diff --git a/charts/calico/.helmignore b/charts/calico/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/charts/calico/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/calico/Chart.yaml b/charts/calico/Chart.yaml deleted file mode 100644 index 440060dd..00000000 --- a/charts/calico/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Calico -name: calico -version: 0.1.0 diff --git a/charts/calico/requirements.yaml b/charts/calico/requirements.yaml deleted file mode 100644 index 7496230c..00000000 --- a/charts/calico/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2017 AT&T Intellectual Property. All other rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: helm-toolkit - repository: http://localhost:8879/charts - version: 0.1.0 diff --git a/charts/calico/templates/configmap.yaml b/charts/calico/templates/configmap.yaml deleted file mode 100644 index 53c7e1c1..00000000 --- a/charts/calico/templates/configmap.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Calico Version v2.2.1 -# http://docs.projectcalico.org/v2.2/releases#v2.2.1 -# This manifest includes the following component versions: -# calico/node:v1.2.1 -# calico/cni:v1.8.3 -# calico/kube-policy-controller:v0.6.0 - -{{- if eq .Values.calico.ipip "off" }} -{{- $_ := set .Values "__calicoMTU" .Values.calico.mtu -}} -{{- else }} -{{- $_ := set .Values "__calicoMTU" (sub .Values.calico.mtu 20) -}} -{{- end }} - -# This ConfigMap is used to configure a self-hosted Calico installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system -data: - # The location of your etcd cluster. This uses the Service clusterIP - # defined below. - etcd_endpoints: https://{{ .Values.etcd.service.ip }}:{{ .Values.etcd.service.port }} - - # Configure the Calico backend to use. - calico_backend: "bird" - - # The CNI network configuration to install on each node. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.1.0", - "type": "calico", - "etcd_endpoints": "__ETCD_ENDPOINTS__", - "etcd_key_file": "__ETCD_KEY_FILE__", - "etcd_cert_file": "__ETCD_CERT_FILE__", - "etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__", - "log_level": "info", - "mtu": {{ .Values.__calicoMTU }}, - "ipam": { - "type": "calico-ipam" - }, - "policy": { - "type": "k8s", - "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__", - "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" - }, - "kubernetes": { - "kubeconfig": "/etc/cni/net.d/__KUBECONFIG_FILENAME__" - } - } - - # If you're using TLS enabled etcd uncomment the following. - # You must also populate the Secret below with these files. - etcd_ca: "/calico-secrets/etcd-ca" - etcd_cert: "/calico-secrets/etcd-cert" - etcd_key: "/calico-secrets/etcd-key" diff --git a/charts/calico/templates/daemonset-node.yaml b/charts/calico/templates/daemonset-node.yaml deleted file mode 100644 index 4b94f092..00000000 --- a/charts/calico/templates/daemonset-node.yaml +++ /dev/null @@ -1,214 +0,0 @@ ---- -# This manifest installs the calico/node container, as well -# as the Calico CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node -spec: - selector: - matchLabels: - k8s-app: calico-node - template: - metadata: - labels: - k8s-app: calico-node - annotations: - # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler - # reserves resources for critical add-on pods so that they can be rescheduled after - # a failure. This annotation works in tandem with the toleration below. - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - # Allow this pod to be rescheduled while the node is in "critical add-ons only" mode. - # This, along with the annotation above marks this pod as a critical add-on. - - key: CriticalAddonsOnly - operator: Exists - serviceAccountName: calico-cni-plugin - containers: - # Runs calico/node container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: {{ .Values.images.node }} -{{ tuple . .Values.pod.resources.calico_node | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - env: - # The location of the Calico etcd cluster. - - name: ETCD_ENDPOINTS - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_endpoints - - name: WAIT_FOR_DATASTORE - value: "true" - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Enable BGP. Disable to enforce policy only. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "k8s,bgp" - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - # Configure the IP Pool from which Pod IPs will be chosen. - - name: CALICO_IPV4POOL_CIDR - value: {{ .Values.calico.pod_ip_cidr }} - - name: CALICO_IPV4POOL_IPIP - value: {{ .Values.calico.ipip | quote }} - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - # Set Felix logging to "info" - - name: FELIX_LOGSEVERITYSCREEN - value: "info" - {{- if not (eq .Values.calico.ipip "off") }} - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - value: {{ sub .Values.calico.mtu 20 | quote }} - {{- end }} - # Location of the CA certificate for etcd. - - name: ETCD_CA_CERT_FILE - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_ca - # Location of the client key for etcd. - - name: ETCD_KEY_FILE - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_key - # Location of the client certificate for etcd. - - name: ETCD_CERT_FILE - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_cert - # Auto-detect the BGP IP address. - - name: IP - value: "" - {{- if .Values.calico.ip_autodetection_method }} - - name: IP_AUTODETECTION_METHOD - value: {{ .Values.calico.ip_autodetection_method }} - {{- end }} - securityContext: - privileged: true - resources: - requests: - cpu: 250m - volumeMounts: - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /calico-secrets - name: etcd-certs - # This container installs the Calico CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: {{ .Values.images.cni }} - command: ["/install-cni.sh"] - env: - # The location of the Calico etcd cluster. - - name: ETCD_ENDPOINTS - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_endpoints - - name: ETCD_CA_CERT_FILE - value: /etc/kubernetes/calico/pki/etcd-client-ca.pem - - name: ETCD_CERT_FILE - value: /etc/kubernetes/calico/pki/etcd-client.pem - - name: ETCD_KEY_FILE - value: /etc/kubernetes/calico/pki/etcd-client-key.pem - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /calico-secrets - name: etcd-certs - {{- if .Values.calico.ctl.install_on_host }} - # This container installs calicoctl on each node. - - name: install-calicoctl - image: {{ .Values.images.cni }} - command: - - /bin/sh - - -c - - |- - set -ex - - cat <<'SCRIPT' > /target/calicoctl - #!/usr/bin/env bash - set -e - - exec docker run --rm -it \ - --net host \ - -e ETCD_CA_CERT_FILE=/etc/cni/net.d/calico-tls/etcd-ca \ - -e ETCD_CERT_FILE=/etc/cni/net.d/calico-tls/etcd-cert \ - -e ETCD_KEY_FILE=/etc/cni/net.d/calico-tls/etcd-key \ - -e ETCD_ENDPOINTS=https://{{ .Values.etcd.service.ip }}:{{ .Values.etcd.service.port }},https://127.0.0.1:{{ .Values.etcd.service.port }} \ - -v /etc/cni/net.d/calico-tls:/etc/cni/net.d/calico-tls \ - {{ .Values.images.ctl }} \ - $* - SCRIPT - - chmod 755 /target/calicoctl - - while true ; do - sleep 10000 - done - - volumeMounts: - - name: host-bin - mountPath: /target - {{- end }} - volumes: - # Used by calico/node. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Mount in the etcd TLS secrets. - - name: etcd-certs - secret: - secretName: calico-etcd-secrets - {{- if .Values.calico.ctl.install_on_host }} - - name: host-bin - hostPath: - path: /usr/local/bin - {{- end }} diff --git a/charts/calico/templates/deployment-policy-controller.yaml b/charts/calico/templates/deployment-policy-controller.yaml deleted file mode 100644 index b38ebded..00000000 --- a/charts/calico/templates/deployment-policy-controller.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -# This manifest deploys the Calico policy controller on Kubernetes. -# See https://github.com/projectcalico/k8s-policy -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: calico-policy-controller - namespace: kube-system - labels: - k8s-app: calico-policy -spec: - # The policy controller can only have a single active instance. - replicas: 1 - strategy: - type: Recreate - template: - metadata: - name: calico-policy-controller - namespace: kube-system - labels: - k8s-app: calico-policy-controller - annotations: - # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler - # reserves resources for critical add-on pods so that they can be rescheduled after - # a failure. This annotation works in tandem with the toleration below. - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - # The policy controller must run in the host network namespace so that - # it isn't governed by policy that would prevent it from working. - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - # Allow this pod to be rescheduled while the node is in "critical add-ons