diff --git a/stable/aws-calico/.helmignore b/stable/aws-calico/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/stable/aws-calico/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/stable/aws-calico/Chart.yaml b/stable/aws-calico/Chart.yaml new file mode 100755 index 000000000..8b37b0880 --- /dev/null +++ b/stable/aws-calico/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +description: A Helm chart for installing Calico on AWS +website: https://docs.aws.amazon.com/eks/latest/userguide/calico.html +name: aws-calico +version: 0.1.0 +appVersion: 3.8.1 +icon: https://www.projectcalico.org/wp-content/uploads/2019/09/Calico_Logo_Large_Calico.png \ No newline at end of file diff --git a/stable/aws-calico/README.md b/stable/aws-calico/README.md new file mode 100755 index 000000000..c64d970c0 --- /dev/null +++ b/stable/aws-calico/README.md @@ -0,0 +1,54 @@ +# Calico on AWS + +This chart installs Calico on AWS: https://docs.aws.amazon.com/eks/latest/userguide/calico.html + +## Prerequisites + +- Kubernetes 1.11+ running on AWS + +## Installing the Chart + +First add the EKS repository to Helm: + +```shell +helm repo add eks https://aws.github.io/eks-charts +``` + +Install the Calico CRDs: + +```shell +kubectl apply -k github.com/aws/eks-charts/stable/aws-calico//crds?ref=master +``` + +To install the chart with the release name `aws-calico` and default configuration: + +```shell +$ helm install --name aws-calico --namespace kube-system eks/aws-calico +``` + +To install into an EKS cluster where the CNI is already installed, you can run: + +```shell +helm upgrade --install --recreate-pods --force aws-calico --namespace kube-system eks/aws-calico +``` + +If you receive an error similar to `Error: release aws-calico failed: "aws-calico" already exists`, simply rerun the above command. + +## Configuration + +The following table lists the configurable parameters for this chart and their default values. + +| Parameter | Description | Default | +| ------------------------|---------------------------------------------------------|---------------------------------| +| `calico.typha.image` | Calico Typha Image | `quay.io/calico/typha` | +| `calico.node.image` | Calico Node Image | `quay.io/calico/node` | +| `calico.tag` | Calico version | `v3.8.1` | +| `fullnameOverride` | Override the fullname of the chart | `calico` | +| `serviceAccount.name` | The name of the ServiceAccount to use | `nil` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: + +```shell +$ helm install --name aws-calico --namespace kube-system eks/aws-calico --values values.yaml +``` \ No newline at end of file diff --git a/stable/aws-calico/crds/crds.yaml b/stable/aws-calico/crds/crds.yaml new file mode 100755 index 000000000..73fe142f4 --- /dev/null +++ b/stable/aws-calico/crds/crds.yaml @@ -0,0 +1,214 @@ +# Create all the CustomResourceDefinitions needed for +# Calico policy-only mode. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: felixconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: FelixConfiguration + plural: felixconfigurations + singular: felixconfiguration + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipamblocks.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: IPAMBlock + plural: ipamblocks + singular: ipamblock + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockaffinities.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BlockAffinity + plural: blockaffinities + singular: blockaffinity + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgpconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BGPConfiguration + plural: bgpconfigurations + singular: bgpconfiguration + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgppeers.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BGPPeer + plural: bgppeers + singular: bgppeer +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: IPPool + plural: ippools + singular: ippool + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: hostendpoints.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: HostEndpoint + plural: hostendpoints + singular: hostendpoint + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterinformations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: ClusterInformation + plural: clusterinformations + singular: clusterinformation + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworkpolicies.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: GlobalNetworkPolicy + plural: globalnetworkpolicies + singular: globalnetworkpolicy + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworksets.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: GlobalNetworkSet + plural: globalnetworksets + singular: globalnetworkset + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: NetworkPolicy + plural: networkpolicies + singular: networkpolicy + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networksets.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: NetworkSet + plural: networksets + singular: networkset \ No newline at end of file diff --git a/stable/aws-calico/crds/kustomization.yaml b/stable/aws-calico/crds/kustomization.yaml new file mode 100644 index 000000000..f04014ce4 --- /dev/null +++ b/stable/aws-calico/crds/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- crds.yaml \ No newline at end of file diff --git a/stable/aws-calico/templates/_helpers.tpl b/stable/aws-calico/templates/_helpers.tpl new file mode 100755 index 000000000..0a18027c2 --- /dev/null +++ b/stable/aws-calico/templates/_helpers.tpl @@ -0,0 +1,55 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "aws-calico.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "aws-calico.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "aws-calico.