downgrade calico to v3.1.4 and add IP autodetect
Calico is being downgraded to v3.1.4 since the latest versions are causing readiness and liveness failures. Based on K8S v12.1, Calico should be on v3.3.x, therefore the underlying issue should be investigated further and Calico upgraded once resolved. This update also changes the IP autodetect method to ensure the proper IP is selected. This is required for hosts that have multiple IP addresses and the wrong address is being selected based on the default find first address method. Change-Id: I31c3630bde69160786866d0bc1bc29816892943f Story: 2002843 Task: 22791 Signed-off-by: Matt Peters <matt.peters@windriver.com>
This commit is contained in:
parent
23c5f83235
commit
9d238984ca
|
@ -1,2 +1,2 @@
|
|||
SRC_DIR="src"
|
||||
TIS_PATCH_VER=72
|
||||
TIS_PATCH_VER=73
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
# Calico Version v3.2.3
|
||||
# https://docs.projectcalico.org/v3.2/releases#v3.2.3
|
||||
# Calico Version v3.1.4
|
||||
# https://docs.projectcalico.org/v3.1/releases#v3.1.4
|
||||
# This manifest includes the following component versions:
|
||||
# calico/node:v3.2.3
|
||||
# calico/cni:v3.2.3
|
||||
# calico/node:v3.1.4
|
||||
# calico/cni:v3.1.4
|
||||
|
||||
# This ConfigMap is used to configure a self-hosted Calico installation.
|
||||
kind: ConfigMap
|
||||
|
@ -15,14 +15,8 @@ data:
|
|||
# below. We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is
|
||||
# essential.
|
||||
typha_service_name: "none"
|
||||
# Configure the Calico backend to use.
|
||||
calico_backend: "bird"
|
||||
|
||||
# Configure the MTU to use
|
||||
veth_mtu: "1440"
|
||||
|
||||
# The CNI network configuration to install on each node. The special
|
||||
# values in this config will be automatically populated.
|
||||
# The CNI network configuration to install on each node.
|
||||
cni_network_config: |-
|
||||
{
|
||||
"name": "k8s-pod-network",
|
||||
|
@ -33,16 +27,16 @@ data:
|
|||
"log_level": "info",
|
||||
"datastore_type": "kubernetes",
|
||||
"nodename": "__KUBERNETES_NODE_NAME__",
|
||||
"mtu": __CNI_MTU__,
|
||||
"mtu": 1500,
|
||||
"ipam": {
|
||||
"type": "host-local",
|
||||
"subnet": "usePodCidr"
|
||||
},
|
||||
"policy": {
|
||||
"type": "k8s"
|
||||
"type": "k8s"
|
||||
},
|
||||
"kubernetes": {
|
||||
"kubeconfig": "__KUBECONFIG_FILEPATH__"
|
||||
"kubeconfig": "__KUBECONFIG_FILEPATH__"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -55,7 +49,6 @@ data:
|
|||
|
||||
---
|
||||
|
||||
|
||||
# This manifest creates a Service, which will be backed by Calico's Typha daemon.
|
||||
# Typha sits in between Felix and the API server, reducing Calico's load on the API server.
|
||||
|
||||
|
@ -105,8 +98,6 @@ spec:
|
|||
# if it ever gets evicted.
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
hostNetwork: true
|
||||
tolerations:
|
||||
# Mark the pod as a critical add-on for rescheduling.
|
||||
|
@ -116,7 +107,7 @@ spec:
|
|||
# as a host-networked pod.
|
||||
serviceAccountName: calico-node
|
||||
containers:
|
||||
- image: quay.io/calico/typha:v3.2.3
|
||||
- image: quay.io/calico/typha:v3.1.4
|
||||
name: calico-typha
|
||||
ports:
|
||||
- containerPort: 5473
|
||||
|
@ -146,19 +137,15 @@ spec:
|
|||
#- name: TYPHA_PROMETHEUSMETRICSPORT
|
||||
# value: "9093"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- calico-typha
|
||||
- check
|
||||
- liveness
|
||||
httpGet:
|
||||
path: /liveness
|
||||
port: 9098
|
||||
periodSeconds: 30
|
||||
initialDelaySeconds: 30
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- calico-typha
|
||||
- check
|
||||
- readiness
|
||||
httpGet:
|
||||
path: /readiness
|
||||
port: 9098
|
||||
periodSeconds: 10
|
||||
|
||||
---
|
||||
|
@ -192,11 +179,9 @@ spec:
