Merge pull request #2300 from caseydavenport/init-container

Switch etcd mode to use an init container for CNI
projectcalico · Nov 19, 2018 · a4fa5b3 · a4fa5b3
2 parents eb01165 + 567d982
commit a4fa5b3
Showing 1 changed file with 33 additions and 62 deletions.
diff --git a/_includes/master/manifests/calico-node.yaml b/_includes/master/manifests/calico-node.yaml
@@ -56,11 +56,8 @@ spec:
       # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
       # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
       terminationGracePeriodSeconds: 0
-{%- if include.datastore == "kdd" or include.app_layer_policy == "true" %}
       initContainers:
-{%- endif %}
-{%- if include.datastore == "kdd" %}
-        # This init container installs the Calico CNI binaries
+        # This container installs the {{site.prodname}} CNI binaries
         # and CNI network config file on each node.
         - name: install-cni
           image: {{site.imageNames["cni"]}}:{{site.data.versions[page.version].first.components["calico/cni"].version}}
@@ -75,11 +72,40 @@ spec:
                 configMapKeyRef:
                   name: {{include.variant_name | downcase}}-config
                   key: cni_network_config
+{%- if include.datastore == "etcd" %}
+            # The location of the {{site.prodname}} etcd cluster.
+            - name: ETCD_ENDPOINTS
+              valueFrom:
+                configMapKeyRef:
+                  name: {{include.variant_name | downcase}}-config
+                  key: etcd_endpoints
+  {%- if include.network == "flannel" %}
+            # Location of the CA certificate for etcd.
+            - name: ETCD_CA_CERT_FILE
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: etcd_ca
+            # Location of the client key for etcd.
+            - name: ETCD_KEY_FILE
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: etcd_key
+            # Location of the client certificate for etcd.
+            - name: ETCD_CERT_FILE
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: etcd_cert
+  {%- endif %}
+{%- elsif include.datastore == "kdd" %}
             # Set the hostname based on the k8s node name.
             - name: KUBERNETES_NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+{%- endif %}
 {%-  if include.network == "calico" %}
             # CNI MTU Config variable
             - name: CNI_MTU
@@ -96,6 +122,9 @@ spec:
               name: cni-bin-dir
             - mountPath: /host/etc/cni/net.d
               name: cni-net-dir
+{%- if include.datastore == "etcd" %}
+            - mountPath: /calico-secrets
+              name: etcd-certs
 {%- endif %}
 {%- if include.app_layer_policy == "true" %}
         # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
@@ -285,64 +314,6 @@ spec:
             - name: policysync
               mountPath: /var/run/nodeagent
 {%- endif %}
-{%- if include.datastore == "etcd" %}
-        # This container installs the {{site.prodname}} CNI binaries
-        # and CNI network config file on each node.
-        - name: install-cni
-          image: {{site.imageNames["cni"]}}:{{site.data.versions[page.version].first.components["calico/cni"].version}}
-          command: ["/install-cni.sh"]
-          env:
-            # Name of the CNI config file to create.
-            - name: CNI_CONF_NAME
-              value: "10-{{include.variant_name | downcase}}.conflist"
-            # The location of the {{site.prodname}} etcd cluster.
-            - name: ETCD_ENDPOINTS
-              valueFrom:
-                configMapKeyRef:
-                  name: {{include.variant_name | downcase}}-config
-                  key: etcd_endpoints
-  {%- if include.network == "flannel" %}
-            # Location of the CA certificate for etcd.
-            - name: ETCD_CA_CERT_FILE
-              valueFrom:
-                configMapKeyRef:
-                  name: canal-config
-                  key: etcd_ca
-            # Location of the client key for etcd.
-            - name: ETCD_KEY_FILE
-              valueFrom:
-                configMapKeyRef:
-                  name: canal-config
-                  key: etcd_key
-            # Location of the client certificate for etcd.
-            - name: ETCD_CERT_FILE
-              valueFrom:
-                configMapKeyRef:
-                  name: canal-config
-                  key: etcd_cert
-  {%- endif %}
-            # The CNI network config to install on each node.
-            - name: CNI_NETWORK_CONFIG
-              valueFrom:
-                configMapKeyRef:
-                  name: {{include.variant_name | downcase}}-config
-                  key: cni_network_config
-  {%-  if include.network == "calico" %}
-            # CNI MTU Config variable
-            - name: CNI_MTU
-              valueFrom:
-                configMapKeyRef:
-                  name: {{include.variant_name | downcase}}-config
-                  key: veth_mtu
-  {%- endif %}
-          volumeMounts:
-            - mountPath: /host/opt/cni/bin
-              name: cni-bin-dir
-            - mountPath: /host/etc/cni/net.d
-              name: cni-net-dir
-            - mountPath: /calico-secrets
-              name: etcd-certs
-{%- endif %}
 {%- if include.network == "flannel" %}
   {%- if include.datastore == "kdd" %}
         # This container runs flannel using the kube-subnet-mgr backend