Created
March 23, 2017 23:23
-
-
Save heschlie/a155397765f91ed5ff76d4fee3fce8e0 to your computer and use it in GitHub Desktop.
Canal deployment for Tectonic
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This ConfigMap can be used to configure a self-hosted Canal installation. | |
kind: ConfigMap | |
apiVersion: v1 | |
metadata: | |
name: canal-config | |
namespace: kube-system | |
data: | |
# Configure this with the location of your etcd cluster. | |
etcd_endpoints: "http://127.0.0.1:2379" | |
# The CNI network configuration to install on each node. The special | |
# values in this config will be automatically populated. | |
cni_network_config: |- | |
{ | |
"name": "cbr0", | |
"type": "flannel", | |
"delegate": { | |
"type": "calico", | |
"etcd_endpoints": "__ETCD_ENDPOINTS__", | |
"log_level": "info", | |
"policy": { | |
"type": "k8s", | |
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__", | |
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" | |
}, | |
"kubernetes": { | |
"kubeconfig": "/etc/kubernetes/cni/net.d/__KUBECONFIG_FILENAME__" | |
} | |
} | |
} | |
--- | |
# This manifest installs the per-node agents, as well | |
# as the CNI plugins and network config on | |
# each master and worker node in a Kubernetes cluster. | |
kind: DaemonSet | |
apiVersion: extensions/v1beta1 | |
metadata: | |
name: canal-node | |
namespace: kube-system | |
labels: | |
k8s-app: canal-node | |
spec: | |
selector: | |
matchLabels: | |
k8s-app: canal-node | |
template: | |
metadata: | |
annotations: | |
scheduler.alpha.kubernetes.io/critical-pod: '' | |
scheduler.alpha.kubernetes.io/tolerations: | | |
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" }, | |
{"key":"CriticalAddonsOnly", "operator":"Exists"}] | |
labels: | |
k8s-app: canal-node | |
spec: | |
hostNetwork: true | |
containers: | |
# Runs calico/node container on each Kubernetes node. This | |
# container programs network policy and local routes on each | |
# host. | |
- name: calico-node | |
image: quay.io/calico/node:v1.0.1 | |
env: | |
# The location of the etcd cluster. | |
- name: ETCD_ENDPOINTS | |
valueFrom: | |
configMapKeyRef: | |
name: canal-config | |
key: etcd_endpoints | |
# Disable Calico BGP. Calico is simply enforcing policy. | |
- name: CALICO_NETWORKING_BACKEND | |
value: "none" | |
# Disable file logging so `kubectl logs` works. | |
- name: CALICO_DISABLE_FILE_LOGGING | |
value: "true" | |
securityContext: | |
privileged: true | |
volumeMounts: | |
- mountPath: /lib/modules | |
name: lib-modules | |
readOnly: true | |
- mountPath: /var/run/calico | |
name: var-run-calico | |
readOnly: false | |
# This container installs the Calico CNI binaries | |
# and CNI network config file on each node. | |
- name: install-calico-cni | |
image: quay.io/calico/cni:v1.5.5 | |
imagePullPolicy: Always | |
command: ["/install-cni.sh"] | |
env: | |
# The name of the CNI network config file to install. | |
- name: CNI_CONF_NAME | |
value: "10-canal.conf" | |
# The location of the etcd cluster. | |
- name: ETCD_ENDPOINTS | |
valueFrom: | |
configMapKeyRef: | |
name: canal-config | |
key: etcd_endpoints | |
# The CNI network config to install on each node. | |
- name: CNI_NETWORK_CONFIG | |
valueFrom: | |
configMapKeyRef: | |
name: canal-config | |
key: cni_network_config | |
volumeMounts: | |
- mountPath: /host/opt/cni/bin | |
name: cni-bin-dir | |
- mountPath: /host/etc/cni/net.d | |
name: cni-net-dir | |
volumes: | |
# Used by calico/node. | |
- name: lib-modules | |
hostPath: | |
path: /lib/modules | |
- name: var-run-calico | |
hostPath: | |
path: /var/run/calico | |
# Used to install CNI. | |
- name: cni-bin-dir | |
hostPath: | |
path: /opt/cni/bin | |
- name: cni-net-dir | |
hostPath: | |
path: /etc/kubernetes/cni/net.d | |
--- | |
# This manifest deploys the Calico policy controller on Kubernetes. | |
# See https://github.com/projectcalico/k8s-policy | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: calico-policy-controller | |
namespace: kube-system | |
labels: | |
k8s-app: calico-policy | |
spec: | |
# The policy controller can only have a single active instance. | |
replicas: 1 | |
template: | |
metadata: | |
name: calico-policy-controller | |
namespace: kube-system | |
labels: | |
k8s-app: calico-policy | |
spec: | |
# The policy controller must run in the host network namespace so that | |
# it isn't governed by policy that would prevent it from working. | |
hostNetwork: true | |
containers: | |
- name: calico-policy-controller | |
image: quay.io/calico/kube-policy-controller:v0.5.2 | |
env: | |
# The location of the Calico etcd cluster. | |
- name: ETCD_ENDPOINTS | |
valueFrom: | |
configMapKeyRef: | |
name: canal-config | |
key: etcd_endpoints | |
# The location of the Kubernetes API. Use the default Kubernetes | |
# service for API access. | |
- name: K8S_API | |
value: "https://kubernetes.default:443" | |
# Since we're running in the host namespace and might not have KubeDNS | |
# access, configure the container's /etc/hosts to resolve | |
# kubernetes.default to the correct service clusterIP. | |
- name: CONFIGURE_ETC_HOSTS | |
value: "true" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment