Azure
/
acs-engine
зеркало из https://github.com/Azure/acs-engine.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Calico support for azure-vnet-ipam (#4154)

This commit is contained in:
Casey Davenport 2018-11-07 10:23:10 -08:00 коммит произвёл Jack Francis
Родитель 1cef2e87e7
Коммит 543ddecb78
12 изменённых файлов: 102 добавлений и 121 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

33
parts/k8s/addons/1.10/kubernetesmasteraddons-calico-daemonset.yaml
Просмотреть файл

@ -1,9 +1,3 @@
# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
# This manifest includes the following component versions:
# calico/node:v3.1.3
# calico/cni:v3.1.3
apiVersion: v1
kind: ServiceAccount
metadata:
@ -23,6 +17,7 @@ rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list
@ -31,7 +26,7 @@ rules:
resources:
- pods/status
verbs:
- update
- patch
- apiGroups: [""]
resources:
- pods
@ -39,7 +34,6 @@ rules:
- get
- list
- watch
- patch
- apiGroups: [""]
resources:
- services
@ -136,10 +130,7 @@ data:
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"ipam": <calicoIPAMConfig>,
"policy": {
"type": "k8s"
},
@ -219,7 +210,7 @@ spec:
# as a host-networked pod.
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v0.7.4
- image: quay.io/calico/typha:v3.3.0
name: calico-typha
ports:
- containerPort: 5473
@ -252,12 +243,14 @@ spec:
httpGet:
path: /liveness
port: 9098
host: localhost
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
host: localhost
periodSeconds: 10
---
@ -290,9 +283,9 @@ spec:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
hostNetwork: true
tolerations:
@ -316,7 +309,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.1.3
image: quay.io/calico/node:v3.3.0
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
@ -374,6 +367,7 @@ spec:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
@ -381,6 +375,7 @@ spec:
httpGet:
path: /readiness
port: 9099
host: localhost
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
@ -395,7 +390,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: quay.io/calico/cni:v3.1.3
image: quay.io/calico/cni:v3.4.0-0.dev-26-gebf86ed
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
@ -572,4 +567,4 @@ spec:
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
singular: networkpolicy

33
parts/k8s/addons/1.11/kubernetesmasteraddons-calico-daemonset.yaml
Просмотреть файл

@ -1,9 +1,3 @@
# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
# This manifest includes the following component versions:
# calico/node:v3.1.3
# calico/cni:v3.1.3
apiVersion: v1
kind: ServiceAccount
metadata:
@ -23,6 +17,7 @@ rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list
@ -31,7 +26,7 @@ rules:
resources:
- pods/status
verbs:
- update
- patch
- apiGroups: [""]
resources:
- pods
@ -39,7 +34,6 @@ rules:
- get
- list
- watch
- patch
- apiGroups: [""]
resources:
- services
@ -136,10 +130,7 @@ data:
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"ipam": <calicoIPAMConfig>,
"policy": {
"type": "k8s"
},
@ -219,7 +210,7 @@ spec:
# as a host-networked pod.
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v0.7.4
- image: quay.io/calico/typha:v3.3.0
name: calico-typha
ports:
- containerPort: 5473
@ -252,12 +243,14 @@ spec:
httpGet:
path: /liveness
port: 9098
host: localhost
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
host: localhost
periodSeconds: 10
---
@ -290,9 +283,9 @@ spec:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
hostNetwork: true
tolerations:
@ -316,7 +309,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.1.3
image: quay.io/calico/node:v3.3.0
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
@ -374,6 +367,7 @@ spec:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
@ -381,6 +375,7 @@ spec:
httpGet:
path: /readiness
port: 9099
host: localhost
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
@ -395,7 +390,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: quay.io/calico/cni:v3.1.3
image: quay.io/calico/cni:v3.4.0-0.dev-26-gebf86ed
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
@ -572,4 +567,4 @@ spec:
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
singular: networkpolicy

33
parts/k8s/addons/1.7/kubernetesmasteraddons-calico-daemonset.yaml
Просмотреть файл

