[Calico] Realign Calico v2 chart for upcoming v3.2 upgrade

This PS realigns Calico v2 with the pending Calico v3.2 chart in order
to minimize differences.  It's mostly refactoring with a few small fixes.

Change-Id: Ie5157b4ae324b6eb4c8ccb5cc07d8b9bc5a83ebd
This commit is contained in:
Chris Wedgwood 2018-10-01 23:21:12 +00:00 committed by Tin Lam
parent 681dee71b7
commit 45275ffefd
21 changed files with 268 additions and 170 deletions

View File

@ -80,6 +80,6 @@ EOF
# process IPv6 peers # process IPv6 peers
{{ if .Values.networking.bgp.ipv6.peers }} {{ if .Values.networking.bgp.ipv6.peers }}
cat << EOF | ${CALICOCTL} apply -f - cat << EOF | ${CALICOCTL} apply -f -
{{ .Values.networking.bgp.ipv4.peers | toYaml }} {{ .Values.networking.bgp.ipv6.peers | toYaml }}
EOF EOF
{{ end }} {{ end }}

View File

@ -40,9 +40,11 @@ fi;
cat <<EOF>/host/opt/cni/bin/calicoctl cat <<EOF>/host/opt/cni/bin/calicoctl
export ETCD_ENDPOINTS=$ETCD_ENDPOINTS export ETCD_ENDPOINTS=$ETCD_ENDPOINTS
if [ -e $ETCD_KEY_FILE ]; then export ETCD_KEY_FILE=$ETCD_KEY_FILE; fi;
if [ -e $ETCD_CERT_FILE ]; then export ETCD_CERT_FILE=$ETCD_CERT_FILE; fi; [ -e $ETCD_KEY_FILE ] && export ETCD_KEY_FILE=$ETCD_KEY_FILE
if [ -e $ETCD_CA_CERT_FILE ]; then export ETCD_CA_CERT_FILE=$ETCD_CA_CERT_FILE; fi; [ -e $ETCD_CERT_FILE ] && export ETCD_CERT_FILE=$ETCD_CERT_FILE
[ -e $ETCD_CA_CERT_FILE ] && export ETCD_CA_CERT_FILE=$ETCD_CA_CERT_FILE
exec /opt/cni/bin/calicoctl.bin \$* exec /opt/cni/bin/calicoctl.bin \$*
EOF EOF

View File

@ -0,0 +1,47 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bird }}
{{- $envAll := . }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: calico-bird
data:
# we overlay templates found natively in the calico-node container
# so that we may override bgp configuration
bird6.cfg.mesh.template: |
{{ tuple "bird/_bird6.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird6.cfg.no-mesh.template: |
{{ tuple "bird/_bird6.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird6_ipam.cfg.template: |
{{ tuple "bird/_bird6_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird_aggr.cfg.template: |
{{ tuple "bird/_bird_aggr.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird.cfg.mesh.template: |
{{ tuple "bird/_bird.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird.cfg.no-mesh.template: |
{{ tuple "bird/_bird.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird_ipam.cfg.template: |
{{ tuple "bird/_bird_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
custom_filters6.cfg.template: |
{{ tuple "bird/_custom_filters6.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
custom_filters.cfg.template: |
{{ tuple "bird/_custom_filters.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

