[k8s] Make flannel self-hosted
Similar to calico, deploy flannel as a DS. Flannel can use the kubernetes API to store data, so it doesn't need to contact the etcd server directly anymore. This patch drops to relatively large files for flannel's config, flannel-config-service.sh and write-flannel-config.sh. All required config is in the manifests. Additional options to the controller manager: --allocate-node-cidrs=true and --cluster-cidr. Change-Id: I4f1129e155e2602299394b5866165260f4ea0df8 story: 2002751 task: 24870
This commit is contained in:
parent
6d85d7be56
commit
2ab874a5be
@ -323,6 +323,8 @@ the table are linked to more details elsewhere in the user guide.
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `flannel_tag`_ | see below | see below |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `flannel_cni_tag`_ | see below | see below |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `heat_container_agent_tag`_ | see below | see below |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
| `kube_dashboard_enabled`_ | - true | true |
|
||||
@ -1132,10 +1134,20 @@ _`etcd_tag`
|
||||
|
||||
_`flannel_tag`
|
||||
This label allows users to select `a specific flannel version,
|
||||
based on its container tag
|
||||
<https://hub.docker.com/r/openstackmagnum/flannel/tags/>`_.
|
||||
If unset, the current Magnum version's a default flannel version.
|
||||
based on its container tag:
|
||||
Queens <https://hub.docker.com/r/openstackmagnum/flannel/tags/>`_
|
||||
Rocky <https://quay.io/repository/coreos/flannel?tab=tags>`_
|
||||
If unset, the default version will be used.
|
||||
For queens, v0.9.0
|
||||
For stein, v0.10.0-amd64
|
||||
|
||||
_`flannel_cni_tag`
|
||||
This label allows users to select `a specific flannel_cni version,
|
||||
based on its container tag. This container adds the cni plugins in
|
||||
the host under /opt/cni/bin
|
||||
<https://quay.io/repository/coreos/flannel-cni?tab=tags>`_.
|
||||
If unset, the current Magnum version's a default flannel version.
|
||||
For stein, v0.3.0
|
||||
|
||||
_`heat_container_agent_tag`
|
||||
This label allows users to select `a specific heat_container_agent
|
||||
|
@ -43,12 +43,6 @@ users:
|
||||
as-user-extra: {}
|
||||
EOF
|
||||
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "flannel" ]; then
|
||||
atomic install --storage ostree --system --system-package=no \
|
||||
--name=flanneld ${_prefix}flannel:${FLANNEL_TAG}
|
||||
fi
|
||||
|
||||
sed -i '
|
||||
/^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
|
||||
/^KUBE_MASTER=/ s|=.*|="--master=http://127.0.0.1:8080"|
|
||||
@ -131,6 +125,8 @@ sed -i '
|
||||
# Add controller manager args
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="--leader-elect=true"
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cluster-name=${CLUSTER_UUID}"
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --allocate-node-cidrs=true"
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --cluster-cidr=${PODS_NETWORK_CIDR}"
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS $KUBECONTROLLER_OPTIONS"
|
||||
if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --service-account-private-key-file=$CERT_DIR/service_account_private.key --root-ca-file=$CERT_DIR/ca.crt"
|
||||
@ -172,9 +168,7 @@ if [ -n "${INSECURE_REGISTRY_URL}" ]; then
|
||||
echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker
|
||||
fi
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "calico" ]; then
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
fi
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --node-labels=node-role.kubernetes.io/master=\"\""