@ -1,9 +1,3 @@
# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
# This manifest includes the following component versions:
# calico/node:v3.1.3
# calico/cni:v3.1.3
apiVersion: v1
kind: ServiceAccount
metadata:
@ -23,6 +17,7 @@ rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list
@ -31,7 +26,7 @@ rules:
resources:
- pods/status
verbs:
- update
- patch
- apiGroups: [""]
resources:
- pods
@ -39,7 +34,6 @@ rules:
- get
- list
- watch
- patch
- apiGroups: [""]
resources:
- services
@ -136,10 +130,7 @@ data:
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"ipam": <calicoIPAMConfig>,
"policy": {
"type": "k8s"
},
@ -219,7 +210,7 @@ spec:
# as a host-networked pod.
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v0.7.4
- image: quay.io/calico/typha:v3.3.0
name: calico-typha
ports:
- containerPort: 5473
@ -252,12 +243,14 @@ spec:
httpGet:
path: /liveness
port: 9098
host: localhost
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
host: localhost
periodSeconds: 10
---
@ -290,9 +283,9 @@ spec:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
hostNetwork: true
tolerations:
@ -316,7 +309,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.1.3
image: quay.io/calico/node:v3.3.0
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
@ -374,6 +367,7 @@ spec:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
@ -381,6 +375,7 @@ spec:
httpGet:
path: /readiness
port: 9099
host: localhost
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
@ -395,7 +390,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: quay.io/calico/cni:v3.1.3
image: quay.io/calico/cni:v3.4.0-0.dev-26-gebf86ed
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
@ -572,4 +567,4 @@ spec:
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
singular: networkpolicy

33
parts/k8s/addons/1.8/kubernetesmasteraddons-calico-daemonset.yaml
Просмотреть файл

@ -1,9 +1,3 @@
# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
# This manifest includes the following component versions:
# calico/node:v3.1.3
# calico/cni:v3.1.3
apiVersion: v1
kind: ServiceAccount
metadata:
@ -23,6 +17,7 @@ rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list
@ -31,7 +26,7 @@ rules:
resources:
- pods/status
verbs:
- update
- patch
- apiGroups: [""]
resources:
- pods
@ -39,7 +34,6 @@ rules:
- get
- list
- watch
- patch
- apiGroups: [""]
resources:
- services
@ -136,10 +130,7 @@ data:
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"ipam": <calicoIPAMConfig>,
"policy": {
"type": "k8s"
},
@ -219,7 +210,7 @@ spec:
# as a host-networked pod.
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v0.7.4
- image: quay.io/calico/typha:v3.3.0
name: calico-typha
ports:
- containerPort: 5473
@ -252,12 +243,14 @@ spec:
httpGet:
path: /liveness
port: 9098
host: localhost
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
host: localhost
periodSeconds: 10
---
@ -290,9 +283,9 @@ spec:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
hostNetwork: true
tolerations:
@ -316,7 +309,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.1.3
image: quay.io/calico/node:v3.3.0
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
@ -374,6 +367,7 @@ spec:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
@ -381,6 +375,7 @@ spec:
httpGet:
path: /readiness
port: 9099
host: localhost
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
@ -395,7 +390,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: quay.io/calico/cni:v3.1.3
image: quay.io/calico/cni:v3.4.0-0.dev-26-gebf86ed
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
@ -572,4 +567,4 @@ spec:
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
singular: networkpolicy

33
parts/k8s/addons/1.9/kubernetesmasteraddons-calico-daemonset.yaml
Просмотреть файл

