epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Move calico-policy-controller into separate role

Browse Source 
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.

K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.

This patch also fixes kube-api port in calico-policy-controller
yaml template.

Closes #1132
This commit is contained in:
Aleksandr Didenko
2017-03-13 16:04:31 +01:00
parent 565d4a53b0
commit 3a39904011
11 changed files with 33 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
inventory/group_vars/k8s-cluster.yml
View File

@@ -80,6 +80,9 @@ kube_users:
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
kube_network_plugin: calico
# Enable kubernetes network policies
enable_network_policy: false
# Kubernetes internal network for services, unused block of space.
kube_service_addresses: 10.233.0.0/18