View File

@ -30,41 +30,17 @@ limitations under the License.
{{- end -}} {{- end -}}
--- ---
apiVersion: v1
kind: ConfigMap kind: ConfigMap
apiVersion: v1
metadata: metadata:
name: calico-etc name: calico-etc
data: data:
# we overlay templates found natively in the calico-node container so that we may override
# bgp configuration
bird6.cfg.mesh.template: |
{{ tuple "etc/bird/_bird6.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird6.cfg.no-mesh.template: |
{{ tuple "etc/bird/_bird6.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird6_ipam.cfg.template: |
{{ tuple "etc/bird/_bird6_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird_aggr.cfg.template: |
{{ tuple "etc/bird/_bird_aggr.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird.cfg.mesh.template: |
{{ tuple "etc/bird/_bird.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird.cfg.no-mesh.template: |
{{ tuple "etc/bird/_bird.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
bird_ipam.cfg.template: |
{{ tuple "etc/bird/_bird_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
custom_filters6.cfg.template: |
{{ tuple "etc/bird/_custom_filters6.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
custom_filters.cfg.template: |
{{ tuple "etc/bird/_custom_filters.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
tunl-ip.template: |
{{ tuple "etc/bird/_tunl-ip.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
# The location of your etcd cluster. This uses the Service clusterIP # The location of your etcd cluster. This uses the Service clusterIP
# defined below. # defined below.
etcd_endpoints: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} etcd_endpoints: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
# The CNI network configuration to install on each node. # The CNI network configuration to install on each node, generated
# from (Values.)conf.cni_network_config
cni_network_config: |- cni_network_config: |-
{{ toJson $envAll.Values.conf.cni_network_config | indent 4 }} {{ toJson $envAll.Values.conf.cni_network_config | indent 4 }}

View File

@ -18,12 +18,12 @@ limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $serviceAccountName := "calico-etcd"}} {{- $serviceAccountName := "calico-etcd"}}
{{ tuple $envAll "etcd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "calico-etcd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
# This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet # This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet
# to force it to run on the master even when the master isn't schedulable, and uses # to force it to run on the master even when the master isn't schedulable, and uses
# nodeSelector to ensure it only runs on the master. # nodeSelector to ensure it only runs on the master.
apiVersion: apps/v1 apiVersion: extensions/v1beta1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: calico-etcd name: calico-etcd
@ -43,19 +43,26 @@ spec:
k8s-app: calico-etcd k8s-app: calico-etcd
{{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations: annotations:
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
# reserves resources for critical add-on pods so that they can be rescheduled after # reserves resources for critical add-on pods so that they can be rescheduled after
# a failure. This annotation works in tandem with the toleration below. # a failure. This annotation works in tandem with the toleration below.
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
# Only run this pod on the master.
tolerations: tolerations:
# This taint is set by all kubelets running `--cloud-provider=external`
# so we should tolerate it to schedule the Calico pods
- key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
effect: NoSchedule
# Allow this pod to run on the master.
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
effect: NoSchedule effect: NoSchedule
# Allow this pod to be rescheduled while the node is in "critical add-ons only" mode. # Allow this pod to be rescheduled while the node is in "critical add-ons only" mode.
# This, along with the annotation above marks this pod as a critical add-on. # This, along with the annotation above marks this pod as a critical add-on.
- key: CriticalAddonsOnly - key: CriticalAddonsOnly
operator: Exists operator: Exists
# Only run this pod on the master.
nodeSelector: nodeSelector:
node-role.kubernetes.io/master: "" node-role.kubernetes.io/master: ""
hostNetwork: true hostNetwork: true
@ -72,11 +79,13 @@ spec:
fieldPath: status.podIP fieldPath: status.podIP
command: command:
- /usr/local/bin/etcd - /usr/local/bin/etcd
args:
- --name=calico - --name=calico
- --data-dir=/var/etcd/calico-data - --data-dir=/var/etcd/calico-data
- --advertise-client-urls={{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} - --advertise-client-urls={{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- --listen-client-urls={{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}://0.0.0.0:{{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - --listen-client-urls={{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}://0.0.0.0:{{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- --listen-peer-urls={{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}://0.0.0.0:{{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - --listen-peer-urls={{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}://0.0.0.0:{{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- --auto-compaction-retention=1
volumeMounts: volumeMounts:
- name: var-etcd - name: var-etcd
mountPath: /var/etcd mountPath: /var/etcd

View File

@ -33,7 +33,6 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.calico_node }}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-cni-plugin"}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-cni-plugin"}}
{{ tuple $envAll "calico_node" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "calico_node" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@ -67,10 +66,9 @@ rules:
# as the Calico CNI plugins and network config on # as the Calico CNI plugins and network config on
# each master and worker node in a Kubernetes cluster. # each master and worker node in a Kubernetes cluster.
kind: DaemonSet kind: DaemonSet
apiVersion: apps/v1 apiVersion: extensions/v1beta1
metadata: metadata:
name: calico-node name: calico-node
namespace: kube-system
annotations: annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels: labels:
@ -81,30 +79,45 @@ spec:
matchLabels: matchLabels:
k8s-app: calico-node k8s-app: calico-node
{{ tuple $envAll "calico" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} {{ tuple $envAll "calico" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template: template:
metadata: metadata:
labels: labels:
k8s-app: calico-node k8s-app: calico-node
{{ tuple $envAll "calico" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "calico" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations: annotations:
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
# reserves resources for critical add-on pods so that they can be rescheduled after configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
# a failure. This annotation works in tandem with the toleration below. configmap-bird-hash: {{ tuple "configmap-bird.yaml" . | include "helm-toolkit.utils.hash" }}
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
{{- if .Values.monitoring.prometheus.enabled }} {{- if .Values.monitoring.prometheus.enabled }}
{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.calico_node }}
{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_pod_annotations" | indent 8 }} {{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_pod_annotations" | indent 8 }}
{{- end }} {{- end }}
spec: spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true hostNetwork: true
tolerations: tolerations:
- key: node-role.kubernetes.io/master # Make sure calico-node gets scheduled on all nodes.
effect: NoSchedule - effect: NoSchedule
# Allow this pod to be rescheduled while the node is in "critical add-ons only" mode. operator: Exists
# This, along with the annotation above marks this pod as a critical add-on. # Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly - key: CriticalAddonsOnly
operator: Exists operator: Exists
- effect: NoExecute
operator: Exists
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.node.timeout | default "30" }} # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
terminationGracePeriodSeconds: 0
initContainers: initContainers:
{{ tuple $envAll "calico_node" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll "calico_node" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ if .Values.manifests.daemonset_calico_node_calicoctl }} {{ if .Values.manifests.daemonset_calico_node_calicoctl }}
@ -119,13 +132,14 @@ spec:
configMapKeyRef: configMapKeyRef:
name: calico-etc name: calico-etc
key: etcd_endpoints key: etcd_endpoints
{{ if .Values.endpoints.etcd.auth.client.tls.ca}} {{ if .Values.endpoints.etcd.auth.client.tls.ca}}
- name: ETCD_CA_CERT_FILE - name: ETCD_CA_CERT_FILE
value: {{ .Values.endpoints.etcd.auth.client.path.ca }} value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
- name: ETCD_CA_CERT - name: ETCD_CA_CERT
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: calico-certificates name: calico-etcd-secrets
key: tls.ca key: tls.ca
{{ end }} {{ end }}
{{ if .Values.endpoints.etcd.auth.client.tls.key}} {{ if .Values.endpoints.etcd.auth.client.tls.key}}
@ -134,7 +148,7 @@ spec:
- name: ETCD_KEY - name: ETCD_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: calico-certificates name: calico-etcd-secrets
key: tls.key key: tls.key
{{ end }} {{ end }}
{{ if .Values.endpoints.etcd.auth.client.tls.crt}} {{ if .Values.endpoints.etcd.auth.client.tls.crt}}
@ -143,7 +157,7 @@ spec:
- name: ETCD_CERT - name: ETCD_CERT
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: calico-certificates name: calico-etcd-secrets
key: tls.crt key: tls.crt
{{ end }} {{ end }}
volumeMounts: volumeMounts:
@ -154,15 +168,15 @@ spec:
- mountPath: /tmp/install-calicoctl.sh - mountPath: /tmp/install-calicoctl.sh
name: calico-bin name: calico-bin
subPath: install-calicoctl.sh subPath: install-calicoctl.sh
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
subPath: tls.ca subPath: tls.ca
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }}
subPath: tls.crt subPath: tls.crt
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
subPath: tls.key subPath: tls.key
readOnly: true readOnly: true
@ -175,18 +189,24 @@ spec:
{{ tuple $envAll "calico_node" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "calico_node" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.calico_node | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.calico_node | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env: env:
# Values expanded explicitly from conf.node (some of which
# might be derived from elsewhere, see values.yaml for an
# explanation of this)
#
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.node | indent 12 }} {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.node | indent 12 }}