|
||||
|
||||
@ -245,3 +239,4 @@ sed -i '
|
||||
/^KUBELET_HOSTNAME=/ s/=.*/=""/
|
||||
/^KUBELET_ARGS=/ s|=.*|="'"\$(/etc/kubernetes/get_require_kubeconfig.sh) ${KUBELET_ARGS}"'"|
|
||||
' /etc/kubernetes/kubelet
|
||||
|
||||
|
@ -7,10 +7,10 @@ echo "configuring kubernetes (minion)"
|
||||
_prefix=${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}
|
||||
|
||||
_addtl_mounts=''
|
||||
if [ "$NETWORK_DRIVER" = "calico" ]; then
|
||||
mkdir -p /opt/cni
|
||||
_addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]}'
|
||||
mkdir -p /opt/cni
|
||||
_addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]}'
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "calico" ]; then
|
||||
if [ "`systemctl status NetworkManager.service | grep -o "Active: active"`" = "Active: active" ]; then
|
||||
CALICO_NM=/etc/NetworkManager/conf.d/calico.conf
|
||||
[ -f ${CALICO_NM} ] || {
|
||||
@ -168,9 +168,7 @@ fi
|
||||
EOF
|
||||
chmod +x /etc/kubernetes/get_require_kubeconfig.sh
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "calico" ]; then
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
fi
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
|
||||
sed -i '
|
||||
/^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
|
||||
@ -183,37 +181,6 @@ cat > /etc/kubernetes/proxy << EOF
|
||||
KUBE_PROXY_ARGS="--kubeconfig=${PROXY_KUBECONFIG} --cluster-cidr=${PODS_NETWORK_CIDR}"
|
||||
EOF
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "flannel" ]; then
|
||||
atomic install --storage ostree --system --system-package=no \
|
||||
--name=flanneld ${_prefix}flannel:${FLANNEL_TAG}
|
||||
if [ "$TLS_DISABLED" = "True" ]; then
|
||||
FLANNEL_OPTIONS=""
|
||||
ETCD_CURL_OPTIONS=""
|
||||
else
|
||||
FLANNEL_CERT_DIR=/etc/flanneld/certs
|
||||
FLANNEL_OPTIONS="-etcd-cafile $FLANNEL_CERT_DIR/ca.crt"
|
||||
FLANNEL_OPTIONS="$FLANNEL_OPTIONS -etcd-certfile $FLANNEL_CERT_DIR/proxy.crt"
|
||||
FLANNEL_OPTIONS="$FLANNEL_OPTIONS -etcd-keyfile $FLANNEL_CERT_DIR/proxy.key"
|
||||
ETCD_CURL_OPTIONS="--cacert $FLANNEL_CERT_DIR/ca.crt --cert $FLANNEL_CERT_DIR/proxy.crt --key $FLANNEL_CERT_DIR/proxy.key"
|
||||
fi
|
||||
FLANNELD_CONFIG=/etc/sysconfig/flanneld
|
||||
|
||||
cat >> $FLANNELD_CONFIG <<EOF
|
||||
FLANNEL_ETCD_ENDPOINTS="$PROTOCOL://${ETCD_SERVER_IP}:2379"
|
||||
FLANNEL_ETCD_PREFIX="/atomic.io/network"
|
||||
FLANNEL_OPTIONS="$FLANNEL_OPTIONS"
|
||||
EOF
|
||||
|
||||
# Make sure etcd has a flannel configuration
|
||||
. $FLANNELD_CONFIG
|
||||
until curl -sf $ETCD_CURL_OPTIONS \
|
||||
"$FLANNEL_ETCD_ENDPOINTS/v2/keys${FLANNEL_ETCD_PREFIX}/config?quorum=false&recursive=false&sorted=false"
|
||||
do
|
||||
echo "Waiting for flannel configuration in etcd..."
|
||||
sleep 5
|
||||
done
|
||||
fi
|
||||
|
||||
cat >> /etc/environment <<EOF
|
||||
KUBERNETES_MASTER=$KUBE_MASTER_URI
|
||||
EOF
|
||||
|
@ -1,73 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
if [ "$NETWORK_DRIVER" != "flannel" ]; then
|
||||
exit 0
|
||||
fi
|
||||
CERT_DIR=/etc/kubernetes/certs
|
||||
PROTOCOL=https
|
||||
ETCD_CURL_OPTIONS="--cacert $CERT_DIR/ca.crt \
|
||||
--cert $CERT_DIR/server.crt --key $CERT_DIR/server.key"
|
||||
FLANNELD_CONFIG=/etc/sysconfig/flanneld
|
||||
|
||||
if [ "$TLS_DISABLED" = "True" ]; then
|
||||
PROTOCOL=http
|
||||
ETCD_CURL_OPTIONS=""
|
||||
fi
|
||||
|
||||
. $FLANNELD_CONFIG
|
||||
|
||||
FLANNEL_CONFIG_BIN=/usr/local/bin/flannel-config
|
||||
FLANNEL_CONFIG_SERVICE=/etc/systemd/system/flannel-config.service
|
||||
FLANNEL_JSON=/etc/sysconfig/flannel-network.json
|
||||
|
||||
