ZeroDownTime
/
kubezero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Releases Wiki Activity

Add options migration to calico

This commit is contained in:
Stefan Reimer 2020-07-07 13:17:20 +01:00
parent aec5c189fe
commit f9d8083dbc
5 changed files with 205 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/kubezero-calico/templates/calico.yaml
View File

@ -322,6 +322,10 @@ spec:
spec:
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.migration }}
# Only run Calico on nodes that have been migrated.
projectcalico.org/node-network-during-migration: calico
{{- end }}
hostNetwork: true
tolerations:
# Make sure calico-node gets scheduled on all nodes.

192
charts/kubezero-calico/templates/migration-job.yaml Normal file
View File

@ -0,0 +1,192 @@
{{- if .Values.migration }}
---
# This ConfigMap is used to store Flannel subnet.env content.
kind: ConfigMap
apiVersion: v1
metadata:
name: flannel-migration-config
namespace: kube-system
data:
# Do not edit! This field is updated by migration controller.
flannel_subnet_env: ""
---
# Include a clusterrole for the kube-controllers component,
# and bind it to the flannel-migration-controller serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel-migration-controller
rules:
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
resources:
- nodes
verbs:
- watch
- list
- get
- patch
- update
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
resources:
- nodes/status
verbs:
- get
- update
# Pods are created/deleted.
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- create
- delete
# Pods/exec are created.
- apiGroups: [""]
resources:
- pods/exec
verbs:
- create
# Configmaps are updated.
- apiGroups: [""]
resources:
- configmaps
verbs:
- get
- update
- apiGroups: [""]
resources:
- pods/eviction
verbs:
- create
# Daemonset are watched to monitor for deletions.
- apiGroups: ["apps", "extensions"]
resources:
- daemonsets
verbs:
- get
- delete
- update
# IPAM resources are manipulated when nodes are deleted.
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
verbs:
- get
- list
- create
- update
- delete
- apiGroups: ["crd.projectcalico.org"]
resources:
- ipamconfigs
- blockaffinities
- ipamblocks
- ipamhandles
verbs:
- get
- list
- create
- update
- delete
# Needs access to update clusterinformations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- clusterinformations
verbs:
- get
- create
- update
# Needs access to update felixconfigurations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- felixconfigurations
verbs:
- get
- create
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel-migration-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel-migration-controller
subjects:
- kind: ServiceAccount
name: flannel-migration-controller
namespace: kube-system
---
# See https://github.com/projectcalico/kube-controllers
apiVersion: batch/v1
kind: Job
metadata:
name: flannel-migration
namespace: kube-system
labels:
k8s-app: flannel-migration-controller
spec:
backoffLimit: 10
template:
metadata:
name: flannel-migration-controller
namespace: kube-system
labels:
k8s-app: flannel-migration-controller
spec:
nodeSelector:
kubernetes.io/os: linux
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
serviceAccountName: flannel-migration-controller
priorityClassName: system-cluster-critical
restartPolicy: OnFailure
containers:
- name: flannel-migration-controller
image: calico/flannel-migration-controller:v3.15.0
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS
value: flannelmigration
- name: DATASTORE_TYPE
value: kubernetes
- name: FLANNEL_DAEMONSET_NAME
value: canal
- name: FLANNEL_SUBNET_ENV
valueFrom:
configMapKeyRef:
name: flannel-migration-config
key: flannel_subnet_env
- name: POD_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /host/run/flannel/subnet.env
name: flannel-env-file
readinessProbe:
exec:
command:
- /usr/bin/check-status
- -r
volumes:
- name: flannel-env-file
hostPath:
path: /run/flannel/subnet.env
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel-migration-controller
namespace: kube-system
{{- end }}

5
charts/kubezero-calico/values.yaml
View File

@ -1,4 +1,9 @@
migration: false
network: vxlan
mtu: 8941
loglevel: Warning
prometheus: false

1
deploy/templates/values.yaml
View File

@ -8,6 +8,7 @@ kubezero:
{{- if .Values.calico.network }}
network: {{ .Values.calico.network }}
{{- end }}
migration: {{ .Values.calico.migration }}
prometheus: {{ .Values.prometheus.enabled }}
cert-manager:
enabled: {{ index .Values "cert-manager" "enabled" }}

11
scripts/publish.sh
View File

@ -14,6 +14,7 @@ helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add argoproj https://argoproj.github.io/argo-helm
helm repo add jetstack https://charts.jetstack.io
helm repo add uswitch https://uswitch.github.io/kiam-helm-charts/charts/
helm repo update
for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
do
@ -21,15 +22,9 @@ do
if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ]
then
# Bug with Helm subcharts with hyphen on them
# https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684
if [ "$name" == "argo-cd" ]
then
echo "Restore ArgoCD RedisHA subchart"
git checkout $dir
fi
echo "Processing chart dependencies"
helm --debug dep build $dir
rm -rf $dir/tmpcharts
helm dependency update --skip-refresh $dir
fi
echo "Processing $dir"