diff --git a/calico.py b/calico.py index e1b06e1a9..9aecd0874 100755 --- a/calico.py +++ b/calico.py @@ -458,7 +458,7 @@ def _call_ipam_plugin(self, env): print_cni_error(ERR_CODE_GENERIC, "Invalid network config", "Must be running under Kubernetes to use \ 'subnet: usePodCidr'") - _log.info("Using Kubernetes pod cidr") + _log.info("Using Kubernetes podCIDR for node: %s", self.k8s_node_name) pod_cidr = self._get_kubernetes_pod_cidr() self.network_config["ipam"]["subnet"] = str(pod_cidr) @@ -480,53 +480,37 @@ def _get_kubernetes_pod_cidr(self): First check if we've written it to disk. If so, use that value. If not, then query the Kubernetes API for it. """ - local_store_path = os.path.abspath("podCidr.cache") - if os.path.exists(local_store_path): - _log.info("Loading podCidr from disk: %s", local_store_path) - with open(local_store_path, "r") as f: - pod_cidr = f.read().strip() - _log.debug("Loaded podCidr from disk: %s", pod_cidr) - else: - _log.info("Getting node.spec.podCidr from API, kubeconfig: %s", - self.kubeconfig_path) - if not self.kubeconfig_path: - # Fow now, kubeconfig is the only supported auth method. - print_cni_error(ERR_CODE_GENERIC, "Missing kubeconfig", - "usePodCidr requires specification of kubeconfig file") - sys.exit(ERR_CODE_GENERIC) + _log.info("Getting node.spec.podCidr from API, kubeconfig: %s", + self.kubeconfig_path) + if not self.kubeconfig_path: + # For now, kubeconfig is the only supported auth method. + print_cni_error(ERR_CODE_GENERIC, "Missing kubeconfig", + "usePodCidr requires specification of kubeconfig file") + sys.exit(ERR_CODE_GENERIC) - # Query the API for this node. Default node name to the hostname. - try: - api = HTTPClient(KubeConfig.from_file(self.kubeconfig_path)) - node = None - for n in Node.objects(api): - if n.obj["metadata"]["name"] == self.k8s_node_name: - _log.debug("Checking node: %s", n.obj["metadata"]["name"]) - node = n - break - if not node: - raise KeyError("Unable to find node in API: %s", self.k8s_node_name) - _log.debug("Found node %s: %s: ", node.obj["metadata"]["name"], - node.obj["spec"]) - except Exception: - print_cni_error(ERR_CODE_GENERIC, "Error querying Kubernetes API", - "Failed to get podCidr from Kubernetes API") + # Query the API for this node. Default node name to the hostname. + try: + api = HTTPClient(KubeConfig.from_file(self.kubeconfig_path)) + node = None + for n in Node.objects(api): + if n.obj["metadata"]["name"] == self.k8s_node_name: + _log.debug("Checking node: %s", n.obj["metadata"]["name"]) + node = n + break + if not node: + raise KeyError("Unable to find node in API: %s", self.k8s_node_name) + _log.debug("Found node %s: %s: ", node.obj["metadata"]["name"], + node.obj["spec"]) + except Exception: + print_cni_error(ERR_CODE_GENERIC, "Error querying Kubernetes API", + "Failed to get podCidr from Kubernetes API") + sys.exit(ERR_CODE_GENERIC) + else: + pod_cidr = node.obj["spec"].get("podCIDR") + if not pod_cidr: + print_cni_error(ERR_CODE_GENERIC, "Missing podCidr", + "No podCidr for node %s" % self.k8s_node_name) sys.exit(ERR_CODE_GENERIC) - else: - pod_cidr = node.obj["spec"].get("podCIDR") - if not pod_cidr: - print_cni_error(ERR_CODE_GENERIC, "Missing podCidr", - "No podCidr for node %s" % self.k8s_node_name) - sys.exit(ERR_CODE_GENERIC) - else: - # Success - write to disk so we don't have to - # always query the API for this. - with open(local_store_path, "w") as f: - _log.info("Caching podCidr on disk: %s", local_store_path) - try: - f.write(pod_cidr) - except Exception: - _log.warning("Failed to write %s", local_store_path) _log.debug("Using podCidr: %s", pod_cidr) return pod_cidr diff --git a/configuration.md b/configuration.md index b2e0d0635..b143ae9a5 100644 --- a/configuration.md +++ b/configuration.md @@ -44,6 +44,8 @@ When using Calico IPAM, the following flags determine what IP addresses should b A specific IP address can be chosen by using [`CNI_ARGS`](https://github.com/appc/cni/blob/master/SPEC.md#parameters) and setting `IP` to the desired value. +When using the CNI `host-local` IPAM plugin, a special value `usePodCidr` is allowed for the subnet field. This tells the plugin to determine the subnet to use from the Kubernetes API based on the Node.podCIDR field. This is currently only supported when using `kubeconfig` for accessing the API. + ## Kubernetes specific When using the Calico CNI plugin with Kubernetes, an additional config block can be specified to control how network policy is configured. The required config block is `policy`. See the [Calico Kubernetes documentation](https://github.com/projectcalico/calico-containers/tree/master/docs/cni/kubernetes) for more information. @@ -63,6 +65,7 @@ The CNI plugin may need to authenticate with the Kubernetes API server. The foll * `k8s_client_key` * `k8s_certificate_authority` * Verifying the API certificate against a CA only works if connecting to the API server using a hostname. +* `kubeconfig` [![Analytics](https://calico-ga-beacon.appspot.com/UA-52125893-3/calico-cni/configuration.md?pixel)](https://github.com/igrigorik/ga-beacon)