From 0820cc211e73e40317d40e4bbedc4b4608938cb9 Mon Sep 17 00:00:00 2001 From: Al Bailey Date: Fri, 12 Apr 2019 11:53:33 -0500 Subject: [PATCH] Convert calico to use non typha config Calico is meant to be configured for a < 50 node system. The configuration for the > 50 node system had been mistakenly selected. Story: 2005198 Task: 30499 Change-Id: I5bd058a40b29f0a32f8d51d58054ab07faf3d85f Signed-off-by: Al Bailey --- puppet-manifests/centos/build_srpm.data | 2 +- .../platform/templates/calico.yaml.erb | 142 +----------------- .../platform/templates/calico.yaml.erb.orig | 138 +---------------- 3 files changed, 14 insertions(+), 268 deletions(-) diff --git a/puppet-manifests/centos/build_srpm.data b/puppet-manifests/centos/build_srpm.data index a11e7da69..dde28e0a0 100644 --- a/puppet-manifests/centos/build_srpm.data +++ b/puppet-manifests/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="src" -TIS_PATCH_VER=85 +TIS_PATCH_VER=86 diff --git a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb index 47bd0f46e..0bd619f74 100644 --- a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb +++ b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb @@ -2,9 +2,11 @@ # Calico Version v3.6 # Based off: # https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/ -# hosted/kubernetes-datastore/calico-networking/typha/calico.yaml +# hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml # Original file located in the source tree as calico.yaml.erb.orig # +# This is the calico configuration file for systems with less than 50 nodes. +# # Notes when upversioning calico: # # Refer to configuration instructions here: @@ -33,8 +35,8 @@ metadata: name: calico-config namespace: kube-system data: - # You must set a non-zero value for Typha replicas below. - typha_service_name: "calico-typha" + # Typha is disabled. + typha_service_name: "none" # Configure the Calico backend to use. calico_backend: "bird" @@ -476,130 +478,6 @@ subjects: namespace: kube-system --- ---- -# Source: calico/templates/calico-typha.yaml -# This manifest creates a Service, which will be backed by Calico's Typha daemon. -# Typha sits in between Felix and the API server, reducing Calico's load on the API server. - -apiVersion: v1 -kind: Service -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - ports: - - port: 5473 - protocol: TCP - targetPort: calico-typha - name: calico-typha - selector: - k8s-app: calico-typha - ---- - -# This manifest creates a Deployment of Typha to back the above service. - -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - # Number of Typha replicas. To enable Typha, set this to a non-zero value *and* set the - # typha_service_name variable in the calico-config ConfigMap above. - # - # We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is essential - # (when using the Kubernetes datastore). Use one replica for every 100-200 nodes. In - # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade. - replicas: 1 - revisionHistoryLimit: 2 - template: - metadata: - labels: - k8s-app: calico-typha - annotations: - # This, along with the CriticalAddonsOnly toleration below, marks the pod as a critical - # add-on, ensuring it gets priority scheduling and that its resources are reserved - # if it ever gets evicted. - scheduler.alpha.kubernetes.io/critical-pod: '' - cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' - spec: - nodeSelector: - beta.kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - # Since Calico can't network a pod until Typha is up, we need to run Typha itself - # as a host-networked pod. - serviceAccountName: calico-node - containers: - - image: <%= @quay_registry %>/calico/typha:v3.6.1 - name: calico-typha - ports: - - containerPort: 5473 - name: calico-typha - protocol: TCP - env: - # Enable "info" logging by default. Can be set to "debug" to increase verbosity. - - name: TYPHA_LOGSEVERITYSCREEN - value: "info" - # Disable logging to file and syslog since those don't make sense in Kubernetes. - - name: TYPHA_LOGFILEPATH - value: "none" - - name: TYPHA_LOGSEVERITYSYS - value: "none" - # Monitor the Kubernetes API to find the number of running instances and rebalance - # connections. - - name: TYPHA_CONNECTIONREBALANCINGMODE - value: "kubernetes" - - name: TYPHA_DATASTORETYPE - value: "kubernetes" - - name: TYPHA_HEALTHENABLED - value: "true" - # Uncomment these lines to enable prometheus metrics. Since Typha is host-networked, - # this opens a port on the host, which may need to be secured. - #- name: TYPHA_PROMETHEUSMETRICSENABLED - # value: "true" - #- name: TYPHA_PROMETHEUSMETRICSPORT - # value: "9093" - livenessProbe: - exec: - command: - - calico-typha - - check - - liveness - periodSeconds: 30 - initialDelaySeconds: 30 - readinessProbe: - exec: - command: - - calico-typha - - check - - readiness - periodSeconds: 10 - ---- - -# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict - -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: calico-typha --- # Source: calico/templates/calico-node.yaml # This manifest installs the node container, as well @@ -713,12 +591,6 @@ spec: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE value: "kubernetes" - # Typha support: controlled by the ConfigMap. - - name: FELIX_TYPHAK8SSERVICENAME - valueFrom: - configMapKeyRef: - name: calico-config - key: typha_service_name # Wait for the datastore. - name: WAIT_FOR_DATASTORE value: "true" @@ -897,8 +769,10 @@ metadata: --- # Source: calico/templates/calico-etcd-secrets.yaml +--- +# Source: calico/templates/calico-typha.yaml + --- # Source: calico/templates/configure-canal.yaml - diff --git a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig index b8131056e..0023deee6 100644 --- a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig +++ b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig @@ -7,8 +7,8 @@ metadata: name: calico-config namespace: kube-system data: - # You must set a non-zero value for Typha replicas below. - typha_service_name: "calico-typha" + # Typha is disabled. + typha_service_name: "none" # Configure the Calico backend to use. calico_backend: "bird" @@ -450,130 +450,6 @@ subjects: namespace: kube-system --- ---- -# Source: calico/templates/calico-typha.yaml -# This manifest creates a Service, which will be backed by Calico's Typha daemon. -# Typha sits in between Felix and the API server, reducing Calico's load on the API server. - -apiVersion: v1 -kind: Service -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - ports: - - port: 5473 - protocol: TCP - targetPort: calico-typha - name: calico-typha - selector: - k8s-app: calico-typha - ---- - -# This manifest creates a Deployment of Typha to back the above service. - -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - # Number of Typha replicas. To enable Typha, set this to a non-zero value *and* set the - # typha_service_name variable in the calico-config ConfigMap above. - # - # We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is essential - # (when using the Kubernetes datastore). Use one replica for every 100-200 nodes. In - # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade. - replicas: 1 - revisionHistoryLimit: 2 - template: - metadata: - labels: - k8s-app: calico-typha - annotations: - # This, along with the CriticalAddonsOnly toleration below, marks the pod as a critical - # add-on, ensuring it gets priority scheduling and that its resources are reserved - # if it ever gets evicted. - scheduler.alpha.kubernetes.io/critical-pod: '' - cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' - spec: - nodeSelector: - beta.kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - # Since Calico can't network a pod until Typha is up, we need to run Typha itself - # as a host-networked pod. - serviceAccountName: calico-node - containers: - - image: calico/typha:v3.6.1 - name: calico-typha - ports: - - containerPort: 5473 - name: calico-typha - protocol: TCP - env: - # Enable "info" logging by default. Can be set to "debug" to increase verbosity. - - name: TYPHA_LOGSEVERITYSCREEN - value: "info" - # Disable logging to file and syslog since those don't make sense in Kubernetes. - - name: TYPHA_LOGFILEPATH - value: "none" - - name: TYPHA_LOGSEVERITYSYS - value: "none" - # Monitor the Kubernetes API to find the number of running instances and rebalance - # connections. - - name: TYPHA_CONNECTIONREBALANCINGMODE - value: "kubernetes" - - name: TYPHA_DATASTORETYPE - value: "kubernetes" - - name: TYPHA_HEALTHENABLED - value: "true" - # Uncomment these lines to enable prometheus metrics. Since Typha is host-networked, - # this opens a port on the host, which may need to be secured. - #- name: TYPHA_PROMETHEUSMETRICSENABLED - # value: "true" - #- name: TYPHA_PROMETHEUSMETRICSPORT - # value: "9093" - livenessProbe: - exec: - command: - - calico-typha - - check - - liveness - periodSeconds: 30 - initialDelaySeconds: 30 - readinessProbe: - exec: - command: - - calico-typha - - check - - readiness - periodSeconds: 10 - ---- - -# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict - -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: calico-typha --- # Source: calico/templates/calico-node.yaml # This manifest installs the node container, as well @@ -687,12 +563,6 @@ spec: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE value: "kubernetes" - # Typha support: controlled by the ConfigMap. - - name: FELIX_TYPHAK8SSERVICENAME - valueFrom: - configMapKeyRef: - name: calico-config - key: typha_service_name # Wait for the datastore. - name: WAIT_FOR_DATASTORE value: "true" @@ -869,8 +739,10 @@ metadata: --- # Source: calico/templates/calico-etcd-secrets.yaml +--- +# Source: calico/templates/calico-typha.yaml + --- # Source: calico/templates/configure-canal.yaml -