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "aws-calico.labels" -}} +helm.sh/chart: {{ include "aws-calico.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "aws-calico.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "aws-calico.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/stable/aws-calico/templates/config-map.yaml b/stable/aws-calico/templates/config-map.yaml new file mode 100755 index 000000000..9a3cfaa51 --- /dev/null +++ b/stable/aws-calico/templates/config-map.yaml @@ -0,0 +1,22 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha-horizontal-autoscaler" + labels: +{{ include "aws-calico.labels" . | indent 4 }} +data: + ladder: |- + { + "coresToReplicas": [], + "nodesToReplicas": + [ + [1, 1], + [10, 2], + [100, 3], + [250, 4], + [500, 5], + [1000, 6], + [1500, 7], + [2000, 8] + ] + } \ No newline at end of file diff --git a/stable/aws-calico/templates/daemon-set.yaml b/stable/aws-calico/templates/daemon-set.yaml new file mode 100755 index 000000000..9e1a919ca --- /dev/null +++ b/stable/aws-calico/templates/daemon-set.yaml @@ -0,0 +1,137 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: "{{ include "aws-calico.fullname" . }}-node" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-node" +{{ include "aws-calico.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-node" + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-node" + spec: + priorityClassName: system-node-critical + nodeSelector: + beta.kubernetes.io/os: linux + hostNetwork: true + serviceAccountName: "{{ include "aws-calico.serviceAccountName" . }}-node" + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 0 + containers: + # Runs calico/node container on each Kubernetes node. This + # container programs network policy and routes on each + # host. + - name: calico-node + image: "{{ .Values.calico.node.image }}:{{ .Values.calico.tag }}" + env: + # Use Kubernetes API as the backing datastore. + - name: DATASTORE_TYPE + value: "kubernetes" + # Use eni not cali for interface prefix + - name: FELIX_INTERFACEPREFIX + value: "eni" + # Enable felix info logging. + - name: FELIX_LOGSEVERITYSCREEN + value: "info" + # Don't enable BGP. + - name: CALICO_NETWORKING_BACKEND + value: "none" + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: "k8s,ecs" + # Disable file logging so `kubectl logs` works. + - name: CALICO_DISABLE_FILE_LOGGING + value: "true" + - name: FELIX_TYPHAK8SSERVICENAME + value: "calico-typha" + # Set Felix endpoint to host default action to ACCEPT. + - name: FELIX_DEFAULTENDPOINTTOHOSTACTION + value: "ACCEPT" + # This will make Felix honor AWS VPC CNI's mangle table + # rules. + - name: FELIX_IPTABLESMANGLEALLOWACTION + value: Return + # Disable IPV6 on Kubernetes. + - name: FELIX_IPV6SUPPORT + value: "false" + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: "true" + - name: FELIX_LOGSEVERITYSYS + value: "none" + - name: FELIX_PROMETHEUSMETRICSENABLED + value: "true" + - name: NO_DEFAULT_POOLS + value: "true" + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # No IP address needed. + - name: IP + value: "" + - name: FELIX_HEALTHENABLED + value: "true" + securityContext: + privileged: true + livenessProbe: + httpGet: + path: /liveness + port: 9099 + host: localhost + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/calico-node + - -felix-ready + periodSeconds: 10 + volumeMounts: + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico + name: var-lib-calico + readOnly: false + volumes: + # Used to ensure proper kmods are installed. + - name: lib-modules + hostPath: + path: /lib/modules + - name: var-run-calico + hostPath: + path: /var/run/calico + - name: var-lib-calico + hostPath: + path: /var/lib/calico + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + tolerations: + # Make sure calico/node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists diff --git a/stable/aws-calico/templates/deployment.yaml b/stable/aws-calico/templates/deployment.yaml new file mode 100755 index 000000000..26292d569 --- /dev/null +++ b/stable/aws-calico/templates/deployment.yaml @@ -0,0 +1,113 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha" +{{ include "aws-calico.labels" . | indent 4 }} +spec: + revisionHistoryLimit: 2 + selector: + matchLabels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha" + template: + metadata: + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha" + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' + spec: + priorityClassName: system-cluster-critical + nodeSelector: + beta.kubernetes.io/os: linux + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + hostNetwork: true + serviceAccountName: "{{ include "aws-calico.serviceAccountName" . }}-node" + containers: + - image: "{{ .Values.calico.typha.image }}:{{ .Values.calico.tag }}" + name: calico-typha + ports: + - containerPort: 5473 + name: calico-typha + protocol: TCP + env: + # Use eni not cali for interface prefix + - name: FELIX_INTERFACEPREFIX + value: "eni" + - name: TYPHA_LOGFILEPATH + value: "none" + - name: TYPHA_LOGSEVERITYSYS + value: "none" + - name: TYPHA_LOGSEVERITYSCREEN + value: "info" + - name: TYPHA_PROMETHEUSMETRICSENABLED + value: "true" + - name: TYPHA_CONNECTIONREBALANCINGMODE + value: "kubernetes" + - name: TYPHA_PROMETHEUSMETRICSPORT + value: "9093" + - name: TYPHA_DATASTORETYPE + value: "kubernetes" + - name: TYPHA_MAXCONNECTIONSLOWERLIMIT + value: "1" + - name: TYPHA_HEALTHENABLED + value: "true" + # This will make Felix honor AWS VPC CNI's mangle table + # rules. + - name: FELIX_IPTABLESMANGLEALLOWACTION + value: Return + livenessProbe: + httpGet: + path: /liveness + port: 9098 + host: localhost + periodSeconds: 30 + initialDelaySeconds: 30 + readinessProbe: + httpGet: + path: /readiness + port: 9098 + host: localhost + periodSeconds: 10 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha-horizontal-autoscaler" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha-autoscaler" +{{ include "aws-calico.