echo "creating $FLANNEL_CONFIG_BIN"
|
||||
cat > $FLANNEL_CONFIG_BIN <<EOF
|
||||
#!/bin/sh
|
||||
|
||||
if ! [ -f "$FLANNEL_JSON" ]; then
|
||||
echo "ERROR: missing network configuration file" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$FLANNEL_ETCD_ENDPOINTS" ] || [ -z "$FLANNEL_ETCD_PREFIX" ]; then
|
||||
echo "ERROR: missing required configuration" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "creating flanneld config in etcd"
|
||||
while ! curl -sf -L $ETCD_CURL_OPTIONS \
|
||||
$FLANNEL_ETCD_ENDPOINTS/v2/keys${FLANNEL_ETCD_PREFIX}/config \
|
||||
-X PUT --data-urlencode value@${FLANNEL_JSON}; do
|
||||
echo "waiting for etcd"
|
||||
sleep 1
|
||||
done
|
||||
EOF
|
||||
|
||||
cat > $FLANNEL_CONFIG_SERVICE <<EOF
|
||||
[Unit]
|
||||
After=etcd.service
|
||||
Requires=etcd.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/etc/sysconfig/flanneld
|
||||
ExecStart=$FLANNEL_CONFIG_BIN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
chown root:root $FLANNEL_CONFIG_BIN
|
||||
chmod 0755 $FLANNEL_CONFIG_BIN
|
||||
|
||||
chown root:root $FLANNEL_CONFIG_SERVICE
|
||||
chmod 0644 $FLANNEL_CONFIG_SERVICE
|
||||
|
||||
systemctl enable flannel-config
|
||||
systemctl start --no-block flannel-config
|
||||
|
||||
echo "activating service flanneld"
|
||||
systemctl enable flanneld
|
||||
systemctl start --no-block flanneld
|
@ -2,104 +2,213 @@
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
if [ "$NETWORK_DRIVER" != "flannel" ]; then
|
||||
exit 0
|
||||
set -x
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "flannel" ]; then
|
||||
_prefix=${CONTAINER_INFRA_PREFIX:-quay.io/coreos/}
|
||||
FLANNEL_DEPLOY=/srv/magnum/kubernetes/manifests/flannel-deploy.yaml
|
||||
|
||||
[ -f ${FLANNEL_DEPLOY} ] || {
|
||||
echo "Writing File: $FLANNEL_DEPLOY"
|
||||
mkdir -p "$(dirname ${FLANNEL_DEPLOY})"
|
||||
cat << EOF > ${FLANNEL_DEPLOY}
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: flannel
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/status
|
||||
verbs:
|
||||
- patch
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: flannel
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: flannel
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: flannel
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: flannel
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kube-flannel-cfg
|
||||
namespace: kube-system
|
||||
labels:
|
||||
tier: node
|
||||
app: flannel
|
||||
data:
|
||||
cni-conf.json: |
|
||||
{
|
||||
"name": "cbr0",
|
||||
"plugins": [
|
||||
{
|
||||
"type": "flannel",
|
||||
"delegate": {
|
||||
"hairpinMode": true,
|
||||
"isDefaultGateway": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "portmap",
|
||||
"capabilities": {
|
||||
"portMappings": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
net-conf.json: |
|
||||
{
|
||||
"Network": "$FLANNEL_NETWORK_CIDR",
|
||||
"Subnetlen": $FLANNEL_NETWORK_SUBNETLEN,
|
||||
"Backend": {
|
||||
"Type": "$FLANNEL_BACKEND"
|
||||
}
|
||||
}
|
||||
magnum-install-cni.sh: |
|
||||
#!/bin/sh
|
||||
set -e -x;
|
||||
if [ -w "/host/opt/cni/bin/" ]; then
|
||||
cp /opt/cni/bin/* /host/opt/cni/bin/;
|
||||
echo "Wrote CNI binaries to /host/opt/cni/bin/";
|
||||
fi;
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kube-flannel-ds-amd64
|
||||
namespace: kube-system
|
||||
labels:
|
||||
tier: node
|
||||
app: flannel
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
tier: node
|
||||
app: flannel
|
||||
spec:
|
||||
hostNetwork: true
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/arch: amd64
|
||||
tolerations:
