@@ -1301,6 +1301,9 @@ write_files:
13011301 typha_service_name: "none"
13021302 {{- end }}
13031303
1304+ # Configure the MTU to use
1305+ veth_mtu: "1440"
1306+
13041307 # The CNI network configuration to install on each node.
13051308 cni_network_config: |-
13061309 {
@@ -1489,6 +1492,7 @@ write_files:
14891492 metadata:
14901493 labels:
14911494 k8s-app: canal-master
1495+ role.kubernetes.io/networking: "1"
14921496 annotations:
14931497 scheduler.alpha.kubernetes.io/critical-pod: ''
14941498 spec:
@@ -1518,16 +1522,44 @@ write_files:
15181522 # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
15191523 terminationGracePeriodSeconds: 0
15201524 initContainers:
1521- - name: remove-cni-networks
1522- image: {{.HyperkubeImage.RepoWithTag}}
1523- command:
1524- - /bin/rm
1525- - -rf
1526- - /etc/kubernetes/cni/net.d/10-flannel.conflist
1527- - /etc/kubernetes/cni/net.d/10-calico.conf
1525+ # This container installs the CNI binaries
1526+ # and CNI network config file on each node.
1527+ - name: install-cni
1528+ image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1529+ command: ["/install-cni.sh"]
1530+ env:
1531+ - name: CNI_NET_DIR
1532+ value: /etc/kubernetes/cni/net.d
1533+ # Name of the CNI config file to create.
1534+ - name: CNI_CONF_NAME
1535+ value: "10-canal.conflist"
1536+ # The CNI network config to install on each node.
1537+ - name: CNI_NETWORK_CONFIG
1538+ valueFrom:
1539+ configMapKeyRef:
1540+ name: canal-config
1541+ key: cni_network_config
1542+ # Set the hostname based on the k8s node name.
1543+ - name: KUBERNETES_NODE_NAME
1544+ valueFrom:
1545+ fieldRef:
1546+ fieldPath: spec.nodeName
1547+ # CNI MTU Config variable
1548+ - name: CNI_MTU
1549+ valueFrom:
1550+ configMapKeyRef:
1551+ name: canal-config
1552+ key: veth_mtu
1553+ # Prevents the container from sleeping forever.
1554+ - name: SLEEP
1555+ value: "false"
15281556 volumeMounts:
1529- - mountPath: /etc/kubernetes/cni/net.d
1530- name: cni-net-dir
1557+ - mountPath: /host/opt/cni/bin
1558+ name: cni-bin-dir
1559+ - mountPath: /host/etc/cni/net.d
1560+ name: cni-net-dir
1561+ securityContext:
1562+ privileged: true
15311563 containers:
15321564 # Runs calico/node container on each Kubernetes node. This
15331565 # container programs network policy and routes on each
@@ -1538,6 +1570,9 @@ write_files:
15381570 # Use Kubernetes API as the backing datastore.
15391571 - name: DATASTORE_TYPE
15401572 value: "kubernetes"
1573+ # Configure route aggregation based on pod CIDR.
1574+ - name: USE_POD_CIDR
1575+ value: "true"
15411576 # Enable felix logging.
15421577 - name: FELIX_LOGSEVERITYSYS
15431578 value: "Warning"
@@ -1565,6 +1600,12 @@ write_files:
15651600 # Typha support: is never enabled on masters
15661601 - name: FELIX_TYPHAK8SSERVICENAME
15671602 value: "none"
1603+ # Set MTU for tunnel device used if ipip is enabled
1604+ - name: FELIX_IPINIPMTU
1605+ valueFrom:
1606+ configMapKeyRef:
1607+ name: canal-config
1608+ key: veth_mtu
15681609 - name: NODENAME
15691610 valueFrom:
15701611 fieldRef:
@@ -1599,37 +1640,17 @@ write_files:
15991640 - mountPath: /lib/modules
16001641 name: lib-modules
16011642 readOnly: true
1643+ - mountPath: /run/xtables.lock
1644+ name: xtables-lock
1645+ readOnly: false
16021646 - mountPath: /var/run/calico
16031647 name: var-run-calico
16041648 readOnly: false
16051649 - mountPath: /var/lib/calico
16061650 name: var-lib-calico
16071651 readOnly: false
1608- # This container installs the Calico CNI binaries
1609- # and CNI network config file on each node.
1610- - name: install-cni
1611- image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1612- command: ["/install-cni.sh"]
1613- env:
1614- - name: CNI_NET_DIR
1615- value: "/etc/kubernetes/cni/net.d"
1616- - name: CNI_CONF_NAME
1617- value: "10-calico.conflist"
1618- # The CNI network config to install on each node.
1619- - name: CNI_NETWORK_CONFIG
1620- valueFrom:
1621- configMapKeyRef:
1622- name: canal-config
1623- key: cni_network_config
1624- - name: KUBERNETES_NODE_NAME
1625- valueFrom:
1626- fieldRef:
1627- fieldPath: spec.nodeName
1628- volumeMounts:
1629- - mountPath: /host/opt/cni/bin
1630- name: cni-bin-dir
1631- - mountPath: /host/etc/cni/net.d
1632- name: cni-net-dir
1652+ - name: policysync
1653+ mountPath: /var/run/nodeagent
16331654 # This container runs flannel using the kube-subnet-mgr backend
16341655 # for allocating subnets.
16351656 - name: flannel
@@ -1638,6 +1659,8 @@ write_files:
16381659 securityContext:
16391660 privileged: true
16401661 env:
1662+ - name: FLANNELD_IPTABLES_FORWARD_RULES
1663+ value: "false"
16411664 - name: POD_NAME
16421665 valueFrom:
16431666 fieldRef:
@@ -1657,8 +1680,9 @@ write_files:
16571680 name: canal-config
16581681 key: masquerade
16591682 volumeMounts:
1660- - name: run
1661- mountPath: /run
1683+ - mountPath: /run/xtables.lock
1684+ name: xtables-lock
1685+ readOnly: false
16621686 - name: flannel-cfg
16631687 mountPath: /etc/kube-flannel/
16641688 volumes:
@@ -1672,20 +1696,26 @@ write_files:
16721696 - name: var-lib-calico
16731697 hostPath:
16741698 path: /var/lib/calico
1699+ - name: xtables-lock
1700+ hostPath:
1701+ path: /run/xtables.lock
1702+ type: FileOrCreate
1703+ # Used by flannel.
1704+ - name: flannel-cfg
1705+ configMap:
1706+ name: canal-config
16751707 # Used to install CNI.
16761708 - name: cni-bin-dir
16771709 hostPath:
16781710 path: /opt/cni/bin
16791711 - name: cni-net-dir
16801712 hostPath:
16811713 path: /etc/kubernetes/cni/net.d
1682- # Used by flannel.
1683- - name: run
1714+ # Used to create per-pod Unix Domain Sockets
1715+ - name: policysync
16841716 hostPath:
1685- path: /run
1686- - name: flannel-cfg
1687- configMap:
1688- name: canal-config
1717+ type: DirectoryOrCreate
1718+ path: /var/run/nodeagent
16891719
16901720 # Canal DaemonSet for Nodes - Typha can be enabled.
16911721 ---
@@ -1699,6 +1729,7 @@ write_files:
16991729 namespace: kube-system
17001730 labels:
17011731 k8s-app: canal-node
1732+ role.kubernetes.io/networking: "1"
17021733 spec:
17031734 selector:
17041735 matchLabels:
@@ -1711,6 +1742,7 @@ write_files:
17111742 metadata:
17121743 labels:
17131744 k8s-app: canal-node
1745+ role.kubernetes.io/networking: "1"
17141746 annotations:
17151747 scheduler.alpha.kubernetes.io/critical-pod: ''
17161748 spec:
@@ -1740,16 +1772,44 @@ write_files:
17401772 # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
17411773 terminationGracePeriodSeconds: 0
17421774 initContainers:
1743- - name: remove-cni-networks
1744- image: {{.HyperkubeImage.RepoWithTag}}
1745- command:
1746- - /bin/rm
1747- - -rf
1748- - /etc/kubernetes/cni/net.d/10-flannel.conflist
1749- - /etc/kubernetes/cni/net.d/10-calico.conf
1775+ # This container installs the CNI binaries
1776+ # and CNI network config file on each node.
1777+ - name: install-cni
1778+ image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1779+ command: ["/install-cni.sh"]
1780+ env:
1781+ - name: CNI_NET_DIR
1782+ value: /etc/kubernetes/cni/net.d
1783+ # Name of the CNI config file to create.
1784+ - name: CNI_CONF_NAME
1785+ value: "10-canal.conflist"
1786+ # The CNI network config to install on each node.
1787+ - name: CNI_NETWORK_CONFIG
1788+ valueFrom:
1789+ configMapKeyRef:
1790+ name: canal-config
1791+ key: cni_network_config
1792+ # Set the hostname based on the k8s node name.
1793+ - name: KUBERNETES_NODE_NAME
1794+ valueFrom:
1795+ fieldRef:
1796+ fieldPath: spec.nodeName
1797+ # CNI MTU Config variable
1798+ - name: CNI_MTU
1799+ valueFrom:
1800+ configMapKeyRef:
1801+ name: canal-config
1802+ key: veth_mtu
1803+ # Prevents the container from sleeping forever.
