New Calico AWS config
This commit is contained in:
parent
d74bb037d8
commit
c882851286
@ -1,11 +1,15 @@
|
||||
# Calico CNI
|
||||
|
||||
## Known issues
|
||||
Due to a bug in Kustomize V2 vs. V3 we have to remove all namespaces from the base resources.
|
||||
The kube-system namespace will be applied by kustomize.
|
||||
Current top-level still contains the deprecated Canal implementation.
|
||||
Removed once new AWS config is tested and rolled out to all existing clusters.
|
||||
|
||||
See eg: `https://github.com/kubernetes-sigs/kustomize/issues/1351`
|
||||
## AWS
|
||||
Calico is setup based on the upstream calico-vxlan config from
|
||||
`https://docs.projectcalico.org/v3.15/manifests/calico-vxlan.yaml`
|
||||
|
||||
## Upgrade
|
||||
See: https://docs.projectcalico.org/maintenance/kubernetes-upgrade
|
||||
`curl https://docs.projectcalico.org/manifests/canal.yaml -O && patch < remove-namespace.patch`
|
||||
Changes:
|
||||
|
||||
- MTU set to 8941
|
||||
- Disable BGB and BIRD healthchecks
|
||||
- Set FELIX log level to warning
|
||||
- Enable Prometheus metrics
|
||||
|
101
artifacts/kubezero-calico/aws/calico-v3.15.patch
Normal file
101
artifacts/kubezero-calico/aws/calico-v3.15.patch
Normal file
@ -0,0 +1,101 @@
|
||||
--- calico-vxlan.yaml 2020-07-03 15:32:40.740506882 +0100
|
||||
+++ calico.yaml 2020-07-03 15:27:47.651499841 +0100
|
||||
@@ -10,13 +10,13 @@
|
||||
# Typha is disabled.
|
||||
typha_service_name: "none"
|
||||
# Configure the backend to use.
|
||||
- calico_backend: "bird"
|
||||
+ calico_backend: "vxlan"
|
||||
# Configure the MTU to use for workload interfaces and tunnels.
|
||||
# - If Wireguard is enabled, set to your network MTU - 60
|
||||
# - Otherwise, if VXLAN or BPF mode is enabled, set to your network MTU - 50
|
||||
# - Otherwise, if IPIP is enabled, set to your network MTU - 20
|
||||
# - Otherwise, if not using any encapsulation, set to your network MTU.
|
||||
- veth_mtu: "1410"
|
||||
+ veth_mtu: "8941"
|
||||
|
||||
# The CNI network configuration to install on each node. The special
|
||||
# values in this config will be automatically populated.
|
||||
@@ -3451,29 +3451,6 @@
|
||||
terminationGracePeriodSeconds: 0
|
||||
priorityClassName: system-node-critical
|
||||
initContainers:
|
||||
- # This container performs upgrade from host-local IPAM to calico-ipam.
|
||||
- # It can be deleted if this is a fresh installation, or if you have already
|
||||
- # upgraded to use calico-ipam.
|
||||
- - name: upgrade-ipam
|
||||
- image: calico/cni:v3.15.0
|
||||
- command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
|
||||
- env:
|
||||
- - name: KUBERNETES_NODE_NAME
|
||||
- valueFrom:
|
||||
- fieldRef:
|
||||
- fieldPath: spec.nodeName
|
||||
- - name: CALICO_NETWORKING_BACKEND
|
||||
- valueFrom:
|
||||
- configMapKeyRef:
|
||||
- name: calico-config
|
||||
- key: calico_backend
|
||||
- volumeMounts:
|
||||
- - mountPath: /var/lib/cni/networks
|
||||
- name: host-local-net-dir
|
||||
- - mountPath: /host/opt/cni/bin
|
||||
- name: cni-bin-dir
|
||||
- securityContext:
|
||||
- privileged: true
|
||||
# This container installs the CNI binaries
|
||||
# and CNI network config file on each node.
|
||||
- name: install-cni
|
||||
@@ -3545,7 +3522,7 @@
|
||||
key: calico_backend
|
||||
# Cluster type to identify the deployment type
|
||||
- name: CLUSTER_TYPE
|
||||
- value: "k8s,bgp"
|
||||
+ value: "k8s,kubeadm"
|
||||
# Auto-detect the BGP IP address.
|
||||
- name: IP
|
||||
value: "autodetect"
|
||||
@@ -3554,7 +3531,7 @@
|
||||
value: "Never"
|
||||
# Enable or Disable VXLAN on the default IP pool.
|
||||
- name: CALICO_IPV4POOL_VXLAN
|
||||
- value: "CrossSubnet"
|
||||
+ value: "Always"
|
||||
# Set MTU for tunnel device used if ipip is enabled
|
||||
- name: FELIX_IPINIPMTU
|
||||
valueFrom:
|
||||
@@ -3595,9 +3572,17 @@
|
||||
value: "false"
|
||||
# Set Felix logging to "info"
|
||||
- name: FELIX_LOGSEVERITYSCREEN
|
||||
- value: "info"
|
||||
+ value: "Warning"
|
||||
+ - name: FELIX_LOGSEVERITYFILE
|
||||
+ value: "Warning"
|
||||
+ - name: FELIX_LOGSEVERITYSYS
|
||||
+ value: ""
|
||||
- name: FELIX_HEALTHENABLED
|
||||
value: "true"
|
||||
+ - name: FELIX_PROMETHEUSGOMETRICSENABLED
|
||||
+ value: "false"
|
||||
+ - name: FELIX_PROMETHEUSMETRICSENABLED
|
||||
+ value: "true"
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
||||
@@ -3608,7 +3593,6 @@
|
||||
command:
|
||||
- /bin/calico-node
|
||||
- -felix-live
|
||||
- - -bird-live
|
||||
periodSeconds: 10
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 6
|
||||
@@ -3617,7 +3601,6 @@
|
||||
command:
|
||||
- /bin/calico-node
|
||||
- -felix-ready
|
||||
- - -bird-ready
|
||||
periodSeconds: 10
|
||||
volumeMounts:
|
||||
- mountPath: /lib/modules
|
@ -3572,9 +3572,17 @@ spec:
|
||||
value: "false"
|
||||
# Set Felix logging to "info"
|
||||
- name: FELIX_LOGSEVERITYSCREEN
|
||||
value: "info"
|
||||
value: "Warning"
|
||||
- name: FELIX_LOGSEVERITYFILE
|
||||
value: "Warning"
|
||||
- name: FELIX_LOGSEVERITYSYS
|
||||
value: ""
|
||||
- name: FELIX_HEALTHENABLED
|
||||
value: "true"
|
||||
- name: FELIX_PROMETHEUSGOMETRICSENABLED
|
||||
value: "false"
|
||||
- name: FELIX_PROMETHEUSMETRICSENABLED
|
||||
value: "true"
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
Loading…
Reference in New Issue
Block a user