|
||||
# Make sure flannel gets scheduled on all nodes.
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
# Mark the pod as a critical add-on for rescheduling.
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
operator: Exists
|
||||
serviceAccountName: flannel
|
||||
initContainers:
|
||||
- name: install-cni-plugins
|
||||
image: ${_prefix}flannel-cni:${FLANNEL_CNI_TAG}
|
||||
command:
|
||||
- sh
|
||||
args:
|
||||
- /etc/kube-flannel/magnum-install-cni.sh
|
||||
volumeMounts:
|
||||
- name: host-cni-bin
|
||||
mountPath: /host/opt/cni/bin/
|
||||
- name: flannel-cfg
|
||||
mountPath: /etc/kube-flannel/
|
||||
- name: install-cni
|
||||
image: ${_prefix}flannel:${FLANNEL_TAG}
|
||||
command:
|
||||
- cp
|
||||
args:
|
||||
- -f
|
||||
- /etc/kube-flannel/cni-conf.json
|
||||
- /etc/cni/net.d/10-flannel.conflist
|
||||
volumeMounts:
|
||||
- name: cni
|
||||
mountPath: /etc/cni/net.d
|
||||
- name: flannel-cfg
|
||||
mountPath: /etc/kube-flannel/
|
||||
containers:
|
||||
- name: kube-flannel
|
||||
image: ${_prefix}flannel:${FLANNEL_TAG}
|
||||
command:
|
||||
- /opt/bin/flanneld
|
||||
args:
|
||||
- --ip-masq
|
||||
- --kube-subnet-mgr
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
memory: "50Mi"
|
||||
limits:
|
||||
cpu: "100m"
|
||||
memory: "50Mi"
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
volumeMounts:
|
||||
- name: run
|
||||
mountPath: /run
|
||||
- name: flannel-cfg
|
||||
mountPath: /etc/kube-flannel/
|
||||
volumes:
|
||||
- name: host-cni-bin
|
||||
hostPath:
|
||||
path: /opt/cni/bin
|
||||
- name: run
|
||||
hostPath:
|
||||
path: /run
|
||||
- name: cni
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
- name: flannel-cfg
|
||||
configMap:
|
||||
name: kube-flannel-cfg
|
||||
EOF
|
||||
}
|
||||
|
||||
if [ "$MASTER_INDEX" = "0" ]; then
|
||||
|
||||
until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
|
||||
do
|
||||
echo "Waiting for Kubernetes API..."
|
||||
sleep 5
|
||||
done
|
||||
fi
|
||||
|
||||
/usr/bin/kubectl apply -f "${FLANNEL_DEPLOY}" --namespace=kube-system
|
||||
fi
|
||||
|
||||
SYSTEMD_UNITS_DIR=/etc/systemd/system/
|
||||
FLANNEL_DOCKER_BRIDGE_BIN=/usr/local/bin/flannel-docker-bridge
|
||||
FLANNEL_DOCKER_BRIDGE_SERVICE=/etc/systemd/system/flannel-docker-bridge.service
|
||||
FLANNEL_IPTABLES_FORWARD_ACCEPT_SERVICE=flannel-iptables-forward-accept.service
|
||||
DOCKER_FLANNEL_CONF=/etc/systemd/system/docker.service.d/flannel.conf
|
||||
FLANNEL_DOCKER_BRIDGE_CONF=/etc/systemd/system/flanneld.service.d/flannel-docker-bridge.conf
|
||||
|
||||
mkdir -p /etc/systemd/system/docker.service.d
|
||||
mkdir -p /etc/systemd/system/flanneld.service.d
|
||||
|
||||
cat >> $FLANNEL_DOCKER_BRIDGE_BIN <<EOF1
|
||||
#!/bin/sh
|
||||
|
||||
if ! [ "\$FLANNEL_SUBNET" ] && [ "\$FLANNEL_MTU" ] ; then
|
||||
echo "ERROR: missing required environment variables." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# NOTE(mnaser): Since Docker 1.13, it does not set the default forwarding
|
||||
# policy to ACCEPT which will cause CNI networking to fail.
|
||||
iptables -P FORWARD ACCEPT
|
||||
|
||||
mkdir -p /run/flannel/
|
||||
cat > /run/flannel/docker <<EOF2
|
||||
DOCKER_NETWORK_OPTIONS="--bip=\$FLANNEL_SUBNET --mtu=\$FLANNEL_MTU"
|
||||
EOF2
|
||||
EOF1
|
||||
|
||||
chown root:root $FLANNEL_DOCKER_BRIDGE_BIN
|
||||
chmod 0755 $FLANNEL_DOCKER_BRIDGE_BIN
|
||||
|
||||
cat >> $FLANNEL_DOCKER_BRIDGE_SERVICE <<EOF
|
||||
[Unit]
|
||||
After=flanneld.service
|
||||
Before=docker.service
|
||||
Requires=flanneld.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/run/flanneld/subnet.env
|
||||
ExecStart=/usr/local/bin/flannel-docker-bridge
|
||||
|
||||
[Install]
|
||||
WantedBy=docker.service
|
||||
EOF
|
||||
|
||||
chown root:root $FLANNEL_DOCKER_BRIDGE_SERVICE
|
||||
chmod 0644 $FLANNEL_DOCKER_BRIDGE_SERVICE
|
||||
|
||||
cat >> $DOCKER_FLANNEL_CONF <<EOF
|
||||
[Unit]
|
||||
Requires=flannel-docker-bridge.service
|
||||
After=flannel-docker-bridge.service
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/run/flannel/docker
|
||||
EOF
|
||||
|
||||
chown root:root $DOCKER_FLANNEL_CONF
|
||||
chmod 0644 $DOCKER_FLANNEL_CONF
|
||||
|
||||
cat >> $FLANNEL_DOCKER_BRIDGE_CONF <<EOF
|
||||
[Unit]
|
||||
Requires=flannel-docker-bridge.service
|
||||
Before=flannel-docker-bridge.service
|
||||
|
||||
[Install]
|
||||
Also=flannel-docker-bridge.service
|
||||
EOF
|
||||
|
||||
chown root:root $FLANNEL_DOCKER_BRIDGE_CONF
|
||||
chmod 0644 $FLANNEL_DOCKER_BRIDGE_CONF
|
||||
|
||||
# Workaround for https://github.com/coreos/flannel/issues/799
|
||||
# Not solved upstream properly yet.
|
||||
cat >> "${SYSTEMD_UNITS_DIR}${FLANNEL_IPTABLES_FORWARD_ACCEPT_SERVICE}" <<EOF
|
||||
[Unit]
|
||||
After=flanneld.service docker.service kubelet.service kube-proxy.service
|
||||
Requires=flanneld.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/iptables -P FORWARD ACCEPT
|
||||
ExecStartPost=/usr/sbin/iptables -S
|
||||
|
||||
[Install]
|
||||
WantedBy=flanneld.service
|
||||
EOF
|
||||
|
||||
chown root:root "${SYSTEMD_UNITS_DIR}${FLANNEL_IPTABLES_FORWARD_ACCEPT_SERVICE}"
|
||||
chmod 0644 "${SYSTEMD_UNITS_DIR}${FLANNEL_IPTABLES_FORWARD_ACCEPT_SERVICE}"
|
||||
systemctl daemon-reload
|
||||
systemctl enable "${FLANNEL_IPTABLES_FORWARD_ACCEPT_SERVICE}"
|
||||
|
||||
echo "activating service flanneld"
|
||||
systemctl enable flanneld
|
||||
systemctl start flanneld
|
||||
|
@ -147,5 +147,3 @@ chmod 550 "${cert_dir}"
|
||||
chown -R kube:kube_etcd "${cert_dir}"
|
||||
chmod 440 ${cert_dir}/kubelet.key
|
||||
chmod 440 ${cert_dir}/proxy.key
|
||||
mkdir -p /etc/flanneld/certs
|
||||
cp ${cert_dir}/* /etc/flanneld/certs
|
||||
|
@ -1,28 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
if [ "$NETWORK_DRIVER" != "flannel" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
FLANNEL_JSON=/etc/sysconfig/flannel-network.json
|
||||
FLANNELD_CONFIG=/etc/sysconfig/flanneld
|
||||
|
||||
cat > /etc/sysconfig/flanneld <<EOF
|
||||
FLANNEL_ETCD_ENDPOINTS="http://127.0.0.1:2379"
|
||||
FLANNEL_ETCD_PREFIX="/atomic.io/network"
|
||||
FLANNEL_OPTIONS=
|
||||
EOF
|
||||
|
||||
# Generate a flannel configuration that we will
|
||||
# store into etcd using curl.
|
||||
cat > $FLANNEL_JSON <<EOF
|
||||
{
|
||||
"Network": "$FLANNEL_NETWORK_CIDR",
|
||||
"Subnetlen": $FLANNEL_NETWORK_SUBNETLEN,
|
||||
"Backend": {
|
||||
"Type": "$FLANNEL_BACKEND"
|
||||
}
|
||||
}
|
||||
EOF
|
@ -46,6 +46,7 @@ write_files:
|
||||
CLOUD_PROVIDER_ENABLED="$CLOUD_PROVIDER_ENABLED"
|
||||
ETCD_TAG="$ETCD_TAG"
|
||||
FLANNEL_TAG="$FLANNEL_TAG"
|
||||
FLANNEL_CNI_TAG="$FLANNEL_CNI_TAG"
|
||||
KUBE_VERSION="$KUBE_VERSION"
|
||||
KUBE_DASHBOARD_VERSION="$KUBE_DASHBOARD_VERSION"
|
||||
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
|
||||
|
@ -38,7 +38,6 @@ write_files:
|
||||
NO_PROXY="$NO_PROXY"
|
||||
WAIT_CURL="$WAIT_CURL"
|
||||
KUBE_TAG="$KUBE_TAG"
|
||||
FLANNEL_TAG="$FLANNEL_TAG"
|
||||
FLANNEL_NETWORK_CIDR="$FLANNEL_NETWORK_CIDR"
|
||||
PODS_NETWORK_CIDR="$PODS_NETWORK_CIDR"
|
||||
KUBE_VERSION="$KUBE_VERSION"
|
||||
|
@ -109,7 +109,7 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
|
||||
'cgroup_driver',
|
||||
'calico_tag', 'calico_cni_tag',
|
||||
'calico_kube_controllers_tag', 'calico_ipv4pool',
|
||||
'etcd_tag', 'flannel_tag',
|
||||
'etcd_tag', 'flannel_tag', 'flannel_cni_tag',
|
||||
'cloud_provider_enabled',
|
||||
'cloud_provider_tag',
|
||||
'prometheus_tag',
|
||||
|
@ -348,8 +348,13 @@ parameters:
|
||||
|
||||
flannel_tag:
|
||||
type: string
|
||||
description: tag of the flannel system containers
|
||||
default: v0.9.0
|
||||
description: tag of the flannel container
|
||||
default: v0.10.0-amd64
|
||||
|
||||
flannel_cni_tag:
|
||||
type: string
|
||||
description: tag of the flannel cni container
|
||||
default: v0.3.0
|
||||
|
||||
kube_version:
|
||||
type: string
|
||||
@ -778,6 +783,7 @@ resources:
|
||||
kube_version: {get_param: kube_version}
|
||||
etcd_tag: {get_param: etcd_tag}
|
||||
flannel_tag: {get_param: flannel_tag}
|
||||
flannel_cni_tag: {get_param: flannel_cni_tag}
|
||||
kube_dashboard_version: {get_param: kube_dashboard_version}
|
||||
trustee_user_id: {get_param: trustee_user_id}
|
||||
trustee_password: {get_param: trustee_password}
|
||||
@ -834,6 +840,7 @@ resources:
|
||||
"$CA_KEY": {get_param: ca_key}
|
||||
- get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh
|
||||
- get_file: ../../common/templates/kubernetes/helm/metrics-server.sh
|
||||
- get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh
|
||||
@ -919,7 +926,6 @@ resources:
|
||||
no_proxy: {get_param: no_proxy}
|
||||
kube_tag: {get_param: kube_tag}
|
||||
kube_version: {get_param: kube_version}
|
||||
flannel_tag: {get_param: flannel_tag}
|
||||
trustee_user_id: {get_param: trustee_user_id}
|
||||
trustee_username: {get_param: trustee_username}
|
||||
trustee_password: {get_param: trustee_password}
|
||||
|
@ -239,6 +239,10 @@ parameters:
|
||||
type: string
|
||||
description: tag of the flannel system containers
|
||||
|
||||
flannel_cni_tag:
|
||||
type: string
|
||||
description: tag of the flannel cni container
|
||||
|
||||
kube_version:
|
||||
type: string
|
||||
description: version of kubernetes used for kubernetes cluster
|
||||
@ -502,6 +506,7 @@ resources:
|
||||
"$CLOUD_PROVIDER_ENABLED": {get_param: cloud_provider_enabled}
|
||||
"$ETCD_TAG": {get_param: etcd_tag}
|
||||
"$FLANNEL_TAG": {get_param: flannel_tag}
|
||||
"$FLANNEL_CNI_TAG": {get_param: flannel_cni_tag}
|
||||
"$KUBE_VERSION": {get_param: kube_version}
|
||||
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
|
||||
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||
@ -584,24 +589,6 @@ resources:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-master.sh}
|
||||
|
||||
write_flannel_config:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/write-flannel-config.sh}
|
||||
|
||||
flannel_config_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-config-service.sh}
|
||||
|
||||
flannel_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
