CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for Calico networking on GCE 

* Calico on GCE with IP-in-IP encapsulation and MTU 1440
* Calico on DO with IP-in-IP encapsulation and MTU 1440
* Digital Ocean firewalls don't support IPIP protocol yet
This commit is contained in:
Dalton Hubble 2017-09-04 21:14:05 -07:00
parent d48f88cfd6
commit ec46bc13ae
9 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
digital-ocean/container-linux/kubernetes/bootkube.tf
View File

@ -1,11 +1,13 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/bootkube-terraform.git?ref=v0.6.1" source = "git::https://github.com/poseidon/bootkube-terraform.git?ref=5ffbfec46dc05721eaf9d15c3c9bbedefaead1bc"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
etcd_servers = ["http://127.0.0.1:2379"] etcd_servers = ["http://127.0.0.1:2379"]
asset_dir = "${var.asset_dir}" asset_dir = "${var.asset_dir}"
networking = "${var.networking}"
network_mtu = 1440
pod_cidr = "${var.pod_cidr}" pod_cidr = "${var.pod_cidr}"
service_cidr = "${var.service_cidr}" service_cidr = "${var.service_cidr}"
experimental_self_hosted_etcd = "true" experimental_self_hosted_etcd = "true"

1
digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl
View File

@ -124,6 +124,7 @@ storage:
# Wrapper for bootkube start # Wrapper for bootkube start
set -e set -e
# Move experimental manifests # Move experimental manifests
[ -d /opt/bootkube/assets/manifests-* ] && mv /opt/bootkube/assets/manifests-*/* /opt/bootkube/assets/manifests && rm -rf /opt/bootkube/assets/manifests-*
[ -d /opt/bootkube/assets/experimental/manifests ] && mv /opt/bootkube/assets/experimental/manifests/* /opt/bootkube/assets/manifests && rm -r /opt/bootkube/assets/experimental/manifests [ -d /opt/bootkube/assets/experimental/manifests ] && mv /opt/bootkube/assets/experimental/manifests/* /opt/bootkube/assets/manifests && rm -r /opt/bootkube/assets/experimental/manifests
[ -d /opt/bootkube/assets/experimental/bootstrap-manifests ] && mv /opt/bootkube/assets/experimental/bootstrap-manifests/* /opt/bootkube/assets/bootstrap-manifests && rm -r /opt/bootkube/assets/experimental/bootstrap-manifests [ -d /opt/bootkube/assets/experimental/bootstrap-manifests ] && mv /opt/bootkube/assets/experimental/bootstrap-manifests/* /opt/bootkube/assets/bootstrap-manifests && rm -r /opt/bootkube/assets/experimental/bootstrap-manifests
BOOTKUBE_ACI="$${BOOTKUBE_ACI:-quay.io/coreos/bootkube}" BOOTKUBE_ACI="$${BOOTKUBE_ACI:-quay.io/coreos/bootkube}"

6
digital-ocean/container-linux/kubernetes/variables.tf
View File

@ -55,6 +55,12 @@ variable "asset_dir" {
type = "string" type = "string"
} }
variable "networking" {
description = "Choice of networking provider (flannel or calico)"
type = "string"
default = "flannel"
}
variable "pod_cidr" { variable "pod_cidr" {
description = "CIDR IP range to assign Kubernetes pods" description = "CIDR IP range to assign Kubernetes pods"
type = "string" type = "string"

