Move flannel to etcd datastore

2026-03-09 11:47:47 +03:00 · 2022-07-22 15:28:07 +02:00
parent eb10249a75
commit 307f598bc8
10 changed files with 340 additions and 109 deletions
--- a/roles/network_plugin/canal/templates/canal-config.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-config.yaml.j2
@@ -7,6 +7,14 @@ metadata:
  name: canal-config
  namespace: kube-system
 data:
+  # Configure this with the location of your etcd cluster.
+  etcd_endpoints: "{{ etcd_access_addresses }}"
+  # If you're using TLS enabled etcd uncomment the following.
+  # You must also populate the Secret below with these files.
+  etcd_ca: "/calico-secrets/etcd-ca"
+  etcd_cert: "/calico-secrets/etcd-cert"
+  etcd_key: "/calico-secrets/etcd-key"
+
  # Typha is disabled.
  typha_service_name: "none"

@@ -28,41 +36,39 @@ data:
  # values in this config will be automatically populated.
  cni_network_config: |-
    {
-      "name": "k8s-pod-network",
-      "cniVersion": "0.3.1",
-      "plugins": [
-        {
-          "type": "calico",
-          "log_level": "info",
+        "name": "canal",
+        "cniVersion": "0.3.1",
+        "plugins": [
+            {
+                "type": "flannel",
+                "delegate": {
+                    "type": "calico",
+                    "include_default_routes": true,
+                    "etcd_endpoints": "__ETCD_ENDPOINTS__",
+                    "etcd_key_file": "__ETCD_KEY_FILE__",
+                    "etcd_cert_file": "__ETCD_CERT_FILE__",
+                    "etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
+                    "log_level": "info",
 {% if calico_cni_log_file_path %}
-          "log_file_path": "{{ calico_cni_log_file_path }}",
+                    "log_file_path": "{{ calico_cni_log_file_path }}",
 {% endif %}
-          "datastore_type": "kubernetes",
-          "nodename": "__KUBERNETES_NODE_NAME__",
-          "mtu": __CNI_MTU__,
-          "ipam": {
-              "type": "host-local",
-              "subnet": "usePodCidr"
-          },
-          "policy": {
-              "type": "k8s"
-          },
-          "kubernetes": {
-              "kubeconfig": "__KUBECONFIG_FILEPATH__"
-          }
-        },
-        {
-          "type": "portmap",
-          "snat": true,
-          "capabilities": {"portMappings": true}
-        },
-        {
-          "type": "bandwidth",
-          "capabilities": {"bandwidth": true}
-        }
-      ]
+                    "policy": {
+                        "type": "k8s",
+                        "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
+                        "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
+                    },
+                    "kubernetes": {
+                        "kubeconfig": "__KUBECONFIG_FILEPATH__"
+                    }
+                }
+            },
+            {
+                "type": "portmap",
+                "capabilities": {"portMappings": true},
+                "snat": true
+            }
+        ]
    }
-
  # Flannel network configuration. Mounted into the flannel container.
  net-conf.json: |
    {
@@ -71,3 +77,4 @@ data:
        "Type": "vxlan"
      }
    }
+