New calico config without flannel

This commit is contained in:
Stefan Reimer 2020-07-05 23:42:23 +01:00
parent ab986c21c8
commit 967f27baac
5 changed files with 25 additions and 4 deletions

View File

@ -9,7 +9,18 @@ Calico is setup based on the upstream calico-vxlan config from
Changes:
- VxLAN set to Always to not expose cluster communication to VPC
-> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic
-> No need to disable source/destination check on EC2 instances
-> Prepared for optional WireGuard encryption for all inter node traffic
- MTU set to 8941
- Disable BGB and BIRD healthchecks
- Removed migration init-container
- Disable BGB and BIRD health checks
- Set FELIX log level to warning
- Enable Prometheus metrics

View File

@ -9,7 +9,7 @@ metadata:
{{- if not .retain }}
finalizers:
- resources-finalizer.argocd.argoproj.io
{{ end }}
{{- end }}
spec:
project: kubezero
@ -18,14 +18,14 @@ spec:
targetRevision: {{ .root.Values.global.defaultSource.targetRevision }}
{{- if eq .type "helm" }}
{{- $my_values := index .root.Values .name "values" }}
path: {{ .root.Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ .name }}
path: {{ .root.Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ default .name .path }}
{{- if $my_values }}
helm:
values: |
{{- toYaml $my_values | nindent 8 }}
{{- end }}
{{- else }}
path: {{ .root.Values.global.defaultSource.pathPrefix }}artifacts/kubezero-{{ .name }}
path: {{ .root.Values.global.defaultSource.pathPrefix }}artifacts/kubezero-{{ default .name .path }}
{{- end }}
destination:

View File

@ -1,3 +1,8 @@
# {{ .Values.calico.network }}
{{- if .Values.calico.enabled }}
{{- if .Values.calico.network }}
{{ template "kubezero-app.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true "path" (printf "%s/%s" "calico" .Values.platform) }}
{{- else }}
{{ template "kubezero-app.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true }}
{{- end }}
{{- end }}

View File

@ -13,6 +13,8 @@ global:
# defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees
pathPrefix: ''
platform: aws
calico:
enabled: true

View File

@ -5,6 +5,9 @@ kubezero:
{{- end }}
calico:
enabled: {{ .Values.calico.enabled }}
{{- if .Values.calico.network }}
network: {{ .Values.calico.network }}
{{- end }}
cert-manager:
enabled: {{ index .Values "cert-manager" "enabled" }}
values: