Convert calico to use non typha config

Calico is meant to be configured for a < 50 node system. The configuration for the > 50 node system had been mistakenly selected. Story: 2005198 Task: 30499 Change-Id: I5bd058a40b29f0a32f8d51d58054ab07faf3d85f Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-04-12 11:53:33 -05:00 · 2019-04-12 11:53:33 -05:00 · c5b6160550
commit c5b6160550
parent a5def9a144
3 changed files with 14 additions and 268 deletions
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=85
+TIS_PATCH_VER=86
--- a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb
+++ b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb
@ -2,9 +2,11 @@
 # Calico Version v3.6
 # Based off:
 # https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/
-#              hosted/kubernetes-datastore/calico-networking/typha/calico.yaml
+#              hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
 # Original file located in the source tree as calico.yaml.erb.orig
 #
 # This is the calico configuration file for systems with less than 50 nodes.
 #
 # Notes when upversioning calico:
 #
 # Refer to configuration instructions here:
@ -33,8 +35,8 @@ metadata:
  name: calico-config
  namespace: kube-system
 data:
-  # You must set a non-zero value for Typha replicas below.
+  # Typha is disabled.
-  typha_service_name: "calico-typha"
+  typha_service_name: "none"
  # Configure the Calico backend to use.
  calico_backend: "bird"
@ -476,130 +478,6 @@ subjects:
  namespace: kube-system
 ---
 ---
 # Source: calico/templates/calico-typha.yaml
 # This manifest creates a Service, which will be backed by Calico's Typha daemon.
 # Typha sits in between Felix and the API server, reducing Calico's load on the API server.
 apiVersion: v1
 kind: Service
 metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
 spec:
  ports:
    - port: 5473
      protocol: TCP
      targetPort: calico-typha
      name: calico-typha
  selector:
    k8s-app: calico-typha
 ---
 # This manifest creates a Deployment of Typha to back the above service.
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
 spec:
  # Number of Typha replicas.  To enable Typha, set this to a non-zero value *and* set the
  # typha_service_name variable in the calico-config ConfigMap above.
  #
  # We recommend using Typha if you have more than 50 nodes.  Above 100 nodes it is essential
  # (when using the Kubernetes datastore).  Use one replica for every 100-200 nodes.  In
  # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade.
  replicas: 1
  revisionHistoryLimit: 2
  template:
    metadata:
      labels:
        k8s-app: calico-typha
      annotations:
        # This, along with the CriticalAddonsOnly toleration below, marks the pod as a critical
        # add-on, ensuring it gets priority scheduling and that its resources are reserved
        # if it ever gets evicted.
        scheduler.alpha.kubernetes.io/critical-pod: ''
        cluster-autoscaler.kubernetes.io/safe-to-evict: 'true'
    spec:
      nodeSelector:
        beta.kubernetes.io/os: linux
      hostNetwork: true
      tolerations:
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists
      # Since Calico can't network a pod until Typha is up, we need to run Typha itself
      # as a host-networked pod.
      serviceAccountName: calico-node
      containers:
      - image: <%= @quay_registry %>/calico/typha:v3.6.1
        name: calico-typha
        ports:
        - containerPort: 5473
          name: calico-typha
          protocol: TCP
        env:
          # Enable "info" logging by default.  Can be set to "debug" to increase verbosity.
          - name: TYPHA_LOGSEVERITYSCREEN
            value: "info"
          # Disable logging to file and syslog since those don't make sense in Kubernetes.
          - name: TYPHA_LOGFILEPATH
            value: "none"
          - name: TYPHA_LOGSEVERITYSYS
            value: "none"
          # Monitor the Kubernetes API to find the number of running instances and rebalance
          # connections.
          - name: TYPHA_CONNECTIONREBALANCINGMODE
            value: "kubernetes"
          - name: TYPHA_DATASTORETYPE
            value: "kubernetes"
          - name: TYPHA_HEALTHENABLED
            value: "true"
          # Uncomment these lines to enable prometheus metrics.  Since Typha is host-networked,
          # this opens a port on the host, which may need to be secured.
          #- name: TYPHA_PROMETHEUSMETRICSENABLED
          #  value: "true"
          #- name: TYPHA_PROMETHEUSMETRICSPORT
          #  value: "9093"
        livenessProbe:
          exec:
            command:
            - calico-typha
            - check
            - liveness
          periodSeconds: 30
          initialDelaySeconds: 30
        readinessProbe:
          exec:
            command:
            - calico-typha
            - check
            - readiness
          periodSeconds: 10
 ---
 # This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
 spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      k8s-app: calico-typha
 ---
 # Source: calico/templates/calico-node.yaml
 # This manifest installs the node container, as well
@ -713,12 +591,6 @@ spec:
            # Use Kubernetes API as the backing datastore.
            - name: DATASTORE_TYPE
              value: "kubernetes"
            # Typha support: controlled by the ConfigMap.
            - name: FELIX_TYPHAK8SSERVICENAME
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: typha_service_name
            # Wait for the datastore.
            - name: WAIT_FOR_DATASTORE
              value: "true"
@ -897,8 +769,10 @@ metadata:
 ---
 # Source: calico/templates/calico-etcd-secrets.yaml
 ---
 # Source: calico/templates/calico-typha.yaml
 ---
 # Source: calico/templates/configure-canal.yaml
--- a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig
+++ b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig
@ -7,8 +7,8 @@ metadata:
  name: calico-config
  namespace: kube-system
 data:
-  # You must set a non-zero value for Typha replicas below.