|
|||
# if it ever gets evicted.
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
hostNetwork: true
|
||||
tolerations:
|
||||
# Make sure calico-node gets scheduled on all nodes.
|
||||
# Make sure calico/node gets scheduled on all nodes.
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
# Mark the pod as a critical add-on for rescheduling.
|
||||
|
@ -213,66 +198,59 @@ spec:
|
|||
# container programs network policy and routes on each
|
||||
# host.
|
||||
- name: calico-node
|
||||
image: quay.io/calico/node:v3.2.3
|
||||
image: quay.io/calico/node:v3.1.4
|
||||
env:
|
||||
# Use Kubernetes API as the backing datastore.
|
||||
- name: DATASTORE_TYPE
|
||||
value: "kubernetes"
|
||||
# Typha support: controlled by the ConfigMap.
|
||||
- name: FELIX_TYPHAK8SSERVICENAME
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-config
|
||||
key: typha_service_name
|
||||
# Wait for the datastore.
|
||||
- name: WAIT_FOR_DATASTORE
|
||||
value: "true"
|
||||
# Set based on the k8s node name.
|
||||
- name: NODENAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
# Choose the backend to use.
|
||||
- name: CALICO_NETWORKING_BACKEND
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-config
|
||||
key: calico_backend
|
||||
# Enable felix info logging.
|
||||
- name: FELIX_LOGSEVERITYSCREEN
|
||||
value: "info"
|
||||
# Cluster type to identify the deployment type
|
||||
- name: CLUSTER_TYPE
|
||||
value: "k8s,bgp"
|
||||
# Auto-detect the BGP IP address.
|
||||
- name: IP
|
||||
value: "autodetect"
|
||||
# Enable IPIP
|
||||
- name: CALICO_IPV4POOL_IPIP
|
||||
value: "Always"
|
||||
# Enable IP-in-IP within Felix.
|
||||
- name: FELIX_IPINIPENABLED
|
||||
value: "true"
|
||||
# Set MTU for tunnel device used if ipip is enabled
|
||||
- name: FELIX_IPINIPMTU
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-config
|
||||
key: veth_mtu
|
||||
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
|
||||
# chosen from this range. Changing this value after installation will have
|
||||
# no effect. This should fall within `--cluster-cidr`.
|
||||
- name: CALICO_IPV4POOL_CIDR
|
||||
value: "<%= @pod_network_cidr %>"
|
||||
# Disable file logging so `kubectl logs` works.
|
||||
- name: CALICO_DISABLE_FILE_LOGGING
|
||||
value: "true"
|
||||
# Set Felix endpoint to host default action to ACCEPT.
|
||||
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
|
||||
value: "ACCEPT"
|
||||
# Disable IPv6 on Kubernetes.
|
||||
# Disable IPV6 on Kubernetes.
|
||||
- name: FELIX_IPV6SUPPORT
|
||||
value: "false"
|
||||
# Set Felix logging to "info"
|
||||
- name: FELIX_LOGSEVERITYSCREEN
|
||||
value: "info"
|
||||
# Set MTU for tunnel device used if ipip is enabled
|
||||
- name: FELIX_IPINIPMTU
|
||||
value: "1440"
|
||||
# Wait for the datastore.
|
||||
- name: WAIT_FOR_DATASTORE
|
||||
value: "true"
