Skip to content

Commit

Permalink
更新支持 calico v3.4.x
Browse files Browse the repository at this point in the history
  • Loading branch information
@gjmzj
gjmzj committed Feb 15, 2019
1 parent 2cb94ff commit 6d544cc
Show file tree
Hide file tree
Showing 7 changed files with 649 additions and 84 deletions.
1 change: 0 additions & 1 deletion docs/setup/network-plugin/calico.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ roles/calico/
└── templates
├── calico-csr.json.j2
├── calicoctl.cfg.j2
├── calico-rbac.yaml.j2
└── calico.yaml.j2
```
请在另外窗口打开[roles/calico/tasks/main.yml](../roles/calico/tasks/main.yml) 文件,对照看以下讲解内容。
Expand Down
8 changes: 5 additions & 3 deletions roles/calico/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,11 @@ FELIX_LOG_LVL: "warning"
#IP_AUTODETECTION_METHOD: "interface=eth0"
IP_AUTODETECTION_METHOD: "can-reach={{ groups.deploy[0] }}"

# 镜像版本
# 更新支持calico 版本: [v3.2.4]和[v3.3.2]
calico_ver: "v3.3.2"
# 更新支持calico 版本: [v3.2.x] [v3.3.x] [v3.4.x]
calico_ver: "v3.4.1"

# calico 主版本
calico_ver_main: "{{ calico_ver.split('.')[0] }}.{{ calico_ver.split('.')[1] }}"

# 离线镜像tar包
calico_offline: "calico_{{ calico_ver }}.tar"
4 changes: 1 addition & 3 deletions roles/calico/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,8 @@
when: '"calico-etcd-secrets" not in secrets_info.stdout'

- name: 配置 calico DaemonSet yaml文件
template: src=calico-{{ calico_ver }}.yaml.j2 dest=/opt/kube/kube-system/calico/calico.yaml
template: src=calico-{{ calico_ver_main }}.yaml.j2 dest=/opt/kube/kube-system/calico/calico.yaml

- name: 配置 calico rbac
template: src=calico-rbac.yaml.j2 dest=/opt/kube/kube-system/calico/calico-rbac.yaml
delegate_to: "{{ groups.deploy[0] }}"
run_once: true

Expand Down
77 changes: 0 additions & 77 deletions roles/calico/templates/calico-rbac.yaml.j2
View file

This file was deleted.

74 changes: 74 additions & 0 deletions roles/calico/templates/calico-v3.2.4.yaml.j2 → roles/calico/templates/calico-v3.2.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,3 +393,77 @@ metadata:
name: calico-kube-controllers
namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-kube-controllers
rules:
- apiGroups:
- ""
- extensions
resources:
- pods
- namespaces
- networkpolicies
- nodes
- serviceaccounts
verbs:
- watch
- list
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- watch
- list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-kube-controllers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-kube-controllers
subjects:
- kind: ServiceAccount
name: calico-kube-controllers
namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-node
rules:
- apiGroups: [""]
resources:
- pods
- nodes
- namespaces
verbs:
- get
- apiGroups: [""]
resources:
- nodes/status
verbs:
- patch

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: calico-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:
- kind: ServiceAccount
name: calico-node
namespace: kube-system
74 changes: 74 additions & 0 deletions roles/calico/templates/calico-v3.3.2.yaml.j2 → roles/calico/templates/calico-v3.3.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,3 +402,77 @@ metadata:
name: calico-kube-controllers
namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-kube-controllers
rules:
- apiGroups:
- ""
- extensions
resources:
- pods
- namespaces
- networkpolicies
- nodes
- serviceaccounts
verbs:
- watch
- list
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- watch
- list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-kube-controllers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-kube-controllers
subjects:
- kind: ServiceAccount
name: calico-kube-controllers
namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-node
rules:
- apiGroups: [""]
resources:
- pods
- nodes
- namespaces
verbs:
- get
- apiGroups: [""]
resources:
- nodes/status
verbs:
- patch

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: calico-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:
- kind: ServiceAccount
name: calico-node
namespace: kube-system
Loading

0 comments on commit 6d544cc

Please sign in to comment.