only" mode. - # This, along with the annotation above marks this pod as a critical add-on. - - key: CriticalAddonsOnly - operator: Exists - serviceAccountName: calico-policy-controller - containers: - - name: calico-policy-controller - image: {{ .Values.images.policy_controller }} -{{ tuple . .Values.pod.resources.calico_policy_controller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - env: - # The location of the Calico etcd cluster. - - name: ETCD_ENDPOINTS - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_endpoints - # Location of the CA certificate for etcd. - - name: ETCD_CA_CERT_FILE - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_ca - # Location of the client key for etcd. - - name: ETCD_KEY_FILE - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_key - # Location of the client certificate for etcd. - - name: ETCD_CERT_FILE - valueFrom: - configMapKeyRef: - name: calico-config - key: etcd_cert - # The location of the Kubernetes API. Use the default Kubernetes - # service for API access. - - name: K8S_API - value: "https://kubernetes.default:443" - # Since we're running in the host namespace and might not have KubeDNS - # access, configure the container's /etc/hosts to resolve - # kubernetes.default to the correct service clusterIP. - - name: CONFIGURE_ETC_HOSTS - value: "true" - volumeMounts: - # Mount in the etcd TLS secrets. - - mountPath: /calico-secrets - name: etcd-certs - volumes: - # Mount in the etcd TLS secrets. - - name: etcd-certs - secret: - secretName: calico-etcd-secrets diff --git a/charts/calico/templates/rbac.yaml b/charts/calico/templates/rbac.yaml deleted file mode 100644 index 822cd2c1..00000000 --- a/charts/calico/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: calico-cni-plugin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-cni-plugin -subjects: -- kind: ServiceAccount - name: calico-cni-plugin - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-cni-plugin - namespace: kube-system -rules: - - apiGroups: [""] - resources: - - pods - - nodes - verbs: - - get ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-cni-plugin - namespace: kube-system - ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: calico-policy-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-policy-controller -subjects: -- kind: ServiceAccount - name: calico-policy-controller - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-policy-controller - namespace: kube-system -rules: - - apiGroups: - - "" - - extensions - resources: - - pods - - namespaces - - networkpolicies - verbs: - - watch - - list - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-policy-controller - namespace: kube-system diff --git a/charts/calico/templates/secret.yaml b/charts/calico/templates/secret.yaml deleted file mode 100644 index 84169b64..00000000 --- a/charts/calico/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# The following contains k8s Secrets for use with a TLS enabled etcd cluster. -# For information on populating Secrets, see http://kubernetes.io/docs/user-guide/secrets/ -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: calico-etcd-secrets - namespace: kube-system -data: - # Populate the following files with etcd TLS configuration if desired, but leave blank if - # not using TLS for etcd. - # This self-hosted install expects three files with the following names. The values - # should be base64 encoded strings of the entire contents of each file. - etcd-key: {{ .Values.etcd.tls.key | b64enc }} - etcd-cert: {{ .Values.etcd.tls.cert | b64enc }} - etcd-ca: {{ .Values.etcd.tls.ca | b64enc }} diff --git a/charts/calico/values.yaml b/charts/calico/values.yaml deleted file mode 100644 index f63e2524..00000000 --- a/charts/calico/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -calico: - ip_autodetection_method: null - pod_ip_cidr: 10.97.0.0/16 - mtu: 1500 - ipip: always - ctl: - install_on_host: false - -etcd: - service: - ip: 10.96.232.136 - port: 6666 - tls: - ca: |- - invalid ca - cert: |- - invalid cert - key: |- - invalid key - -images: - cni: quay.io/calico/cni:v1.11.2 - ctl: quay.io/calico/ctl:v1.6.3 - node: quay.io/calico/node:v2.6.5 - policy_controller: quay.io/calico/kube-controllers:v1.0.2 - -pod: - resources: - enabled: false - calico_node: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - calico_policy_controller: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m"