1
google-cloud/container-linux/controllers/cl/controller.yaml.tmpl
View File

@ -120,6 +120,7 @@ storage:
# Wrapper for bootkube start # Wrapper for bootkube start
set -e set -e
# Move experimental manifests # Move experimental manifests
[ -d /opt/bootkube/assets/manifests-* ] && mv /opt/bootkube/assets/manifests-*/* /opt/bootkube/assets/manifests && rm -rf /opt/bootkube/assets/manifests-*
[ -d /opt/bootkube/assets/experimental/manifests ] && mv /opt/bootkube/assets/experimental/manifests/* /opt/bootkube/assets/manifests && rm -r /opt/bootkube/assets/experimental/manifests [ -d /opt/bootkube/assets/experimental/manifests ] && mv /opt/bootkube/assets/experimental/manifests/* /opt/bootkube/assets/manifests && rm -r /opt/bootkube/assets/experimental/manifests
[ -d /opt/bootkube/assets/experimental/bootstrap-manifests ] && mv /opt/bootkube/assets/experimental/bootstrap-manifests/* /opt/bootkube/assets/bootstrap-manifests && rm -r /opt/bootkube/assets/experimental/bootstrap-manifests [ -d /opt/bootkube/assets/experimental/bootstrap-manifests ] && mv /opt/bootkube/assets/experimental/bootstrap-manifests/* /opt/bootkube/assets/bootstrap-manifests && rm -r /opt/bootkube/assets/experimental/bootstrap-manifests
BOOTKUBE_ACI="$${BOOTKUBE_ACI:-quay.io/coreos/bootkube}" BOOTKUBE_ACI="$${BOOTKUBE_ACI:-quay.io/coreos/bootkube}"

6
google-cloud/container-linux/controllers/variables.tf
View File

@ -59,6 +59,12 @@ variable "preemptible" {
// configuration // configuration
variable "networking" {
description = "Choice of networking provider (flannel or calico)"
type = "string"
default = "flannel"
}
variable "service_cidr" { variable "service_cidr" {
description = <<EOD description = <<EOD
CIDR IP range to assign Kubernetes services. CIDR IP range to assign Kubernetes services.

4
google-cloud/container-linux/kubernetes/bootkube.tf
View File

@ -1,11 +1,13 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/bootkube-terraform.git?ref=v0.6.1" source = "git::https://github.com/poseidon/bootkube-terraform.git?ref=5ffbfec46dc05721eaf9d15c3c9bbedefaead1bc"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
etcd_servers = ["http://127.0.0.1:2379"] etcd_servers = ["http://127.0.0.1:2379"]
asset_dir = "${var.asset_dir}" asset_dir = "${var.asset_dir}"
networking = "${var.networking}"
network_mtu = 1440
pod_cidr = "${var.pod_cidr}" pod_cidr = "${var.pod_cidr}"
service_cidr = "${var.service_cidr}" service_cidr = "${var.service_cidr}"
experimental_self_hosted_etcd = "true" experimental_self_hosted_etcd = "true"

1
google-cloud/container-linux/kubernetes/cluster.tf
View File

@ -14,6 +14,7 @@ module "controllers" {
preemptible = "${var.controller_preemptible}" preemptible = "${var.controller_preemptible}"
# configuration # configuration
networking = "${var.networking}"
service_cidr = "${var.service_cidr}" service_cidr = "${var.service_cidr}"
kubeconfig_ca_cert = "${module.bootkube.ca_cert}" kubeconfig_ca_cert = "${module.bootkube.ca_cert}"
kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}" kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}"

20
google-cloud/container-linux/kubernetes/network.tf
View File

@ -44,3 +44,23 @@ resource "google_compute_firewall" "allow-internal" {
source_ranges = ["10.0.0.0/8"] source_ranges = ["10.0.0.0/8"]
} }
# Calico BGP and IPIP
# https://docs.projectcalico.org/v2.5/reference/public-cloud/gce
resource "google_compute_firewall" "allow-calico" {
count = "${var.networking == "calico" ? 1 : 0}"
name = "${var.cluster_name}-allow-calico"
network = "${google_compute_network.network.name}"
allow {
protocol = "tcp"
ports = ["179"]
}
allow {
protocol = "ipip"
}
source_ranges = ["10.0.0.0/8"]
}

6
google-cloud/container-linux/kubernetes/variables.tf
View File

@ -65,6 +65,12 @@ variable "asset_dir" {
type = "string" type = "string"
} }
variable "networking" {
description = "Choice of networking provider (flannel or calico)"
type = "string"
default = "flannel"
}
variable "pod_cidr" { variable "pod_cidr" {
description = "CIDR IP range to assign Kubernetes pods" description = "CIDR IP range to assign Kubernetes pods"
type = "string" type = "string"