+  # Typha is disabled.
-  typha_service_name: "calico-typha"
+  typha_service_name: "none"
  # Configure the Calico backend to use.
  calico_backend: "bird"
@ -450,130 +450,6 @@ subjects:
  namespace: kube-system
 ---
 ---
 # Source: calico/templates/calico-typha.yaml
 # This manifest creates a Service, which will be backed by Calico's Typha daemon.
 # Typha sits in between Felix and the API server, reducing Calico's load on the API server.
 apiVersion: v1
 kind: Service
 metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
 spec:
  ports:
    - port: 5473
      protocol: TCP
      targetPort: calico-typha
      name: calico-typha
  selector:
    k8s-app: calico-typha
 ---
 # This manifest creates a Deployment of Typha to back the above service.
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
 spec:
  # Number of Typha replicas.  To enable Typha, set this to a non-zero value *and* set the
  # typha_service_name variable in the calico-config ConfigMap above.
  #
  # We recommend using Typha if you have more than 50 nodes.  Above 100 nodes it is essential
  # (when using the Kubernetes datastore).  Use one replica for every 100-200 nodes.  In
  # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade.
  replicas: 1
  revisionHistoryLimit: 2
  template:
    metadata:
      labels:
        k8s-app: calico-typha
      annotations:
        # This, along with the CriticalAddonsOnly toleration below, marks the pod as a critical
        # add-on, ensuring it gets priority scheduling and that its resources are reserved
        # if it ever gets evicted.
        scheduler.alpha.kubernetes.io/critical-pod: ''
        cluster-autoscaler.kubernetes.io/safe-to-evict: 'true'
    spec:
      nodeSelector:
        beta.kubernetes.io/os: linux
      hostNetwork: true
      tolerations:
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists
      # Since Calico can't network a pod until Typha is up, we need to run Typha itself
      # as a host-networked pod.
      serviceAccountName: calico-node
      containers:
      - image: calico/typha:v3.6.1
        name: calico-typha
        ports:
        - containerPort: 5473
          name: calico-typha
          protocol: TCP
        env:
          # Enable "info" logging by default.  Can be set to "debug" to increase verbosity.
          - name: TYPHA_LOGSEVERITYSCREEN
            value: "info"
          # Disable logging to file and syslog since those don't make sense in Kubernetes.
          - name: TYPHA_LOGFILEPATH
            value: "none"
          - name: TYPHA_LOGSEVERITYSYS
            value: "none"
          # Monitor the Kubernetes API to find the number of running instances and rebalance
          # connections.
          - name: TYPHA_CONNECTIONREBALANCINGMODE
            value: "kubernetes"
          - name: TYPHA_DATASTORETYPE
            value: "kubernetes"
          - name: TYPHA_HEALTHENABLED
            value: "true"
          # Uncomment these lines to enable prometheus metrics.  Since Typha is host-networked,
          # this opens a port on the host, which may need to be secured.
          #- name: TYPHA_PROMETHEUSMETRICSENABLED
          #  value: "true"
          #- name: TYPHA_PROMETHEUSMETRICSPORT
          #  value: "9093"
        livenessProbe:
          exec:
            command:
            - calico-typha
            - check
            - liveness
          periodSeconds: 30
          initialDelaySeconds: 30
        readinessProbe:
          exec:
            command:
            - calico-typha
            - check
            - readiness
          periodSeconds: 10
 ---
 # This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
 spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      k8s-app: calico-typha
 ---
 # Source: calico/templates/calico-node.yaml
 # This manifest installs the node container, as well
@ -687,12 +563,6 @@ spec:
            # Use Kubernetes API as the backing datastore.
            - name: DATASTORE_TYPE
              value: "kubernetes"
            # Typha support: controlled by the ConfigMap.
            - name: FELIX_TYPHAK8SSERVICENAME
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: typha_service_name
            # Wait for the datastore.
            - name: WAIT_FOR_DATASTORE
              value: "true"
@ -869,8 +739,10 @@ metadata:
 ---
 # Source: calico/templates/calico-etcd-secrets.yaml
 ---
 # Source: calico/templates/calico-typha.yaml
 ---
 # Source: calico/templates/configure-canal.yaml
`@ -1,2 +1,2 @@`
	`SRC_DIR="src"`	`SRC_DIR="src"`
	`TIS_PATCH_VER=85`	`TIS_PATCH_VER=86`