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha-autoscaler" + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha-autoscaler" + spec: + priorityClassName: system-cluster-critical + nodeSelector: + beta.kubernetes.io/os: linux + containers: + - image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.1.2 + name: autoscaler + command: + - /cluster-proportional-autoscaler + - --namespace={{ .Release.Namespace }} + - --configmap={{ include "aws-calico.fullname" . }}-typha-horizontal-autoscaler + - --target=deployment/{{ include "aws-calico.fullname" . }}-typha + - --logtostderr=true + - --v=2 + resources: + requests: + cpu: 10m + limits: + cpu: 10m + serviceAccountName: "{{ include "aws-calico.serviceAccountName" . }}-typha-cpha" \ No newline at end of file diff --git a/stable/aws-calico/templates/pod-disruption-budget.yaml b/stable/aws-calico/templates/pod-disruption-budget.yaml new file mode 100644 index 000000000..8635b3154 --- /dev/null +++ b/stable/aws-calico/templates/pod-disruption-budget.yaml @@ -0,0 +1,13 @@ +# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha" +{{ include "aws-calico.labels" . | indent 4 }} +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha" diff --git a/stable/aws-calico/templates/rbac.yaml b/stable/aws-calico/templates/rbac.yaml new file mode 100755 index 000000000..d2ba94399 --- /dev/null +++ b/stable/aws-calico/templates/rbac.yaml @@ -0,0 +1,182 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "{{ include "aws-calico.fullname" . }}-node" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-node" +{{ include "aws-calico.labels" . | indent 4 }} +rules: + - apiGroups: [""] + resources: + - namespaces + - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + - apiGroups: [""] + resources: + - nodes/status + verbs: + - patch + - update + - apiGroups: [""] + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: [""] + resources: + - services + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + verbs: + - get + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - update + - watch + - apiGroups: ["extensions"] + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + verbs: + - create + - get + - list + - update + - watch + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + verbs: + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "{{ include "aws-calico.fullname" . }}-node" + labels: +{{ include "aws-calico.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ include "aws-calico.fullname" . }}-node" +subjects: + - kind: ServiceAccount + name: "{{ include "aws-calico.serviceAccountName" . }}-node" + namespace: {{ .Release.Namespace }} + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha-cpha" + labels: +{{ include "aws-calico.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ include "aws-calico.fullname" . }}-typha-cpha" +subjects: + - kind: ServiceAccount + name: "{{ include "aws-calico.serviceAccountName" . }}-typha-cpha" + namespace: {{ .Release.Namespace }} + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha-cpha" + labels: +{{ include "aws-calico.labels" . | indent 4 }} +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha-cpha" + labels: +{{ include "aws-calico.labels" . | indent 4 }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + - apiGroups: ["extensions"] + resources: ["deployments/scale"] + verbs: ["get", "update"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha-cpha" + labels: +{{ include "aws-calico.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ include "aws-calico.fullname" . }}-typha-cpha" +subjects: + - kind: ServiceAccount + name: "{{ include "aws-calico.serviceAccountName" . }}-typha-cpha" + namespace: "{{ .Release.Namespace }}" diff --git a/stable/aws-calico/templates/service-accounts.yaml b/stable/aws-calico/templates/service-accounts.yaml new file mode 100755 index 000000000..214093957 --- /dev/null +++ b/stable/aws-calico/templates/service-accounts.yaml @@ -0,0 +1,18 @@ +# Create the ServiceAccount and roles necessary for Calico. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ include "aws-calico.serviceAccountName" . }}-node" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-node" +{{ include "aws-calico.labels" . | indent 4 }} + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ include "aws-calico.serviceAccountName" . }}-typha-cpha" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha-cpha" +{{ include "aws-calico.labels" . | indent 4 }} \ No newline at end of file diff --git a/stable/aws-calico/templates/service.yaml b/stable/aws-calico/templates/service.yaml new file mode 100755 index 000000000..4edb632d4 --- /dev/null +++ b/stable/aws-calico/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "aws-calico.fullname" . }}-typha" + labels: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha" +{{ include "aws-calico.labels" . | indent 4 }} +spec: + ports: + - port: 5473 + protocol: TCP + targetPort: calico-typha + name: "{{ include "aws-calico.fullname" . }}-typha" + selector: + app.kubernetes.io/name: "{{ include "aws-calico.fullname" . }}-typha" diff --git a/stable/aws-calico/values.yaml b/stable/aws-calico/values.yaml new file mode 100755 index 000000000..6e9770eb5 --- /dev/null +++ b/stable/aws-calico/values.yaml @@ -0,0 +1,11 @@ +fullnameOverride: calico + +serviceAccount: + create: true + +calico: + tag: v3.8.1 + typha: + image: quay.io/calico/typha + node: + image: quay.io/calico/node \ No newline at end of file