|
||||
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
|
||||
# chosen from this range. Changing this value after installation will have
|
||||
# no effect. This should fall within `--cluster-cidr`.
|
||||
- name: CALICO_IPV4POOL_CIDR
|
||||
value: "<%= @pod_network_cidr %>"
|
||||
# Enable IPIP
|
||||
- name: CALICO_IPV4POOL_IPIP
|
||||
value: "Always"
|
||||
# Enable IP-in-IP within Felix.
|
||||
- name: FELIX_IPINIPENABLED
|
||||
value: "true"
|
||||
# Typha support: controlled by the ConfigMap.
|
||||
- name: FELIX_TYPHAK8SSERVICENAME
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-config
|
||||
key: typha_service_name
|
||||
# Set based on the k8s node name.
|
||||
- name: NODENAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
# Auto-detect the BGP IP address.
|
||||
- name: IP
|
||||
value: "autodetect"
|
||||
- name: IP_AUTODETECTION_METHOD
|
||||
value: "can-reach=<%= @apiserver_advertise_address %>"
|
||||
- name: FELIX_HEALTHENABLED
|
||||
value: "true"
|
||||
securityContext:
|
||||
|
@ -284,16 +262,13 @@ spec:
|
|||
httpGet:
|
||||
path: /liveness
|
||||
port: 9099
|
||||
host: localhost
|
||||
periodSeconds: 10
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 6
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /bin/calico-node
|
||||
- -bird-ready
|
||||
- -felix-ready
|
||||
httpGet:
|
||||
path: /readiness
|
||||
port: 9099
|
||||
periodSeconds: 10
|
||||
volumeMounts:
|
||||
- mountPath: /lib/modules
|
||||
|
@ -308,29 +283,23 @@ spec:
|
|||
# This container installs the Calico CNI binaries
|
||||
# and CNI network config file on each node.
|
||||
- name: install-cni
|
||||
image: quay.io/calico/cni:v3.2.3
|
||||
image: quay.io/calico/cni:v3.1.4
|
||||
command: ["/install-cni.sh"]
|
||||
env:
|
||||
# Name of the CNI config file to create.
|
||||
- name: CNI_CONF_NAME
|
||||
value: "10-calico.conflist"
|
||||
# Set the hostname based on the k8s node name.
|
||||
- name: KUBERNETES_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
# The CNI network config to install on each node.
|
||||
- name: CNI_NETWORK_CONFIG
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-config
|
||||
key: cni_network_config
|
||||
# CNI MTU Config variable
|
||||
- name: CNI_MTU
|
||||
# Set the hostname based on the k8s node name.
|
||||
- name: KUBERNETES_NODE_NAME
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: calico-config
|
||||
key: veth_mtu
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
volumeMounts:
|
||||
- mountPath: /host/opt/cni/bin
|
||||
name: cni-bin-dir
|
||||
|
@ -354,18 +323,10 @@ spec:
|
|||
- name: cni-net-dir
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: calico-node
|
||||
namespace: kube-system
|
||||
|
||||
---
|
||||
|
||||
# Create all the CustomResourceDefinitions needed for
|
||||
# Calico policy and networking mode.
|
||||
---
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
|
@ -379,6 +340,7 @@ spec:
|
|||
kind: FelixConfiguration
|
||||
plural: felixconfigurations
|
||||
singular: felixconfiguration
|
||||
|
||||
---
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
|
@ -499,3 +461,10 @@ spec:
|
|||
plural: networkpolicies
|
||||
singular: networkpolicy
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: calico-node
|
||||
namespace: kube-system
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# Calico Version v3.2.3
|
||||
# https://docs.projectcalico.org/v3.2/releases#v3.2.3
|
||||
# Calico Version v3.1.4
|
||||
# https://docs.projectcalico.org/v3.1/releases#v3.1.4
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
|
@ -8,7 +8,6 @@ rules:
|
|||
- apiGroups: [""]
|
||||
resources:
|
||||
- namespaces
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
|
|
Loading…
Reference in New Issue