# Values explicit in the chart not expected to be found in
# conf.node
#
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
name: calico-etc name: calico-etc
key: etcd_endpoints key: etcd_endpoints
# Set noderef for node controller.
- name: CALICO_K8S_NODE_REF # etcd certs
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{ if .Values.endpoints.etcd.auth.client.tls.ca}} {{ if .Values.endpoints.etcd.auth.client.tls.ca}}
- name: ETCD_CA_CERT_FILE - name: ETCD_CA_CERT_FILE
value: {{ .Values.endpoints.etcd.auth.client.path.ca }} value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
@ -199,8 +219,26 @@ spec:
- name: ETCD_CERT_FILE - name: ETCD_CERT_FILE
value: {{ .Values.endpoints.etcd.auth.client.path.crt }} value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
{{ end }} {{ end }}
# Set noderef for node controller.
- name: CALICO_K8S_NODE_REF
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext: securityContext:
privileged: true privileged: true
resources:
requests:
cpu: 250m
livenessProbe:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
volumeMounts: volumeMounts:
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
@ -208,45 +246,53 @@ spec:
- mountPath: /var/run/calico - mountPath: /var/run/calico
name: var-run-calico name: var-run-calico
readOnly: false readOnly: false
- mountPath: /etc/calico/confd/templates/bird6.cfg.mesh.template
name: calico-etc # bird template replacements
subPath: bird6.cfg.mesh.template # bird cfg
- mountPath: /etc/calico/confd/templates/bird6.cfg.no-mesh.template
name: calico-etc
subPath: bird6.cfg.no-mesh.template
- mountPath: /etc/calico/confd/templates/bird6_ipam.cfg.template
name: calico-etc
subPath: bird6_ipam.cfg.template
- mountPath: /etc/calico/confd/templates/bird_aggr.cfg.template
name: calico-etc
subPath: bird_aggr.cfg.template
- mountPath: /etc/calico/confd/templates/bird.cfg.mesh.template - mountPath: /etc/calico/confd/templates/bird.cfg.mesh.template
name: calico-etc name: calico-bird
subPath: bird.cfg.mesh.template subPath: bird.cfg.mesh.template
- mountPath: /etc/calico/confd/templates/bird.cfg.no-mesh.template - mountPath: /etc/calico/confd/templates/bird.cfg.no-mesh.template
name: calico-etc name: calico-bird
subPath: bird.cfg.no-mesh.template subPath: bird.cfg.no-mesh.template
# bird ipam
- mountPath: /etc/calico/confd/templates/bird_ipam.cfg.template - mountPath: /etc/calico/confd/templates/bird_ipam.cfg.template
name: calico-etc name: calico-bird
subPath: bird_ipam.cfg.template subPath: bird_ipam.cfg.template
# bird6 cfg
- mountPath: /etc/calico/confd/templates/bird6.cfg.mesh.template
name: calico-bird
subPath: bird6.cfg.mesh.template
- mountPath: /etc/calico/confd/templates/bird6.cfg.no-mesh.template
name: calico-bird
subPath: bird6.cfg.no-mesh.template
# bird6 ipam
- mountPath: /etc/calico/confd/templates/bird6_ipam.cfg.template
name: calico-bird
subPath: bird6_ipam.cfg.template
# filters...
- mountPath: /etc/calico/confd/templates/bird_aggr.cfg.template
name: calico-bird
subPath: bird_aggr.cfg.template
- mountPath: /etc/calico/confd/templates/custom_filters6.cfg.template - mountPath: /etc/calico/confd/templates/custom_filters6.cfg.template
name: calico-etc name: calico-bird
subPath: custom_filters6.cfg.template subPath: custom_filters6.cfg.template
- mountPath: /etc/calico/confd/templates/custom_filters.cfg.template - mountPath: /etc/calico/confd/templates/custom_filters.cfg.template
name: calico-etc name: calico-bird
subPath: custom_filters.cfg.template subPath: custom_filters.cfg.template
- mountPath: /etc/calico/confd/templates/tunl-ip.template # etcd secrets
name: calico-etc - mountPath: /var/lib/calico
subPath: tunl-ip.template name: var-lib-calico
- name: calico-certificates readOnly: false
- name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
subPath: tls.ca subPath: tls.ca
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }}
subPath: tls.crt subPath: tls.crt
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
subPath: tls.key subPath: tls.key
readOnly: true readOnly: true
@ -257,6 +303,12 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.calico_cni | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.calico_cni | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command: ["/install-cni.sh"] command: ["/install-cni.sh"]
env: env:
# Name of the CNI config file to create.
#
# NOTE: Calico v2 needs to end in .conf; Calico v3 is
# different!
- name: CNI_CONF_NAME
value: "10-calico.conf"
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS
valueFrom: valueFrom:
@ -282,6 +334,9 @@ spec:
- name: var-run-calico - name: var-run-calico
hostPath: hostPath:
path: /var/run/calico path: /var/run/calico
- name: var-lib-calico
hostPath:
path: /var/lib/calico
# Used to install CNI. # Used to install CNI.
- name: cni-bin-dir - name: cni-bin-dir
hostPath: hostPath:
@ -296,11 +351,15 @@ spec:
configMap: configMap:
name: calico-etc name: calico-etc
defaultMode: 0444 defaultMode: 0444
- name: calico-bird
configMap:
name: calico-bird
defaultMode: 0444
- name: calico-bin - name: calico-bin
configMap: configMap:
name: calico-bin name: calico-bin
defaultMode: 0555 defaultMode: 0555
- name: calico-certificates - name: calico-etcd-secrets
secret: secret:
secretName: calico-certificates secretName: calico-etcd-secrets
{{- end }} {{- end }}

