New calico config without flannel

2020-07-05 23:42:23 +01:00 · 2020-07-05 23:42:23 +01:00 · 967f27baac
commit 967f27baac
parent ab986c21c8
5 changed files with 25 additions and 4 deletions
--- a/artifacts/kubezero-calico/README.md
+++ b/artifacts/kubezero-calico/README.md
@ -9,7 +9,18 @@ Calico is setup based on the upstream calico-vxlan config from

 Changes:

+- VxLAN set to Always to not expose cluster communication to VPC  
+
+    -> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic  
+    -> No need to disable source/destination check on EC2 instances  
+    -> Prepared for optional WireGuard encryption for all inter node traffic
+
 - MTU set to 8941
- Disable BGB and BIRD healthchecks
+
+- Removed migration init-container
+
+- Disable BGB and BIRD health checks
+
 - Set FELIX log level to warning
+
 - Enable Prometheus metrics
--- a/charts/kubezero/templates/_app.yaml
+++ b/charts/kubezero/templates/_app.yaml
@ -9,7 +9,7 @@ metadata:
  {{- if not .retain }}
  finalizers:
    - resources-finalizer.argocd.argoproj.io
-  {{ end }}
+  {{- end }}
 spec:
  project: kubezero

@ -18,14 +18,14 @@ spec:
    targetRevision: {{ .root.Values.global.defaultSource.targetRevision }}
    {{- if eq .type "helm" }}
    {{- $my_values := index .root.Values .name "values" }}
-    path: {{ .root.Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ .name }}
+    path: {{ .root.Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ default .name .path }}
    {{- if $my_values }}
    helm:
      values: |
 {{- toYaml $my_values | nindent 8 }}
    {{- end }}
    {{- else }}
-    path: {{ .root.Values.global.defaultSource.pathPrefix }}artifacts/kubezero-{{ .name }}
+    path: {{ .root.Values.global.defaultSource.pathPrefix }}artifacts/kubezero-{{ default .name .path }}
    {{- end }}

  destination:
--- a/charts/kubezero/templates/calico.yaml
+++ b/charts/kubezero/templates/calico.yaml
@ -1,3 +1,8 @@
+# {{ .Values.calico.network }}
 {{- if .Values.calico.enabled }}
+{{- if .Values.calico.network }}
+{{ template "kubezero-app.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true "path" (printf "%s/%s" "calico" .Values.platform) }}
+{{- else }}
 {{ template "kubezero-app.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true }}
 {{- end }}
+{{- end }}
--- a/charts/kubezero/values.yaml
+++ b/charts/kubezero/values.yaml
@ -13,6 +13,8 @@ global:
    # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees
    pathPrefix: ''

+platform: aws
+
 calico:
  enabled: true

--- a/deploy/templates/values.yaml
+++ b/deploy/templates/values.yaml
@ -5,6 +5,9 @@ kubezero:
  {{- end }}
  calico:
    enabled: {{ .Values.calico.enabled  }}
+    {{- if .Values.calico.network }}
+    network: {{ .Values.calico.network }}
+    {{- end }}
  cert-manager:
    enabled: {{ index .Values "cert-manager" "enabled" }}
    values: