diff --git a/resources/calico/bgpconfigurations-crd.yaml b/resources/calico/bgpconfigurations-crd.yaml new file mode 100644 index 0000000..c48ff48 --- /dev/null +++ b/resources/calico/bgpconfigurations-crd.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +description: Calico BGP Configuration +kind: CustomResourceDefinition +metadata: + name: bgpconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: BGPConfiguration + plural: bgpconfigurations + singular: bgpconfiguration diff --git a/resources/calico/calico-bgp-peers.yaml b/resources/calico/bgppeers-crd.yaml similarity index 100% rename from resources/calico/calico-bgp-peers.yaml rename to resources/calico/bgppeers-crd.yaml diff --git a/resources/calico/calico-cluster-role.yaml b/resources/calico/calico-cluster-role.yaml index b64e9de..1269399 100644 --- a/resources/calico/calico-cluster-role.yaml +++ b/resources/calico/calico-cluster-role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: calico-node - namespace: kube-system rules: - apiGroups: [""] resources: @@ -23,6 +22,17 @@ rules: - get - list - watch + - patch + - apiGroups: [""] + resources: + - services + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + verbs: + - get - apiGroups: [""] resources: - nodes @@ -41,10 +51,14 @@ rules: - apiGroups: ["crd.projectcalico.org"] resources: - globalfelixconfigs + - felixconfigurations - bgppeers - globalbgpconfigs + - bgpconfigurations - ippools - globalnetworkpolicies + - networkpolicies + - clusterinformations verbs: - create - get diff --git a/resources/calico/calico-config.yaml b/resources/calico/calico-config.yaml index c71d9f6..30315e0 100644 --- a/resources/calico/calico-config.yaml +++ b/resources/calico/calico-config.yaml @@ -4,6 +4,7 @@ metadata: name: calico-config namespace: kube-system data: + typha_service_name: "none" # The CNI network configuration to install on each node. cni_network_config: |- { @@ -31,9 +32,8 @@ data: }, { "type": "portmap", - "capabilities": { - "portMappings": true - } + "snat": true, + "capabilities": {"portMappings": true} } ] } diff --git a/resources/calico/calico-gloabl-felix-configs.yaml b/resources/calico/calico-gloabl-felix-configs.yaml deleted file mode 100644 index 97d8aa9..0000000 --- a/resources/calico/calico-gloabl-felix-configs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -description: Calico Global Felix Configuration -kind: CustomResourceDefinition -metadata: - name: globalfelixconfigs.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalFelixConfig - plural: globalfelixconfigs - singular: globalfelixconfig diff --git a/resources/calico/calico-global-bgp-configs.yaml b/resources/calico/calico-global-bgp-configs.yaml deleted file mode 100644 index f33f69b..0000000 --- a/resources/calico/calico-global-bgp-configs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -description: Calico Global BGP Configuration -kind: CustomResourceDefinition -metadata: - name: globalbgpconfigs.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalBGPConfig - plural: globalbgpconfigs - singular: globalbgpconfig diff --git a/resources/calico/calico.yaml b/resources/calico/calico.yaml index 4c0e952..d601c9a 100644 --- a/resources/calico/calico.yaml +++ b/resources/calico/calico.yaml @@ -10,9 +10,9 @@ spec: matchLabels: k8s-app: calico-node updateStrategy: + type: RollingUpdate rollingUpdate: maxUnavailable: 1 - type: RollingUpdate template: metadata: labels: @@ -61,15 +61,20 @@ spec: # Enable IP-in-IP within Felix. - name: FELIX_IPINIPENABLED value: "true" + # Typha support: controlled by the ConfigMap. + - name: FELIX_TYPHAK8SSERVICENAME + valueFrom: + configMapKeyRef: + name: calico-config + key: typha_service_name # Set node name based on k8s nodeName. - name: NODENAME valueFrom: fieldRef: fieldPath: spec.nodeName + # Auto-detect the BGP IP address. - name: IP - valueFrom: - fieldRef: - fieldPath: status.podIP + value: "autodetect" - name: FELIX_HEALTHENABLED value: "true" securityContext: @@ -101,20 +106,22 @@ spec: image: ${calico_cni_image} command: ["/install-cni.sh"] env: + # Name of the CNI config file to create on each node. - name: CNI_CONF_NAME - value: 10-calico.conflist + value: "10-calico.conflist" + # Contents of the CNI config to create on each node. - name: CNI_NETWORK_CONFIG valueFrom: configMapKeyRef: name: calico-config key: cni_network_config - - name: CNI_NET_DIR - value: "/etc/kubernetes/cni/net.d" # Set node name based on k8s nodeName - name: KUBERNETES_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName + - name: CNI_NET_DIR + value: "/etc/kubernetes/cni/net.d" volumeMounts: - mountPath: /host/opt/cni/bin name: cni-bin-dir @@ -122,12 +129,14 @@ spec: name: cni-net-dir terminationGracePeriodSeconds: 0 volumes: + # Used by calico/node - name: lib-modules hostPath: path: /lib/modules - name: var-run-calico hostPath: path: /var/run/calico + # Used by install-cni - name: cni-bin-dir hostPath: path: /opt/cni/bin diff --git a/resources/calico/clusterinformations-crd.yaml b/resources/calico/clusterinformations-crd.yaml new file mode 100644 index 0000000..3fbc7d8 --- /dev/null +++ b/resources/calico/clusterinformations-crd.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +description: Calico Cluster Information +kind: CustomResourceDefinition +metadata: + name: clusterinformations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: ClusterInformation + plural: clusterinformations + singular: clusterinformation diff --git a/resources/calico/felixconfigurations-crd.yaml b/resources/calico/felixconfigurations-crd.yaml new file mode 100644 index 0000000..e9f1385 --- /dev/null +++ b/resources/calico/felixconfigurations-crd.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +description: Calico Felix Configuration +kind: CustomResourceDefinition +metadata: + name: felixconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: FelixConfiguration + plural: felixconfigurations + singular: felixconfiguration diff --git a/resources/calico/calico-network-policies.yaml b/resources/calico/globalnetworkpolicies-crd.yaml similarity index 100% rename from resources/calico/calico-network-policies.yaml rename to resources/calico/globalnetworkpolicies-crd.yaml diff --git a/resources/calico/calico-ip-pools.yaml b/resources/calico/ippools-crd.yaml similarity index 100% rename from resources/calico/calico-ip-pools.yaml rename to resources/calico/ippools-crd.yaml diff --git a/resources/calico/networkpolicies-crd.yaml b/resources/calico/networkpolicies-crd.yaml new file mode 100644 index 0000000..4d34ad0 --- /dev/null +++ b/resources/calico/networkpolicies-crd.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +description: Calico Network Policies +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + version: v1 + names: + kind: NetworkPolicy + plural: networkpolicies + singular: networkpolicy diff --git a/variables.tf b/variables.tf index 485afe4..fa5d8b2 100644 --- a/variables.tf +++ b/variables.tf @@ -63,8 +63,8 @@ variable "container_images" { type = "map" default = { - calico = "quay.io/calico/node:v2.6.6" - calico_cni = "quay.io/calico/cni:v1.11.2" + calico = "quay.io/calico/node:v3.0.1" + calico_cni = "quay.io/calico/cni:v2.0.0" flannel = "quay.io/coreos/flannel:v0.9.1-amd64" flannel_cni = "quay.io/coreos/flannel-cni:v0.3.0" hyperkube = "gcr.io/google_containers/hyperkube:v1.9.2"