View File

@ -14,14 +14,14 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.deployment_calico_kube_policy_controllers }} {{- if .Values.manifests.deployment_calico_kube_controllers }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-kube-controllers"}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-kube-controllers"}}
{{ tuple $envAll "calico_kube_policy_controllers" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "calico_kube_controllers" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}
roleRef: roleRef:
@ -46,68 +46,72 @@ rules:
- namespaces - namespaces
- networkpolicies - networkpolicies
- nodes - nodes
- serviceaccounts
verbs:
- watch
- list
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs: verbs:
- watch - watch
- list - list
--- ---
# This manifest deploys the Calico Kubernetes controllers. # This manifest deploys the Calico Kubernetes controllers.
# See https://github.com/projectcalico/kube-controllers # See https://github.com/projectcalico/kube-controllers
apiVersion: apps/v1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: calico-kube-policy-controllers name: calico-kube-controllers
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels: labels:
k8s-app: calico-kube-policy-controllers k8s-app: calico-kube-controllers
{{ tuple $envAll "calico" "kube-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "calico" "kube-controllers" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec: spec:
# The controllers can only have a single active instance. # The controllers can only have a single active instance.
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
k8s-app: calico-kube-policy-controllers k8s-app: calico-kube-controllers
{{ tuple $envAll "calico" "kube-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} {{ tuple $envAll "calico" "kube-controllers" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
strategy: strategy:
type: Recreate type: Recreate
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template: template:
metadata: metadata:
name: calico-kube-policy-controllers name: calico-kube-controllers
namespace: kube-system
labels: labels:
k8s-app: calico-kube-policy-controllers k8s-app: calico-kube-controllers
{{ tuple $envAll "calico" "kube-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "calico" "kube-controllers" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations: annotations:
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
# reserves resources for critical add-on pods so that they can be rescheduled after configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
# a failure. This annotation works in tandem with the toleration below.
scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
nodeSelector:
beta.kubernetes.io/os: linux
# The controllers must run in the host network namespace so that # The controllers must run in the host network namespace so that
# it isn't governed by policy that would prevent it from working. # it isn't governed by policy that would prevent it from working.
hostNetwork: true hostNetwork: true
tolerations: tolerations:
# this taint is set by all kubelets running `--cloud-provider=external` # Mark the pod as a critical add-on for rescheduling.
# so we should tolerate it to schedule the calico pods
- key: node.cloudprovider.kubernetes.io/uninitialized - key: node.cloudprovider.kubernetes.io/uninitialized
value: "true" value: "true"
effect: NoSchedule effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
# Allow this pod to be rescheduled while the node is in "critical add-ons only" mode.
# This, along with the annotation above marks this pod as a critical add-on.
- key: CriticalAddonsOnly - key: CriticalAddonsOnly
operator: Exists operator: Exists
- key: node-role.kubernetes.io/master
effect: NoSchedule
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
initContainers: initContainers:
{{ tuple $envAll "calico_kube_policy_controllers" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll "calico_kube_controllers" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.policy_controller.timeout | default "30" }}
containers: containers:
- name: calico-policy-controller - name: calico-kube-controllers
{{ tuple $envAll "calico_kube_policy_controller" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "calico_kube_controllers" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.calico_kube_policy_controller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.calico_kube_controllers | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env: env:
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS
@ -115,7 +119,11 @@ spec:
configMapKeyRef: configMapKeyRef:
name: calico-etc name: calico-etc
key: etcd_endpoints key: etcd_endpoints
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.policy_controller | indent 12 }}
# conf.controllers expanded values
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.controllers | indent 12 }}
# etcd tls files
{{ if .Values.endpoints.etcd.auth.client.tls.ca}} {{ if .Values.endpoints.etcd.auth.client.tls.ca}}
- name: ETCD_CA_CERT_FILE - name: ETCD_CA_CERT_FILE
value: {{ .Values.endpoints.etcd.auth.client.path.ca }} value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
@ -128,21 +136,25 @@ spec:
- name: ETCD_CERT_FILE - name: ETCD_CERT_FILE
value: {{ .Values.endpoints.etcd.auth.client.path.crt }} value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
{{ end }} {{ end }}
# etcd tls mounts
volumeMounts: volumeMounts:
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
subPath: tls.ca subPath: tls.ca
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }}
subPath: tls.crt subPath: tls.crt
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
subPath: tls.key subPath: tls.key
readOnly: true readOnly: true
volumes: volumes:
- name: calico-certificates - name: calico-etcd-secrets
secret: secret:
secretName: calico-certificates secretName: calico-etcd-secrets
defaultMode: 0400
{{- end }} {{- end }}

View File

@ -1,7 +0,0 @@
We must dump all pool data to this file to trigger a resync.
Otherwise, confd notices the file hasn't changed and won't
run our python update script.
{{`{{range ls "/pool"}}`}}{{`{{$data := json (getv (printf "/pool/%s" .))}}`}}
{{`{{if $data.ipip}}`}}{{`{{if not $data.disabled}}`}}{{`{{$data.cidr}}`}}{{`{{end}}`}}{{`{{end}}`}}
{{`{{end}}`}}

View File

@ -30,6 +30,8 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
# reserves resources for critical add-on pods so that they can be rescheduled after # reserves resources for critical add-on pods so that they can be rescheduled after
# a failure. This annotation works in tandem with the toleration below. # a failure. This annotation works in tandem with the toleration below.
@ -78,15 +80,15 @@ spec:
mountPath: /tmp/calico-settings.sh mountPath: /tmp/calico-settings.sh
subPath: calico-settings.sh subPath: calico-settings.sh
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
subPath: tls.ca subPath: tls.ca
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }}
subPath: tls.crt subPath: tls.crt
readOnly: true readOnly: true
- name: calico-certificates - name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
subPath: tls.key subPath: tls.key
readOnly: true readOnly: true
@ -95,7 +97,7 @@ spec:
configMap: configMap:
name: calico-bin name: calico-bin
defaultMode: 0555 defaultMode: 0555
- name: calico-certificates - name: calico-etcd-secrets
secret: secret:
secretName: calico-certificates secretName: calico-etcd-secrets
{{- end }} {{- end }}

View File

@ -20,12 +20,11 @@ limitations under the License.
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata:
name: calico-certificates
type: kubernetes.io/tls type: kubernetes.io/tls
metadata:
name: calico-etcd-secrets
data: data:
tls.ca: {{ .Values.endpoints.etcd.auth.client.tls.ca | default "" | b64enc }} tls.ca: {{ .Values.endpoints.etcd.auth.client.tls.ca | default "" | b64enc }}
tls.key: {{ .Values.endpoints.etcd.auth.client.tls.key | default "" | b64enc }} tls.key: {{ .Values.endpoints.etcd.auth.client.tls.key | default "" | b64enc }}
tls.crt: {{ .Values.endpoints.etcd.auth.client.tls.crt | default "" | b64enc }} tls.crt: {{ .Values.endpoints.etcd.auth.client.tls.crt | default "" | b64enc }}
{{ end }} {{- end }}

View File

@ -33,7 +33,7 @@ spec:
{{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
# This ClusterIP needs to be known in advance, since we cannot rely # This ClusterIP needs to be known in advance, since we cannot rely
# on DNS to get access to etcd. # on DNS to get access to etcd.
clusterIP: 10.96.232.136 clusterIP: {{ tuple "etcd" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
ports: ports:
- port: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - port: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }} {{- end }}

View File

@ -12,11 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images: images:
tags: tags:
calico_etcd: quay.io/coreos/etcd:v3.1.14 calico_etcd: quay.io/coreos/etcd:v3.1.14
@ -24,7 +19,8 @@ images:
calico_cni: quay.io/calico/cni:v1.11.5 calico_cni: quay.io/calico/cni:v1.11.5
calico_ctl: quay.io/calico/ctl:v1.6.4 calico_ctl: quay.io/calico/ctl:v1.6.4
calico_settings: quay.io/calico/ctl:v1.6.4 calico_settings: quay.io/calico/ctl:v1.6.4
calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 # NOTE: plural key, singular value
calico_kube_controllers: quay.io/calico/kube-policy-controller:v0.7.0
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
image_repo_sync: docker.io/docker:17.07.0 image_repo_sync: docker.io/docker:17.07.0
pull_policy: IfNotPresent pull_policy: IfNotPresent
@ -36,7 +32,7 @@ images:
- calico_etcd - calico_etcd
- calico_node - calico_node
- calico_cni - calico_cni
- calico_kube_policy_controller - calico_kube_controllers
pod: pod:
resources: resources:
@ -56,7 +52,7 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
calico_kube_policy_controller: calico_kube_controllers:
requests: requests:
memory: "128Mi" memory: "128Mi"
cpu: "100m" cpu: "100m"
@ -100,13 +96,8 @@ pod:
max_unavailable: 1 max_unavailable: 1
max_surge: 3 max_surge: 3
disruption_budget: disruption_budget:
policy_controller: controllers:
min_available: 0 min_available: 0
termination_grace_period:
policy_controller:
timeout: 5
node:
timeout: 5
dependencies: dependencies:
dynamic: dynamic:
@ -118,19 +109,19 @@ dependencies:
- endpoint: node - endpoint: node
service: local_image_registry service: local_image_registry
static: static:
calico_kube_policy_controllers: calico_kube_controllers:
services: services:
- endpoint: internal - endpoint: internal
service: etcd service: calico-etcd
calico_node: calico_node:
services: services:
- endpoint: internal - endpoint: internal
service: etcd service: calico-etcd
calico_settings: calico_settings:
services: services:
- endpoint: internal - endpoint: internal
service: etcd service: calico-etcd
etcd: calico_etcd:
services: null services: null
image_repo_sync: image_repo_sync:
services: services:
@ -199,6 +190,7 @@ networking:
ippool: ippool:
ipip: ipip:
enabled: "true" enabled: "true"
# lowercase value
mode: "always" mode: "always"
nat_outgoing: "true" nat_outgoing: "true"
disabled: "false" disabled: "false"
@ -206,22 +198,24 @@ networking:
# our asnumber for bgp peering # our asnumber for bgp peering
asnumber: 64512 asnumber: 64512
ipv4: ipv4:
# this is a list of peer objects that will be passed # https://docs.projectcalico.org/v2.0/reference/calicoctl/resources/bgppeer
# directly to calicoctl - for global peers, the scope #
# should be global and the node attribute removed # this is a list of peer objects that will be passed directly to
# calicoctl - for global peers, the scope should be global and
# the node attribute removed
# #
# apiVersion: v1 # apiVersion: v1
# kind: bgpPeer # kind: bgpPeer
# metadata: # metadata:
# peerIP: 10.1.10.39 # peerIP: 10.1.10.39
# scope: node # scope: node
# node: hpnode1 # node: some.name
# spec: # spec:
# asNumber: 64512 # asNumber: 64512
peers: [] peers: []
# this is a list of additional IPv4 cidrs that if we # this is a list of additional IPv4 cidrs that if we discover
# discover IPs within them on a host, we will announce # IPs within them on a host, we will announce the address in
# the address in addition to traditional pod workloads # addition to traditional pod workloads
additional_cidrs: [] additional_cidrs: []
mesh: mesh:
port: port:
@ -232,22 +226,24 @@ networking:
neighbor: 179 neighbor: 179
listen: 179 listen: 179
ipv6: ipv6:
# this is a list of peer objects that will be passed # https://docs.projectcalico.org/v2.0/reference/calicoctl/resources/bgppeer
# directly to calicoctl - for global peers, the scope #
# should be global and the node attribute removed # this is a list of peer objects that will be passed directly to
# calicoctl - for global peers, the scope should be global and
# the node attribute removed
# #
# apiVersion: v1 # apiVersion: v1
# kind: bgpPeer # kind: bgpPeer
# metadata: # metadata:
# peerIP: 2603:3024:1200:7500:7011:1dd6:1462:fa5b # peerIP: 2600:1:2:3::abcd
# scope: node # scope: node
# node: hpnode1 # node: rack1-host1
# spec: # spec:
# asNumber: 64512 # asNumber: 64512
peers: [] peers: []
# this is a list of additional IPv6 cidrs that if we # this is a list of additional IPv6 cidrs that if we discover
# discover IPs within them on a host, we will announce # IPs within them on a host, we will announce them in addition
# them in addition to traditional pod workloads # to traditional pod workloads
additional_cidrs: [] additional_cidrs: []
mesh: mesh:
port: port:
@ -265,6 +261,7 @@ conf:
key: null key: null
certificate: null certificate: null
cni_network_config: cni_network_config:
# https://docs.projectcalico.org/v2.0/reference/cni-plugin/configuration
name: k8s-pod-network name: k8s-pod-network
cniVersion: 0.1.0 cniVersion: 0.1.0
type: calico type: calico
@ -279,7 +276,7 @@ conf:
k8s_auth_token: __SERVICEACCOUNT_TOKEN__ k8s_auth_token: __SERVICEACCOUNT_TOKEN__
kubernetes: kubernetes:
kubeconfig: "/etc/cni/net.d/__KUBECONFIG_FILENAME__" kubeconfig: "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
policy_controller: controllers:
# The location of the Kubernetes API. Use the default Kubernetes # The location of the Kubernetes API. Use the default Kubernetes
# service for API access. # service for API access.
K8S_API: "https://kubernetes.default:443" K8S_API: "https://kubernetes.default:443"
@ -311,6 +308,7 @@ conf:
# Configure the IP Pool from which Pod IPs will be chosen. # Configure the IP Pool from which Pod IPs will be chosen.
CALICO_IPV4POOL_CIDR: null CALICO_IPV4POOL_CIDR: null
# Change this to 'off' in environments with direct L2 communication # Change this to 'off' in environments with direct L2 communication
# lowercase
CALICO_IPV4POOL_IPIP: "always" CALICO_IPV4POOL_IPIP: "always"
# Disable IPv6 on Kubernetes. # Disable IPv6 on Kubernetes.
FELIX_IPV6SUPPORT: "false" FELIX_IPV6SUPPORT: "false"
@ -334,10 +332,11 @@ conf:
manifests: manifests:
configmap_bin: true configmap_bin: true
configmap_etc: true configmap_etc: true
configmap_bird: true
daemonset_calico_etcd: true daemonset_calico_etcd: true
daemonset_calico_node: true daemonset_calico_node: true
daemonset_calico_node_calicoctl: true daemonset_calico_node_calicoctl: true
deployment_calico_kube_policy_controllers: true deployment_calico_kube_controllers: true
job_image_repo_sync: true job_image_repo_sync: true
job_calico_settings: true job_calico_settings: true
service_calico_etcd: true service_calico_etcd: true