openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "[Calico] Allow resource configuration using chart (overrides)"

Browse Source
This commit is contained in:
Zuul 2018-10-22 22:49:08 +00:00 committed by Gerrit Code Review
commit a0d58decff
2 changed files with 169 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
calico/templates/bin/_calico-settings.sh.tpl
View File

@ -2,6 +2,8 @@
set -eux set -eux
{{- $envAll := . }}
{{ if empty .Values.conf.node.CALICO_IPV4POOL_CIDR }} {{ if empty .Values.conf.node.CALICO_IPV4POOL_CIDR }}
{{ $_ := set .Values.conf.node "CALICO_IPV4POOL_CIDR" .Values.networking.podSubnet }} {{ $_ := set .Values.conf.node "CALICO_IPV4POOL_CIDR" .Values.networking.podSubnet }}
{{ end }} {{ end }}
@ -66,5 +68,20 @@ $CTL apply -f - <<EOF
EOF EOF
{{ end }} {{ end }}
exit 0 {{/* gotpl quirks mean it is easier to loop from 0 to 9 looking for a match in an inner loop than trying to extract and sort */}}
{{ if .Values.networking.policy }}
# Policy and Endpoint rules
{{ range $n, $data := tuple 0 1 2 3 4 5 6 7 8 9 }}
# Priority: {{ $n }} objects
{{- range $section, $data := $envAll.Values.networking.policy }}
{{- if eq (toString $data.priority) (toString $n) }}
# Section: {{ $section }} Priority: {{ $data.priority }} {{ $n }}
$CTL apply -f - <<EOF
{{ $data.rules | toYaml }}
EOF
{{- end }}
{{- end }}
{{- end }}
{{ end }}
exit 0

154
calico/values.yaml
View File

@ -247,6 +247,153 @@ networking:
neighbor: 179 neighbor: 179
listen: 179 listen: 179
# Policy contains embedded Calico policy and/or endpoint objects.
# Because lists are cumbersome to deal with this is stuctured as a
# dictionary (therefore not ordered). The top-level key names are
# not important, priority contains a value between 0 and 9 inclusive
# and rules contains any objects (typically used as rules).
# Priority 0 objects are emitted before priority 9. It is
# recommended any rules such as HostEndpoint be given a higher
# priority so that they are applied after more generic objects.
# Priority values outside of integers 0 through 9 are not valid and
# should not be used.
policy:
# alpha:
# priority: 0
# rules:
# - apiVersion: projectcalico.org/v3
# kind: GlobalNetworkPolicy
# metadata:
# name: allow-tcp-6379
# spec:
# order: 0
# selector: role == 'database'
# types:
# - Ingress
# - Egress
# ingress:
# - action: Allow
# protocol: TCP
# source:
# selector: role == 'frontend'
# destination:
# ports:
# - 6379
# egress:
# - action: Allow
# - apiVersion: projectcalico.org/v3
# kind: GlobalNetworkPolicy
# metadata:
# name: allow-tcp-3306
# spec:
# order: 1
# selector: role == 'database'
# types:
# - Ingress
# - Egress
# ingress:
# - action: Allow
# protocol: TCP
# source:
# selector: role == 'frontend'
# destination:
# ports:
# - 3306
# egress:
# - action: Allow
# beta:
# priority: 1
# rules:
# - apiVersion: projectcalico.org/v3
# kind: NetworkPolicy
# metadata:
# name: allow-tcp-6379
# namespace: production
# spec:
# selector: role == 'database'
# types:
# - Ingress
# - Egress
# ingress:
# - action: Allow
# protocol: TCP
# source:
# selector: role == 'frontend'
# destination:
# ports:
# - 6379
# egress:
# - action: Allow
# - apiVersion: projectcalico.org/v3
# kind: NetworkPolicy
# metadata:
# name: allow-tcp-8081
# namespace: production
# spec:
# selector: role == 'webthing'
# types:
# - Ingress
# - Egress
# ingress:
# - action: Allow
# protocol: TCP
# source:
# selector: role == 'frontend'
# destination:
# ports:
# - 8081
# egress:
# - action: Allow
# zulu:
# priority: 9
# rules:
# - apiVersion: projectcalico.org/v3
# kind: HostEndpoint
# metadata:
# name: first.thing
# labels:
# type: production
# spec:
# interfaceName: eth0
# node: mysecrethost
# expectedIPs:
# - 192.168.0.1
# - 192.168.0.2
# profiles:
# - profile1
# - profile2
# ports:
# - name: some-port
# port: 1234
# protocol: TCP
# - name: another-port
# port: 5432
# protocol: UDP
# - apiVersion: projectcalico.org/v3
# kind: HostEndpoint
# metadata:
# name: second.thing
# labels:
# type: production
# spec:
# interfaceName: eth1
# node: myothersecrethost
# expectedIPs:
# - 192.168.1.1
# - 192.168.1.2
# profiles:
# - profile1
# - profile2
# ports:
# - name: some-port
# port: 1234
# protocol: TCP
# - name: another-port
# port: 5432
# protocol: UDP
conf: conf:
etcd: etcd:
credentials: credentials:
@ -299,9 +446,10 @@ conf:
# Cluster type to identify the deployment type # Cluster type to identify the deployment type
# NOTE: v2 had a list ... v3 a comma separated string # NOTE: v2 had a list ... v3 a comma separated string
CLUSTER_TYPE: "k8s,bgp" CLUSTER_TYPE: "k8s,bgp"
# Describes which BGP networking backend to use gobgp, bird, none. Default is bird. # Describes which BGP networking backend to use gobgp, bird, none.
# NOTE(alanmeadows) today this chart only supports applying the bgp customizations to # Default is bird. NOTE(alanmeadows) today this chart only
# bird templates - in the future we may support gobgp as well # supports applying the bgp customizations to bird templates - in
# the future we may support gobgp as well
CALICO_NETWORKING_BACKEND: bird CALICO_NETWORKING_BACKEND: bird
# Location of the CA certificate for etcd. # Location of the CA certificate for etcd.
ETCD_CA_CERT_FILE: "" ETCD_CA_CERT_FILE: ""