@ -1,9 +1,3 @@
# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
# This manifest includes the following component versions:
# calico/node:v3.1.3
# calico/cni:v3.1.3
apiVersion: v1
kind: ServiceAccount
metadata:
@ -23,6 +17,7 @@ rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list
@ -31,7 +26,7 @@ rules:
resources:
- pods/status
verbs:
- update
- patch
- apiGroups: [""]
resources:
- pods
@ -39,7 +34,6 @@ rules:
- get
- list
- watch
- patch
- apiGroups: [""]
resources:
- services
@ -136,10 +130,7 @@ data:
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"ipam": <calicoIPAMConfig>,
"policy": {
"type": "k8s"
},
@ -219,7 +210,7 @@ spec:
# as a host-networked pod.
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v0.7.4
- image: quay.io/calico/typha:v3.3.0
name: calico-typha
ports:
- containerPort: 5473
@ -252,12 +243,14 @@ spec:
httpGet:
path: /liveness
port: 9098
host: localhost
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
host: localhost
periodSeconds: 10
---
@ -290,9 +283,9 @@ spec:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
hostNetwork: true
tolerations:
@ -316,7 +309,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.1.3
image: quay.io/calico/node:v3.3.0
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
@ -374,6 +367,7 @@ spec:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
@ -381,6 +375,7 @@ spec:
httpGet:
path: /readiness
port: 9099
host: localhost
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
@ -395,7 +390,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: quay.io/calico/cni:v3.1.3
image: quay.io/calico/cni:v3.4.0-0.dev-26-gebf86ed
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
@ -572,4 +567,4 @@ spec:
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
singular: networkpolicy

31
parts/k8s/addons/kubernetesmasteraddons-calico-daemonset.yaml
Просмотреть файл

@ -1,9 +1,3 @@
# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
# This manifest includes the following component versions:
# calico/node:v3.1.3
# calico/cni:v3.1.3
apiVersion: v1
kind: ServiceAccount
metadata:
@ -23,6 +17,7 @@ rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list
@ -31,7 +26,7 @@ rules:
resources:
- pods/status
verbs:
- update
- patch
- apiGroups: [""]
resources:
- pods
@ -39,7 +34,6 @@ rules:
- get
- list
- watch
- patch
- apiGroups: [""]
resources:
- services
@ -136,10 +130,7 @@ data:
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"ipam": <calicoIPAMConfig>,
"policy": {
"type": "k8s"
},
@ -219,7 +210,7 @@ spec:
# as a host-networked pod.
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v0.7.4
- image: quay.io/calico/typha:v3.3.0
name: calico-typha
ports:
- containerPort: 5473
@ -252,12 +243,14 @@ spec:
httpGet:
path: /liveness
port: 9098
host: localhost
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
host: localhost
periodSeconds: 10
---
@ -290,9 +283,9 @@ spec:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
# if it ever gets evicted.
# Deprecated in 1.10, Removed in 1.11. kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
hostNetwork: true
tolerations:
@ -314,7 +307,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.1.3
image: quay.io/calico/node:v3.3.0
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
@ -372,6 +365,7 @@ spec:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
@ -379,6 +373,7 @@ spec:
httpGet:
path: /readiness
port: 9099
host: localhost
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
@ -393,7 +388,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: quay.io/calico/cni:v3.1.3
image: quay.io/calico/cni:v3.4.0-0.dev-26-gebf86ed
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.

6
parts/k8s/kubernetesconfigs.sh
Просмотреть файл

@ -186,8 +186,10 @@ configureCNI() {
retrycmd_if_failure 120 5 25 modprobe br_netfilter || exit $ERR_MODPROBE_FAIL
echo -n "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
if [[ "${NETWORK_PLUGIN}" = "azure" ]]; then
mv $CNI_BIN_DIR/10-azure.conflist $CNI_CONFIG_DIR/
chmod 600 $CNI_CONFIG_DIR/10-azure.conflist
if [[ "${NETWORK_POLICY}" != "calico" ]]; then
mv $CNI_BIN_DIR/10-azure.conflist $CNI_CONFIG_DIR/
chmod 600 $CNI_CONFIG_DIR/10-azure.conflist
fi
/sbin/ebtables -t nat --list
fi
}

