1712,6 +1742,7 @@ write_files:
17121742
namespace: kube-system
17131743
labels:
17141744
k8s-app: canal-node
1745+
role.kubernetes.io/networking: "1"
17151746
spec:
17161747
selector:
17171748
matchLabels:
@@ -1753,16 +1784,44 @@ write_files:
17531784
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
17541785
terminationGracePeriodSeconds: 0
17551786
initContainers:
1756-
- name: remove-cni-networks
1757-
image: {{.HyperkubeImage.RepoWithTag}}
1758-
command:
1759-
- /bin/rm
1760-
- -rf
1761-
- /etc/kubernetes/cni/net.d/10-flannel.conflist
1762-
- /etc/kubernetes/cni/net.d/10-calico.conf
1787+
# This container installs the CNI binaries
1788+
# and CNI network config file on each node.
1789+
- name: install-cni
1790+
image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1791+
command: ["/install-cni.sh"]
1792+
env:
1793+
- name: CNI_NET_DIR
1794+
value: /etc/kubernetes/cni/net.d
1795+
# Name of the CNI config file to create.
1796+
- name: CNI_CONF_NAME
1797+
value: "10-canal.conflist"
1798+
# The CNI network config to install on each node.
1799+
- name: CNI_NETWORK_CONFIG
1800+
valueFrom:
1801+
configMapKeyRef:
1802+
name: canal-config
1803+
key: cni_network_config
1804+
# Set the hostname based on the k8s node name.
1805+
- name: KUBERNETES_NODE_NAME
1806+
valueFrom:
1807+
fieldRef:
1808+
fieldPath: spec.nodeName
1809+
# CNI MTU Config variable
1810+
- name: CNI_MTU
1811+
valueFrom:
1812+
configMapKeyRef:
1813+
name: canal-config
1814+
key: veth_mtu
1815+
# Prevents the container from sleeping forever.
1816+
- name: SLEEP
1817+
value: "false"
17631818
volumeMounts:
1764-
- mountPath: /etc/kubernetes/cni/net.d
1765-
name: cni-net-dir
1819+
- mountPath: /host/opt/cni/bin
1820+
name: cni-bin-dir
1821+
- mountPath: /host/etc/cni/net.d
1822+
name: cni-net-dir
1823+
securityContext:
1824+
privileged: true
17661825
containers:
17671826
# Runs calico/node container on each Kubernetes node. This
17681827
# container programs network policy and routes on each
@@ -1773,6 +1832,9 @@ write_files:
17731832
# Use Kubernetes API as the backing datastore.
17741833
- name: DATASTORE_TYPE
17751834
value: "kubernetes"
1835+
# Configure route aggregation based on pod CIDR.
1836+
- name: USE_POD_CIDR
1837+
value: "true"
17761838
# Enable felix logging.
17771839
- name: FELIX_LOGSEVERITYSYS
17781840
value: "info"
@@ -1797,6 +1859,12 @@ write_files:
17971859
# No IP address needed.
17981860
- name: IP
17991861
value: ""
1862+
# Set MTU for tunnel device used if ipip is enabled
1863+
- name: FELIX_IPINIPMTU
1864+
valueFrom:
1865+
configMapKeyRef:
1866+
name: canal-config
1867+
key: veth_mtu
18001868
# Typha support: controlled by the ConfigMap.
18011869
- name: FELIX_TYPHAK8SSERVICENAME
18021870
valueFrom:
@@ -1846,31 +1914,8 @@ write_files:
18461914
- mountPath: /var/lib/calico
18471915
name: var-lib-calico
18481916
readOnly: false
1849-
# This container installs the Calico CNI binaries
1850-
# and CNI network config file on each node.
1851-
- name: install-cni
1852-
image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1853-
command: ["/install-cni.sh"]
1854-
env:
1855-
- name: CNI_NET_DIR
1856-
value: "/etc/kubernetes/cni/net.d"
1857-
- name: CNI_CONF_NAME
1858-
value: "10-calico.conflist"
1859-
# The CNI network config to install on each node.
1860-
- name: CNI_NETWORK_CONFIG
1861-
valueFrom:
1862-
configMapKeyRef:
1863-
name: canal-config
1864-
key: cni_network_config
1865-
- name: KUBERNETES_NODE_NAME
1866-
valueFrom:
1867-
fieldRef:
1868-
fieldPath: spec.nodeName
1869-
volumeMounts:
1870-
- mountPath: /host/opt/cni/bin
1871-
name: cni-bin-dir
1872-
- mountPath: /host/etc/cni/net.d
1873-
name: cni-net-dir
1917+
- name: policysync
1918+
mountPath: /var/run/nodeagent
18741919
# This container runs flannel using the kube-subnet-mgr backend
18751920
# for allocating subnets.
18761921
- name: flannel
@@ -1879,6 +1924,8 @@ write_files:
18791924
securityContext:
18801925
privileged: true
18811926
env:
1927+
- name: FLANNELD_IPTABLES_FORWARD_RULES
1928+
value: "false"
18821929
- name: POD_NAME
18831930
valueFrom:
18841931
fieldRef:
@@ -1901,12 +1948,10 @@ write_files:
19011948
- mountPath: /run/xtables.lock
19021949
name: xtables-lock
19031950
readOnly: false
1904-
- name: run
1905-
mountPath: /run
19061951
- name: flannel-cfg
19071952
mountPath: /etc/kube-flannel/
19081953
volumes:
1909-
# Used by calico/node.
1954+
# Used by canal
19101955
- name: lib-modules
19111956
hostPath:
19121957
path: /lib/modules
@@ -1920,20 +1965,22 @@ write_files:
19201965
hostPath:
19211966
path: /run/xtables.lock
19221967
type: FileOrCreate
1968+
# Used by flannel.
1969+
- name: flannel-cfg
1970+
configMap:
1971+
name: canal-config
19231972
# Used to install CNI.
19241973
- name: cni-bin-dir
19251974
hostPath:
19261975
path: /opt/cni/bin
19271976
- name: cni-net-dir
19281977
hostPath:
19291978
path: /etc/kubernetes/cni/net.d
1930-
# Used by flannel.
1931-
- name: run
1979+
# Used to create per-pod Unix Domain Sockets
1980+
- name: policysync
19321981
hostPath:
1933-
path: /run
1934-
- name: flannel-cfg
1935-
configMap:
1936-
name: canal-config
1982+
type: DirectoryOrCreate
1983+
path: /var/run/nodeagent
19371984
---
19381985
# Source: calico/templates/kdd-crds.yaml
19391986
# Create all the CustomResourceDefinitions needed for

0 commit comments

Comments
 (0)