1804+ - name: SLEEP
1805+ value: "false"
17501806 volumeMounts:
1751- - mountPath: /etc/kubernetes/cni/net.d
1752- name: cni-net-dir
1807+ - mountPath: /host/opt/cni/bin
1808+ name: cni-bin-dir
1809+ - mountPath: /host/etc/cni/net.d
1810+ name: cni-net-dir
1811+ securityContext:
1812+ privileged: true
17531813 containers:
17541814 # Runs calico/node container on each Kubernetes node. This
17551815 # container programs network policy and routes on each
@@ -1760,6 +1820,9 @@ write_files:
17601820 # Use Kubernetes API as the backing datastore.
17611821 - name: DATASTORE_TYPE
17621822 value: "kubernetes"
1823+ # Configure route aggregation based on pod CIDR.
1824+ - name: USE_POD_CIDR
1825+ value: "true"
17631826 # Enable felix logging.
17641827 - name: FELIX_LOGSEVERITYSYS
17651828 value: "Warning"
@@ -1784,6 +1847,12 @@ write_files:
17841847 # No IP address needed.
17851848 - name: IP
17861849 value: ""
1850+ # Set MTU for tunnel device used if ipip is enabled
1851+ - name: FELIX_IPINIPMTU
1852+ valueFrom:
1853+ configMapKeyRef:
1854+ name: canal-config
1855+ key: veth_mtu
17871856 # Typha support: controlled by the ConfigMap.
17881857 - name: FELIX_TYPHAK8SSERVICENAME
17891858 valueFrom:
@@ -1833,31 +1902,8 @@ write_files:
18331902 - mountPath: /var/lib/calico
18341903 name: var-lib-calico
18351904 readOnly: false
1836- # This container installs the Calico CNI binaries
1837- # and CNI network config file on each node.
1838- - name: install-cni
1839- image: {{ .Kubernetes.Networking.SelfHosting.CalicoCniImage.RepoWithTag }}
1840- command: ["/install-cni.sh"]
1841- env:
1842- - name: CNI_NET_DIR
1843- value: "/etc/kubernetes/cni/net.d"
1844- - name: CNI_CONF_NAME
1845- value: "10-calico.conflist"
1846- # The CNI network config to install on each node.
1847- - name: CNI_NETWORK_CONFIG
1848- valueFrom:
1849- configMapKeyRef:
1850- name: canal-config
1851- key: cni_network_config
1852- - name: KUBERNETES_NODE_NAME
1853- valueFrom:
1854- fieldRef:
1855- fieldPath: spec.nodeName
1856- volumeMounts:
1857- - mountPath: /host/opt/cni/bin
1858- name: cni-bin-dir
1859- - mountPath: /host/etc/cni/net.d
1860- name: cni-net-dir
1905+ - name: policysync
1906+ mountPath: /var/run/nodeagent
18611907 # This container runs flannel using the kube-subnet-mgr backend
18621908 # for allocating subnets.
18631909 - name: flannel
@@ -1866,6 +1912,8 @@ write_files:
18661912 securityContext:
18671913 privileged: true
18681914 env:
1915+ - name: FLANNELD_IPTABLES_FORWARD_RULES
1916+ value: "false"
18691917 - name: POD_NAME
18701918 valueFrom:
18711919 fieldRef:
@@ -1888,8 +1936,6 @@ write_files:
18881936 - mountPath: /run/xtables.lock
18891937 name: xtables-lock
18901938 readOnly: false
1891- - name: run
1892- mountPath: /run
18931939 - name: flannel-cfg
18941940 mountPath: /etc/kube-flannel/
18951941 volumes:
@@ -1907,20 +1953,22 @@ write_files:
19071953 hostPath:
19081954 path: /run/xtables.lock
19091955 type: FileOrCreate
1956+ # Used by flannel.
1957+ - name: flannel-cfg
1958+ configMap:
1959+ name: canal-config
19101960 # Used to install CNI.
19111961 - name: cni-bin-dir
19121962 hostPath:
19131963 path: /opt/cni/bin
19141964 - name: cni-net-dir
19151965 hostPath:
19161966 path: /etc/kubernetes/cni/net.d
1917- # Used by flannel.
1918- - name: run
1967+ # Used to create per-pod Unix Domain Sockets
1968+ - name: policysync
19191969 hostPath:
1920- path: /run
1921- - name: flannel-cfg
1922- configMap:
1923- name: canal-config
1970+ type: DirectoryOrCreate
1971+ path: /var/run/nodeagent
19241972 ---
19251973 # Source: calico/templates/kdd-crds.yaml
19261974 # Create all the CustomResourceDefinitions needed for
0 commit comments