5
parts/k8s/kubernetesmastercustomdata.yml
Просмотреть файл

@ -356,6 +356,11 @@ MASTER_ARTIFACTS_CONFIG_PLACEHOLDER
{{if eq .OrchestratorProfile.KubernetesConfig.NetworkPolicy "calico"}}
sed -i "s|<kubeClusterCidr>|{{WrapAsParameter "kubeClusterCidr"}}|g" /etc/kubernetes/addons/calico-daemonset.yaml
{{if eq .OrchestratorProfile.KubernetesConfig.NetworkPlugin "azure"}}
sed -i "s|<calicoIPAMConfig>|{\"type\": \"azure-vnet-ipam\"}|g" /etc/kubernetes/addons/calico-daemonset.yaml
{{else}}
sed -i "s|<calicoIPAMConfig>|{\"type\": \"host-local\", \"subnet\": \"usePodCidr\"}|g" /etc/kubernetes/addons/calico-daemonset.yaml
{{end}}
{{end}}
{{if eq .OrchestratorProfile.KubernetesConfig.NetworkPlugin "flannel"}}
sed -i "s|<kubeClusterCidr>|{{WrapAsParameter "kubeClusterCidr"}}|g" /etc/kubernetes/addons/flannel-daemonset.yaml

2
parts/k8s/kubernetesmastervars.t
Просмотреть файл

@ -141,7 +141,7 @@
"sshdConfig": "{{GetB64sshdConfig}}",
"systemConf": "{{GetB64systemConf}}",
{{if not IsOpenShift}}
"provisionScriptParametersCommon": "[concat('ADMINUSER=',parameters('linuxAdminUsername'),' ETCD_DOWNLOAD_URL=',parameters('etcdDownloadURLBase'),' ETCD_VERSION=',parameters('etcdVersion'),' TENANT_ID=',variables('tenantID'),' KUBERNETES_VERSION={{.OrchestratorProfile.OrchestratorVersion}} HYPERKUBE_URL=',parameters('kubernetesHyperkubeSpec'),' APISERVER_PUBLIC_KEY=',parameters('apiserverCertificate'),' SUBSCRIPTION_ID=',variables('subscriptionId'),' RESOURCE_GROUP=',variables('resourceGroup'),' LOCATION=',variables('location'),' VM_TYPE=',variables('vmType'),' SUBNET=',variables('subnetName'),' NETWORK_SECURITY_GROUP=',variables('nsgName'),' VIRTUAL_NETWORK=',variables('virtualNetworkName'),' VIRTUAL_NETWORK_RESOURCE_GROUP=',variables('virtualNetworkResourceGroupName'),' ROUTE_TABLE=',variables('routeTableName'),' PRIMARY_AVAILABILITY_SET=',variables('primaryAvailabilitySetName'),' PRIMARY_SCALE_SET=',variables('primaryScaleSetName'),' SERVICE_PRINCIPAL_CLIENT_ID=',variables('servicePrincipalClientId'),' SERVICE_PRINCIPAL_CLIENT_SECRET=',variables('singleQuote'),variables('servicePrincipalClientSecret'),variables('singleQuote'),' KUBELET_PRIVATE_KEY=',parameters('clientPrivateKey'),' TARGET_ENVIRONMENT=',parameters('targetEnvironment'),' NETWORK_PLUGIN=',parameters('networkPlugin'),' VNET_CNI_PLUGINS_URL=',parameters('vnetCniLinuxPluginsURL'),' CNI_PLUGINS_URL=',parameters('cniPluginsURL'),' CLOUDPROVIDER_BACKOFF=',toLower(string(parameters('cloudproviderConfig').cloudProviderBackoff)),' CLOUDPROVIDER_BACKOFF_RETRIES=',parameters('cloudproviderConfig').cloudProviderBackoffRetries,' CLOUDPROVIDER_BACKOFF_EXPONENT=',parameters('cloudproviderConfig').cloudProviderBackoffExponent,' CLOUDPROVIDER_BACKOFF_DURATION=',parameters('cloudproviderConfig').cloudProviderBackoffDuration,' CLOUDPROVIDER_BACKOFF_JITTER=',parameters('cloudproviderConfig').cloudProviderBackoffJitter,' CLOUDPROVIDER_RATELIMIT=',toLower(string(parameters('cloudproviderConfig').cloudProviderRatelimit)),' CLOUDPROVIDER_RATELIMIT_QPS=',parameters('cloudproviderConfig').cloudProviderRatelimitQPS,' CLOUDPROVIDER_RATELIMIT_BUCKET=',parameters('cloudproviderConfig').cloudProviderRatelimitBucket,' USE_MANAGED_IDENTITY_EXTENSION=',variables('useManagedIdentityExtension'),' USER_ASSIGNED_IDENTITY_ID=',variables('userAssignedClientID'),' USE_INSTANCE_METADATA=',variables('useInstanceMetadata'),' LOAD_BALANCER_SKU=',variables('loadBalancerSku'),' EXCLUDE_MASTER_FROM_STANDARD_LB=',variables('excludeMasterFromStandardLB'),' CONTAINER_RUNTIME=',parameters('containerRuntime'),' CONTAINERD_DOWNLOAD_URL_BASE=',parameters('containerdDownloadURLBase'),' POD_INFRA_CONTAINER_SPEC=',parameters('kubernetesPodInfraContainerSpec'),' KMS_PROVIDER_VAULT_NAME=',variables('clusterKeyVaultName'))]",
