Merge "[Calico] Configuration robustness improvements"

2019-01-30 22:16:55 +00:00 · 2019-01-30 22:16:55 +00:00 · 3bd3b70e51
commit 3bd3b70e51
parent b7b7c5ea44 47a2da5af0
3 changed files with 37 additions and 25 deletions
--- a/calico/templates/bin/_calico-settings.sh.tpl
+++ b/calico/templates/bin/_calico-settings.sh.tpl
@ -2,6 +2,13 @@

 set -eux

+
+{{/* Robustness, Calico 3.x wants things as Titlecase; this causes pain */}}
+{{- $_ := set .Values.conf.node "CALICO_IPV4POOL_IPIP" (title .Values.conf.node.CALICO_IPV4POOL_IPIP ) -}}
+{{- $_ := set .Values.conf.node "CALICO_STARTUP_LOGLEVEL" (title .Values.conf.node.CALICO_STARTUP_LOGLEVEL ) -}}
+{{- $_ := set .Values.conf.node "FELIX_LOGSEVERITYSCREEN" (title .Values.conf.node.FELIX_LOGSEVERITYSCREEN ) -}}
+
+
 {{- $envAll := . }}

 {{ if empty .Values.conf.node.CALICO_IPV4POOL_CIDR }}
@ -51,7 +58,7 @@ spec:
 {{- if .Values.conf.node.CALICO_IPV4POOL_BLOCKSIZE }}
  blockSize: {{ .Values.conf.node.CALICO_IPV4POOL_BLOCKSIZE }}
 {{- end }}
-  ipipMode: {{ .Values.networking.settings.ippool.ipip.mode }}
+  ipipMode: {{ .Values.conf.node.CALICO_IPV4POOL_IPIP }}
  natOutgoing: {{ .Values.networking.settings.ippool.nat_outgoing }}
  disabled: {{ .Values.networking.settings.ippool.disabled }}
 EOF
--- a/calico/templates/daemonset-calico-node.yaml
+++ b/calico/templates/daemonset-calico-node.yaml
@ -18,30 +18,33 @@ limitations under the License.
 {{- $envAll := . }}


-
-{{/* Adjust MTU iff we have tunnel overhead; 20 suffices for an IPv4 IPIP header */}}
-{{- if ne .Values.conf.node.CALICO_IPV4POOL_IPIP "Never" -}}
-{{- $_ := set .Values.networking "mtu" (sub .Values.networking.mtu 20) -}}
-# Adjusted MTU to {{ .Values.networking.mtu }}
-{{ end -}}
+{{/* Robustness, Calico 3.x wants things as Titlecase; this causes pain */}}
+{{- $_ := set .Values.conf.node "CALICO_IPV4POOL_IPIP" (title .Values.conf.node.CALICO_IPV4POOL_IPIP ) -}}
+{{- $_ := set .Values.conf.node "CALICO_STARTUP_LOGLEVEL" (title .Values.conf.node.CALICO_STARTUP_LOGLEVEL ) -}}
+{{- $_ := set .Values.conf.node "FELIX_LOGSEVERITYSCREEN" (title .Values.conf.node.FELIX_LOGSEVERITYSCREEN ) -}}


-
-
-{{/* Some values need to be specified in multiple places; set appropriately */}}
-
+{{/* If using tunnels, and FELIX_IPINIPMTU is not set, make it 20 less than the physical to account for IPIP overhead */}}
 {{- if empty .Values.conf.node.FELIX_IPINIPMTU -}}
-{{- $_ := set .Values.conf.node "FELIX_IPINIPMTU" .Values.networking.mtu -}}
+{{- if ne .Values.conf.node.CALICO_IPV4POOL_IPIP "Never" -}}
+{{- $_ := set .Values.conf.node "FELIX_IPINIPMTU" (sub .Values.networking.mtu 20) -}}
+# Setting tunnel MTU to {{ .Values.conf.node.FELIX_IPINIPMTU }}
+{{- end -}}
 {{- end -}}

+
+{{/* CNI_MTU is >= than the IPIP mtu, usually the physical MTU of the system */}}
 {{- if empty .Values.conf.node.CNI_MTU -}}
-{{- $_ := set .Values.conf.node "CNI_MTU" .Values.conf.node.FELIX_IPINIPMTU -}}
+{{- $_ := set .Values.conf.node "CNI_MTU" .Values.networking.mtu -}}
 {{- end -}}

+
 {{- if empty .Values.conf.node.CALICO_IPV4POOL_CIDR -}}
 {{- $_ := set .Values.conf.node "CALICO_IPV4POOL_CIDR" .Values.networking.podSubnet -}}
 {{- end -}}

+
+
 {{- $serviceAccountName := "calico-node" }}
 {{ tuple $envAll "calico_node" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
--- a/calico/values.yaml
+++ b/calico/values.yaml
@ -190,14 +190,12 @@ networking:

  settings:
    mesh: "on"
-    # technically this could be a list, today we only support
-    # a single podSubnet, the one above.  The settings below
-    # will be applied to that ipPool
+    # technically this could be a list, today we only support a single
+    # podSubnet, the one above.  The settings below will be applied to
+    # that ipPool
    ippool:
      ipip:
        enabled: "true"
-        # Titlecase
-        mode: "Always"
      nat_outgoing: "true"
      disabled: "false"

@ -496,22 +494,26 @@ conf:
    # Disable file logging so `kubectl logs` works.
    CALICO_DISABLE_FILE_LOGGING: "true"
    # Set Felix endpoint to host default action to ACCEPT.
-    # early/startup log level for calico-node on startup.  Titlecase
-    # not lowercase.
+    # early/startup log level for calico-node on startup.
    CALICO_STARTUP_LOGLEVEL: "Info"
    FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT"
-    # Configure the IP Pool from which Pod IPs will be chosen.
+    # Configure the IP Pool from which Pod IPs will be chosen; it's
+    # recommended you leave this as null and the value from
+    # networking.podSubnet will be used
    CALICO_IPV4POOL_CIDR: null
    # See https://docs.projectcalico.org/v3.4/reference/calicoctl/resources/ippool
    CALICO_IPV4POOL_BLOCKSIZE: 26
-    # Change this to 'off' in environments with direct L2 communication
-    # Titlecase
+    # Change this to 'Never' in environments with direct L2
+    # communication (such that tunnels are not needed for pods on
+    # different hosts to communicate with each otehr).
    CALICO_IPV4POOL_IPIP: "Always"
    # Disable IPv6 on Kubernetes.
    FELIX_IPV6SUPPORT: "false"
-    # Set MTU for tunnel device used if ipip is enabled
+    # Set MTU for tunnel device used if ipip is enabled, it's
+    # recommended you leave this as null and an appropriate value will
+    # be set based on tunneling mode and the networking.mtu value
    FELIX_IPINIPMTU: null
-    # Set Felix logging, Titlecase not lowercase.
+    # Set Felix logging; also (ab)used for bgp configuration
    FELIX_LOGSEVERITYSCREEN: "Info"
    FELIX_HEALTHENABLED: "true"
    # Set Felix experimental Prometheus metrics server