|
||||
|
||||
enable_services:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
@ -641,9 +628,6 @@ resources:
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: start_container_agent}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: write_flannel_config}
|
||||
- config: {get_resource: flannel_config_service}
|
||||
- config: {get_resource: flannel_service}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -182,10 +182,6 @@ parameters:
|
||||
type: string
|
||||
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||
|
||||
flannel_tag:
|
||||
type: string
|
||||
description: tag of the flannel system containers
|
||||
|
||||
kube_version:
|
||||
type: string
|
||||
description: version of kubernetes used for kubernetes cluster
|
||||
@ -342,7 +338,6 @@ resources:
|
||||
$HTTPS_PROXY: {get_param: https_proxy}
|
||||
$NO_PROXY: {get_param: no_proxy}
|
||||
$KUBE_TAG: {get_param: kube_tag}
|
||||
$FLANNEL_TAG: {get_param: flannel_tag}
|
||||
$FLANNEL_NETWORK_CIDR: {get_param: flannel_network_cidr}
|
||||
$PODS_NETWORK_CIDR: {get_param: pods_network_cidr}
|
||||
$KUBE_VERSION: {get_param: kube_version}
|
||||
@ -405,12 +400,6 @@ resources:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-minion.sh}
|
||||
|
||||
flannel_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
|
||||
|
||||
enable_services:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
@ -466,7 +455,6 @@ resources:
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
- config: {get_resource: configure_docker_registry}
|
||||
- config: {get_resource: configure_kubernetes_minion}
|
||||
- config: {get_resource: flannel_service}
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: enable_docker_registry}
|
||||
|
@ -366,6 +366,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||
kube_tag = mock_cluster.labels.get('kube_tag')
|
||||
etcd_tag = mock_cluster.labels.get('etcd_tag')
|
||||
flannel_tag = mock_cluster.labels.get('flannel_tag')
|
||||
flannel_cni_tag = mock_cluster.labels.get('flannel_cni_tag')
|
||||
container_infra_prefix = mock_cluster.labels.get(
|
||||
'container_infra_prefix')
|
||||
availability_zone = mock_cluster.labels.get(
|
||||
@ -457,6 +458,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||
'kube_tag': kube_tag,
|
||||
'etcd_tag': etcd_tag,
|
||||
'flannel_tag': flannel_tag,
|
||||
'flannel_cni_tag': flannel_cni_tag,
|
||||
'container_infra_prefix': container_infra_prefix,
|
||||
'nodes_affinity_policy': 'soft-anti-affinity',
|
||||
'availability_zone': availability_zone,
|
||||
@ -732,6 +734,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||
kube_tag = mock_cluster.labels.get('kube_tag')
|
||||
etcd_tag = mock_cluster.labels.get('etcd_tag')
|
||||
flannel_tag = mock_cluster.labels.get('flannel_tag')
|
||||
flannel_cni_tag = mock_cluster.labels.get('flannel_cni_tag')
|
||||
container_infra_prefix = mock_cluster.labels.get(
|
||||
'container_infra_prefix')
|
||||
availability_zone = mock_cluster.labels.get(
|
||||
@ -825,6 +828,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||
'kube_tag': kube_tag,
|
||||
'etcd_tag': etcd_tag,
|
||||
'flannel_tag': flannel_tag,
|
||||
'flannel_cni_tag': flannel_cni_tag,
|
||||
'container_infra_prefix': container_infra_prefix,
|
||||
'nodes_affinity_policy': 'soft-anti-affinity',
|
||||
'availability_zone': availability_zone,
|
||||
|
8
releasenotes/notes/flannel-cni-4a5c9f574325761e.yaml
Normal file
8
releasenotes/notes/flannel-cni-4a5c9f574325761e.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
For k8s_fedora_atomic, run flannel as a cni plugin. The deployment method
|
||||
is taken from the flannel upstream documentation. One more label for the
|
||||
cni tag is added `flannel_cni_tag` for the container,
|
||||
quay.io/repository/coreos/flannel-cni. The flannel container is taken
|
||||
from flannel upsteam as well quay.io/repository/coreos/flannel.
|
Loading…
Reference in New Issue
Block a user