airship
/
treasuremap
Code Issues Proposed changes
treasuremap/global/software/charts/kubernetes/container-networking/calico.yaml

204 lines
5.0 KiB
YAML
Raw Blame History

---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico-base
layeringDefinition:
abstract: true
layer: global
labels:
name: kubernetes-calico-global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.calico.calico
dest:
path: .source
# Image versions
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.calico.calico
dest:
path: .values.images.tags
# IP addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.etcd.service_ip
dest:
path: .values.endpoints.etcd.host_fqdn_override.default
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .values.networking.podSubnet
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.api_service_ip
dest:
path: .values.conf.controllers.K8S_API
pattern: SUB_KUBERNETES_IP
# Other site-specific configuration
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.ip_autodetection_method
dest:
path: .values.conf.node.IP_AUTODETECTION_METHOD
# Calico log level
- src:
schema: nc/CorridorConfig/v1
name: corridor-config
path: .calico.calico_startup_loglevel
dest:
path: .values.conf.node.CALICO_STARTUP_LOGLEVEL
- src:
schema: nc/CorridorConfig/v1
name: corridor-config
path: .calico.calico_startup_loglevel
dest:
path: .values.conf.node.FELIX_LOGSEVERITYSCREEN
- src:
schema: nc/CorridorConfig/v1
name: corridor-config
path: .calico.calico_startup_loglevel
dest:
path: .values.conf.cni_network_config.plugins[0].log_level
# Certificates
- src:
schema: deckhand/CertificateAuthority/v1
name: calico-etcd
path: .
dest:
path: .values.endpoints.etcd.auth.client.tls.ca
- src:
schema: deckhand/Certificate/v1
name: calico-node
path: .
dest:
path: .values.endpoints.etcd.auth.client.tls.crt
- src:
schema: deckhand/CertificateKey/v1
name: calico-node
path: .
dest:
path: .values.endpoints.etcd.auth.client.tls.key
data:
chart_name: calico
release: kubernetes-calico
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 1800
labels:
release_group: clcp-kubernetes-calico
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: clcp-kubernetes-calico
values:
pod:
mandatory_access_control:
calico-node:
calico-node: unconfined
conf:
cni_network_config:
name: k8s-pod-network
cniVersion: 0.3.0
plugins:
- type: calico
etcd_endpoints: __ETCD_ENDPOINTS__
etcd_ca_cert_file: /etc/calico/pki/ca
etcd_cert_file: /etc/calico/pki/crt
etcd_key_file: /etc/calico/pki/key
log_level: info
mtu: 1500
ipam:
type: calico-ipam
policy:
type: k8s
kubernetes:
kubeconfig: __KUBECONFIG_FILEPATH__
- type: portmap
snat: true
capabilities:
portMappings: true
controllers:
K8S_API: "https://SUB_KUBERNETES_IP:443"
node:
CALICO_STARTUP_LOGLEVEL: INFO
CLUSTER_TYPE: "k8s,bgp"
ETCD_CA_CERT_FILE: /etc/calico/pki/ca
ETCD_CERT_FILE: /etc/calico/pki/crt
ETCD_KEY_FILE: /etc/calico/pki/key
WAIT_FOR_STORAGE: "true"
FELIX_FAILSAFEINBOUNDHOSTPORTS: "none"
FELIX_FAILSAFEOUTBOUNDHOSTPORTS: "none"
endpoints:
etcd:
hosts:
default: calico-etcd
scheme:
default: https
networking:
settings:
mesh: "on"
ippool:
ipip:
enabled: "true"
mode: "Always"
nat_outgoing: "true"
disabled: "false"
manifests:
daemonset_calico_etcd: false
job_image_repo_sync: false
pod_calicoctl: false
service_calico_etcd: false
dependencies:
- calico-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: calico-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.calico.calico-htk
dest:
path: .source
data:
chart_name: calico-htk
release: calico-htk
namespace: calico-htk
values: {}
dependencies: []
...
View Git Blame Copy Permalink