"provisionScriptParametersCommon": "[concat('ADMINUSER=',parameters('linuxAdminUsername'),' ETCD_DOWNLOAD_URL=',parameters('etcdDownloadURLBase'),' ETCD_VERSION=',parameters('etcdVersion'),' TENANT_ID=',variables('tenantID'),' KUBERNETES_VERSION={{.OrchestratorProfile.OrchestratorVersion}} HYPERKUBE_URL=',parameters('kubernetesHyperkubeSpec'),' APISERVER_PUBLIC_KEY=',parameters('apiserverCertificate'),' SUBSCRIPTION_ID=',variables('subscriptionId'),' RESOURCE_GROUP=',variables('resourceGroup'),' LOCATION=',variables('location'),' VM_TYPE=',variables('vmType'),' SUBNET=',variables('subnetName'),' NETWORK_SECURITY_GROUP=',variables('nsgName'),' VIRTUAL_NETWORK=',variables('virtualNetworkName'),' VIRTUAL_NETWORK_RESOURCE_GROUP=',variables('virtualNetworkResourceGroupName'),' ROUTE_TABLE=',variables('routeTableName'),' PRIMARY_AVAILABILITY_SET=',variables('primaryAvailabilitySetName'),' PRIMARY_SCALE_SET=',variables('primaryScaleSetName'),' SERVICE_PRINCIPAL_CLIENT_ID=',variables('servicePrincipalClientId'),' SERVICE_PRINCIPAL_CLIENT_SECRET=',variables('singleQuote'),variables('servicePrincipalClientSecret'),variables('singleQuote'),' KUBELET_PRIVATE_KEY=',parameters('clientPrivateKey'),' TARGET_ENVIRONMENT=',parameters('targetEnvironment'),' NETWORK_PLUGIN=',parameters('networkPlugin'),' NETWORK_POLICY=',parameters('networkPolicy'),' VNET_CNI_PLUGINS_URL=',parameters('vnetCniLinuxPluginsURL'),' CNI_PLUGINS_URL=',parameters('cniPluginsURL'),' CLOUDPROVIDER_BACKOFF=',toLower(string(parameters('cloudproviderConfig').cloudProviderBackoff)),' CLOUDPROVIDER_BACKOFF_RETRIES=',parameters('cloudproviderConfig').cloudProviderBackoffRetries,' CLOUDPROVIDER_BACKOFF_EXPONENT=',parameters('cloudproviderConfig').cloudProviderBackoffExponent,' CLOUDPROVIDER_BACKOFF_DURATION=',parameters('cloudproviderConfig').cloudProviderBackoffDuration,' CLOUDPROVIDER_BACKOFF_JITTER=',parameters('cloudproviderConfig').cloudProviderBackoffJitter,' CLOUDPROVIDER_RATELIMIT=',toLower(string(parameters('cloudproviderConfig').cloudProviderRatelimit)),' CLOUDPROVIDER_RATELIMIT_QPS=',parameters('cloudproviderConfig').cloudProviderRatelimitQPS,' CLOUDPROVIDER_RATELIMIT_BUCKET=',parameters('cloudproviderConfig').cloudProviderRatelimitBucket,' USE_MANAGED_IDENTITY_EXTENSION=',variables('useManagedIdentityExtension'),' USER_ASSIGNED_IDENTITY_ID=',variables('userAssignedClientID'),' USE_INSTANCE_METADATA=',variables('useInstanceMetadata'),' LOAD_BALANCER_SKU=',variables('loadBalancerSku'),' EXCLUDE_MASTER_FROM_STANDARD_LB=',variables('excludeMasterFromStandardLB'),' CONTAINER_RUNTIME=',parameters('containerRuntime'),' CONTAINERD_DOWNLOAD_URL_BASE=',parameters('containerdDownloadURLBase'),' POD_INFRA_CONTAINER_SPEC=',parameters('kubernetesPodInfraContainerSpec'),' KMS_PROVIDER_VAULT_NAME=',variables('clusterKeyVaultName'))]",
{{if not IsHostedMaster}}
{{if IsMasterVirtualMachineScaleSets}}
"provisionScriptParametersMaster": "[concat('MASTER_NODE=true CLUSTER_AUTOSCALER_ADDON=',parameters('kubernetesClusterAutoscalerEnabled'),' ACI_CONNECTOR_ADDON=',parameters('kubernetesACIConnectorEnabled'),' APISERVER_PRIVATE_KEY=',parameters('apiServerPrivateKey'),' CA_CERTIFICATE=',parameters('caCertificate'),' CA_PRIVATE_KEY=',parameters('caPrivateKey'),' MASTER_FQDN=',variables('masterFqdnPrefix'),' KUBECONFIG_CERTIFICATE=',parameters('kubeConfigCertificate'),' KUBECONFIG_KEY=',parameters('kubeConfigPrivateKey'),' ETCD_SERVER_CERTIFICATE=',parameters('etcdServerCertificate'),' ETCD_CLIENT_CERTIFICATE=',parameters('etcdClientCertificate'),' ETCD_SERVER_PRIVATE_KEY=',parameters('etcdServerPrivateKey'),' ETCD_CLIENT_PRIVATE_KEY=',parameters('etcdClientPrivateKey'),' ETCD_PEER_CERTIFICATES=',string(variables('etcdPeerCertificates')),' ETCD_PEER_PRIVATE_KEYS=',string(variables('etcdPeerPrivateKeys')),' ENABLE_AGGREGATED_APIS=',string(parameters('enableAggregatedAPIs')),' KUBECONFIG_SERVER=',variables('kubeconfigServer'))]",

