Add RBAC support for canal (#1604)

Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
2025-12-13 21:34:40 +03:00 · 2017-09-04 11:29:40 +03:00
parent 702ce446df
commit a3e6896a43
18 changed files with 274 additions and 46 deletions
--- a/roles/network_plugin/canal/templates/canal-config.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-config.yaml.j2
@@ -0,0 +1,27 @@
+# This ConfigMap can be used to configure a self-hosted Canal installation.
+# See `canal.yaml` for an example of a Canal deployment which uses
+# the config in this ConfigMap.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: canal-config
+data:
+  # Configure this with the location of your etcd cluster.
+  etcd_endpoints: "{{ etcd_access_endpoint }}"
+
+  # The interface used by canal for host <-> host communication.
+  # If left blank, then the interface is chosing using the node's
+  # default route.
+  flanneld_iface: "{{ canal_iface }}"
+
+  # Whether or not to masquerade traffic to destinations not within
+  # the pod network.
+  masquerade: "{{ canal_masquerade }}"
+
+  # Cluster name for Flannel etcd path
+  cluster_name: "{{ cluster_name }}"
+
+  # SSL Etcd configuration
+  etcd_cafile: "{{ canal_cert_dir }}/ca_cert.crt"
+  etcd_certfile: "{{ canal_cert_dir }}/cert.crt"
+  etcd_keyfile: "{{ canal_cert_dir }}/key.pem"