Add network-plugin option
This commit is contained in:
parent
0fc5dbb791
commit
e5920b3ddf
@ -15,3 +15,7 @@ kubernetes:
|
|||||||
dns_name: <control-plane dns-reachable-name>
|
dns_name: <control-plane dns-reachable-name>
|
||||||
|
|
||||||
token: <shared token for nodes to join>
|
token: <shared token for nodes to join>
|
||||||
|
|
||||||
|
# One of [flannel, calico]
|
||||||
|
network_plugin: calico
|
||||||
|
|
||||||
|
|||||||
@ -34,3 +34,7 @@
|
|||||||
# block: |
|
# block: |
|
||||||
# export KUBECONFIG="/etc/rancher/k3s/k3s.yaml"
|
# export KUBECONFIG="/etc/rancher/k3s/k3s.yaml"
|
||||||
# create: true
|
# create: true
|
||||||
|
|
||||||
|
- name: Deploy calico
|
||||||
|
import_tasks: ./roles/kubernetes/tasks/install/server/network-plugin/deploy_calico.yml
|
||||||
|
when: "kubernetes.network_plugin == 'calico'"
|
||||||
|
|||||||
@ -0,0 +1,20 @@
|
|||||||
|
- name: Deploy calico operator
|
||||||
|
command: kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.3/manifests/tigera-operator.yaml
|
||||||
|
register: command
|
||||||
|
changed_when: "'created' in command.stdout"
|
||||||
|
run_once: true
|
||||||
|
|
||||||
|
- name: Deploy calico ressource template
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ./k3s/server/network-plugin/calico/custom-ressource.yml.jinja2
|
||||||
|
dest: /root/calico-ressource.yml
|
||||||
|
run_once: true
|
||||||
|
|
||||||
|
- name: Deploy calico ressource
|
||||||
|
command: kubectl apply -f /root/calico-ressource.yml
|
||||||
|
register: command
|
||||||
|
changed_when: "'created' in command.stdout"
|
||||||
|
run_once: true
|
||||||
|
|
||||||
|
- name: Deploy calico-helpers
|
||||||
|
import_tasks: ./roles/kubernetes/tasks/install/server/network-plugin/deploy_calico_helper.yml
|
||||||
@ -0,0 +1,6 @@
|
|||||||
|
- name: Deploy service-file for routing-table to wireguard-translation
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ./k3s/server/network-plugin/calico/routingtabletowg.yml.jinja2
|
||||||
|
dest: /var/lib/rancher/k3s/server/manifests/routingtabletowg.yml
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
run_once: true
|
||||||
@ -17,7 +17,12 @@ service-cidr: {{ kubernetes.ipPool.ipv4.service_cidr }},{{ kubernetes.ipPool.ipv
|
|||||||
egress-selector-mode: disabled
|
egress-selector-mode: disabled
|
||||||
|
|
||||||
# Network-plugin
|
# Network-plugin
|
||||||
|
{% if kubernetes.network_plugin == "flannel" %}
|
||||||
flannel-backend: vxlan
|
flannel-backend: vxlan
|
||||||
|
{% else %}
|
||||||
|
disable-network-policy: true
|
||||||
|
flannel-backend: none
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# FIXME: Workaround for bug in Kubernetes 1.24/1.25 ignoring node IPv6 addresses
|
# FIXME: Workaround for bug in Kubernetes 1.24/1.25 ignoring node IPv6 addresses
|
||||||
kubelet-arg: "--node-ip=0.0.0.0"
|
kubelet-arg: "--node-ip=0.0.0.0"
|
||||||
|
|||||||
@ -0,0 +1,32 @@
|
|||||||
|
# This section includes base Calico installation configuration.
|
||||||
|
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
|
||||||
|
apiVersion: operator.tigera.io/v1
|
||||||
|
kind: Installation
|
||||||
|
metadata:
|
||||||
|
name: default
|
||||||
|
spec:
|
||||||
|
# Configures Calico networking.
|
||||||
|
calicoNetwork:
|
||||||
|
# Note: The ipPools section cannot be modified post-install.
|
||||||
|
ipPools:
|
||||||
|
- blockSize: 26
|
||||||
|
cidr: {{ kubernetes.ipPool.ipv4.cluster_cidr }}
|
||||||
|
encapsulation: None
|
||||||
|
natOutgoing: Enabled
|
||||||
|
nodeSelector: all()
|
||||||
|
|
||||||
|
- blockSize: 122
|
||||||
|
cidr: {{ kubernetes.ipPool.ipv6.cluster_cidr }}
|
||||||
|
encapsulation: None
|
||||||
|
natOutgoing: Enabled
|
||||||
|
nodeSelector: all()
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
# This section configures the Calico API server.
|
||||||
|
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
|
||||||
|
apiVersion: operator.tigera.io/v1
|
||||||
|
kind: APIServer
|
||||||
|
metadata:
|
||||||
|
name: default
|
||||||
|
spec: {}
|
||||||
@ -0,0 +1,43 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: routingtabletowg
|
||||||
|
namespace: calico-system
|
||||||
|
labels:
|
||||||
|
app: routingtabletowg
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: routingtabletowg
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: routingtabletowg
|
||||||
|
spec:
|
||||||
|
tolerations:
|
||||||
|
# this toleration is to have the daemonset runnable on master nodes
|
||||||
|
# remove it if your masters can't run pods
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
hostNetwork: true
|
||||||
|
containers:
|
||||||
|
- name: routingtabletowg
|
||||||
|
image: "ruakij/routingtabletowg:0.1.2"
|
||||||
|
env:
|
||||||
|
- name: INTERFACE
|
||||||
|
value: {{ kubernetes.ipPool.nodeIp_interface }}
|
||||||
|
- name: FILTER_PROTOCOL
|
||||||
|
value: bird
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- NET_ADMIN
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 10Mi
|
||||||
|
limits:
|
||||||
|
cpu: 20m
|
||||||
|
memory: 20Mi
|
||||||
|
---
|
||||||
Loading…
x
Reference in New Issue
Block a user