templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/calico.j2

   1 ---
   2 ##############################################################################
   3 # Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
   4 #                                                                            #
   5 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
   6 # not use this file except in compliance with the License.                   #
   7 #                                                                            #
   8 # You may obtain a copy of the License at                                    #
   9 #       http://www.apache.org/licenses/LICENSE-2.0                           #
  10 #                                                                            #
  11 # Unless required by applicable law or agreed to in writing, software        #
  12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
  13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
  14 # See the License for the specific language governing permissions and        #
  15 # limitations under the License.                                             #
  16 ##############################################################################
  17
  18 schema: armada/Chart/v1
  19 metadata:
  20   schema: metadata/Document/v1
  21   name: kubernetes-calico
  22   layeringDefinition:
  23     abstract: false
  24     layer: site
  25     parentSelector:
  26         name: kubernetes-calico-global
  27     actions:
  28         - method: delete
  29           path: .values.calico
  30         - method: delete
  31           path: .values.etcd
  32         - method: merge
  33           path: .
  34   storagePolicy: cleartext
  35   substitutions:
  36     # IP addresses
  37     -
  38       src:
  39         schema: pegleg/CommonAddresses/v1
  40         name: common-addresses
  41         path: .calico.etcd.service_ip
  42       dest:
  43         path: .values.endpoints.etcd.host_fqdn_override.default
  44     -
  45       src:
  46         schema: pegleg/CommonAddresses/v1
  47         name: common-addresses
  48         path: .kubernetes.pod_cidr
  49       dest:
  50         path: .values.networking.podSubnet
  51     -
  52       src:
  53         schema: pegleg/CommonAddresses/v1
  54         name: common-addresses
  55         path: .kubernetes.api_service_ip
  56       dest:
  57         path: .values.conf.policy_controller.K8S_API
  58         pattern: SUB_KUBERNETES_IP
  59
  60     # Other site-specific configuration
  61     -
  62       src:
  63         schema: pegleg/CommonAddresses/v1
  64         name: common-addresses
  65         path: .calico.ip_autodetection_method
  66       dest:
  67         path: .values.conf.node.IP_AUTODETECTION_METHOD
  68
  69     # Certificates
  70     -
  71       src:
  72         schema: deckhand/CertificateAuthority/v1
  73         name: calico-etcd
  74         path: .
  75       dest:
  76         path: .values.endpoints.etcd.auth.client.tls.ca
  77     -
  78       src:
  79         schema: deckhand/Certificate/v1
  80         name: calico-node
  81         path: .
  82       dest:
  83         path: .values.endpoints.etcd.auth.client.tls.crt
  84     -
  85       src:
  86         schema: deckhand/CertificateKey/v1
  87         name: calico-node
  88         path: .
  89       dest:
  90         path: .values.endpoints.etcd.auth.client.tls.key
  91 data:
  92   chart_name: calico
  93   release: calico
  94   namespace: kube-system
  95   timeout: 600
  96   upgrade:
  97     no_hooks: true
  98   values:
  99     conf:
 100       cni_network_config:
 101         name: k8s-pod-network
 102         cniVersion: 0.1.0
 103         type: calico
 104         etcd_endpoints: __ETCD_ENDPOINTS__
 105         etcd_ca_cert_file: /etc/calico/pki/ca
 106         etcd_cert_file: /etc/calico/pki/crt
 107         etcd_key_file: /etc/calico/pki/key
 108         log_level: info
 109         mtu: 1500
 110         ipam:
 111           type: calico-ipam
 112         policy:
 113           type: k8s
 114           k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__
 115           k8s_auth_token: __SERVICEACCOUNT_TOKEN__
 116
 117       policy_controller:
 118         K8S_API: "https://SUB_KUBERNETES_IP:443"
 119
 120       node:
 121         CALICO_STARTUP_LOGLEVEL: INFO
 122         CLUSTER_TYPE:
 123           - k8s
 124           - bgp
 125         WAIT_FOR_STORAGE: "true"
 126
 127     endpoints:
 128       etcd:
 129         hosts:
 130           default: calico-etcd
 131         scheme:
 132           default: https
 133
 134     networking:
 135       mtu: 1500
 136       settings:
 137         mesh: "off"
 138         ippool:
 139           ipip:
 140             enabled: "false"
 141             mode: "cross-subnet"
 142       bgp:
 143         asnumber: {{yaml.networks.ksn.local_asnumber}}
 144         ipv4:
 145           additional_cidrs:
 146 {% for add_cidr in yaml.networks.ksn.additional_cidrs %}
 147             -  {{add_cidr}}
 148 {% endfor %}
 149           peers:
 150 {% for peer in yaml.networks.ksn.peers %}
 151             - apiVersion: v1
 152               kind: bgpPeer
 153               metadata:
 154                 peerIP: {{peer.ip}}
 155                 scope: {{peer.scope}}
 156               spec:
 157                 asnumber: {{peer.asnumber}}
 158 {% endfor %}
 159     manifests:
 160       daemonset_calico_etcd: false
 161       job_image_repo_sync: false
 162       service_calico_etcd: false
 163 ...