6
pkg/api/defaults.go
Просмотреть файл

@ -84,7 +84,11 @@ func (cs *ContainerService) setOrchestratorDefaults(isUpdate bool) {
o.KubernetesConfig.NetworkPlugin = NetworkPluginKubenet
o.KubernetesConfig.NetworkPolicy = DefaultNetworkPolicy
case NetworkPolicyCalico:
o.KubernetesConfig.NetworkPlugin = NetworkPluginKubenet
if o.KubernetesConfig.NetworkPlugin == "" {
// If not specified, then set the network plugin to be kubenet
// for backwards compatibility. Otherwise, use what is specified.
o.KubernetesConfig.NetworkPlugin = NetworkPluginKubenet
}
case NetworkPolicyCilium:
o.KubernetesConfig.NetworkPlugin = NetworkPolicyCilium
}

4
pkg/api/vlabs/validate.go
Просмотреть файл

@ -63,6 +63,10 @@ var (
networkPlugin: "kubenet",
networkPolicy: "calico",
},
{
networkPlugin: "azure",
networkPolicy: "calico",
},
{
networkPlugin: "",
networkPolicy: "calico",

4
pkg/api/vlabs/validate_test.go
Просмотреть файл

@ -672,10 +672,6 @@ func Test_Properties_ValidateNetworkPluginPlusPolicy(t *testing.T) {
}
for _, config := range []k8sNetworkConfig{
{
networkPlugin: "azure",
networkPolicy: "calico",
},
{
networkPlugin: "azure",
networkPolicy: "cilium",