Allow run calico-node on containerd
Related task: PROD-24675
Change-Id: Iea521538fa7ad44876a7f56ceeecf58203ea6e4d
diff --git a/kubernetes/files/calico/calico-node.service.ctr b/kubernetes/files/calico/calico-node.service.ctr
new file mode 100644
index 0000000..30ec001
--- /dev/null
+++ b/kubernetes/files/calico/calico-node.service.ctr
@@ -0,0 +1,47 @@
+[Unit]
+Description=calico-node
+After=containerd.service
+Requires=containerd.service
+
+[Service]
+ExecStartPre=-/usr/bin/ctr t delete -f calico-node
+ExecStartPre=-/usr/bin/ctr c rm calico-node
+ExecStartPre=/usr/bin/ctr i pull {{ calico.image }}
+ExecStartPre=/bin/mkdir -p /var/run/calico
+ExecStart=/usr/bin/ctr run --net-host --privileged \
+ --env NODENAME={{ hostname }} \
+ --env IP={{ address }} \
+{%- if calico.network_backend is defined %}
+ --env CALICO_NETWORKING_BACKEND="{{ calico.network_backend }}" \
+{%- endif %}
+ --env AS={{ calico.get('as', '64512') }} \
+ --env NO_DEFAULT_POOLS={{ calico.get('no_default_pools', false ) }} \
+ --env CALICO_STARTUP_LOGLEVEL={{ calico.get('log_level', 'INFO') }} \
+ --env CLUSTER_TYPE='k8s,bgp' \
+ --env CALICO_LIBNETWORK_ENABLED={{ calico.get('libnetwork_enabled', false ) }} \
+ --env ETCD_ENDPOINTS={% for member in calico.etcd.members %}http{% if calico.etcd.get('ssl', {}).get('enabled') %}s{% endif %}://{{ member.host }}:{{ member.port }}{% if not loop.last %},{% endif %}{% endfor %} \
+{%- if calico.etcd.get('ssl', {}).get('enabled') %}
+ --env ETCD_CA_CERT_FILE=/var/lib/etcd/ca.pem \
+ --env ETCD_CERT_FILE=/var/lib/etcd/etcd-client.crt \
+ --env ETCD_KEY_FILE=/var/lib/etcd/etcd-client.key \
+ --mount type=bind,src=/var/lib/etcd/,dst=/var/lib/etcd/,options=rbind:ro \
+{%- endif %}
+{%- if calico.get('prometheus', {}).get('enabled') %}
+ --env FELIX_PROMETHEUSMETRICSENABLED=true \
+ --env FELIX_PROMETHEUSMETRICSPORT={{ calico.prometheus.get('port', 9091) }} \
+{%- endif %}
+ --mount type=bind,src=/var/log/calico,dst=/var/log/calico,options=rbind:rw \
+ --mount type=bind,src=/var/lib/calico,dst=/var/lib/calico,options=rbind:rw \
+ --mount type=bind,src=/lib/modules,dst=/lib/modules,options=rbind:rw \
+ --mount type=bind,src=/var/run/calico,dst=/var/run/calico,options=rbind:rw \
+ {{ calico.image }} \
+ calico-node
+
+Restart=always
+RestartSec=10s
+
+ExecStop=-/usr/bin/ctr t delete -f calico-node
+ExecStop=-/usr/bin/ctr c rm calico-node
+
+[Install]
+WantedBy=multi-user.target
diff --git a/kubernetes/master/calico.sls b/kubernetes/master/calico.sls
index 1f21350..8f8b161 100644
--- a/kubernetes/master/calico.sls
+++ b/kubernetes/master/calico.sls
@@ -1,3 +1,4 @@
+{%- from "kubernetes/map.jinja" import common with context %}
{%- from "kubernetes/map.jinja" import master with context %}
{%- if master.enabled %}
@@ -33,12 +34,36 @@
{%- endif %}
{%- if master.network.calico.get('systemd', true) %}
+{%- if common.get('containerd', {}).get('enabled', false) %}
+/etc/systemd/system/calico-node.service:
+ file.managed:
+ - source: salt://kubernetes/files/calico/calico-node.service.ctr
+ - user: root
+ - group: root
+ - template: jinja
+ - require:
+ - service: containerd
+ - defaults:
+ hostname: {{ master.host.name }}{% if master.host.get('domain') %}.{{ master.host.domain }}{%- endif %}
+ address: {{ master.apiserver.address }}
+ calico: {{ master.network.calico }}
+{%- else %}
/etc/systemd/system/calico-node.service:
file.managed:
- source: salt://kubernetes/files/calico/calico-node.service.master
- user: root
- group: root
- template: jinja
+{%- endif %}
+
+{%- for dirname in ['lib', 'log'] %}
+/var/{{ dirname }}/calico:
+ file.directory:
+ - user: root
+ - group: root
+ - require_in:
+ - service: calico-node
+{%- endfor %}
calico_node:
service.running:
diff --git a/kubernetes/pool/calico.sls b/kubernetes/pool/calico.sls
index 3f2919f..cd99513 100644
--- a/kubernetes/pool/calico.sls
+++ b/kubernetes/pool/calico.sls
@@ -1,3 +1,4 @@
+{%- from "kubernetes/map.jinja" import common with context %}
{%- from "kubernetes/map.jinja" import pool with context %}
{%- if pool.enabled %}
@@ -83,12 +84,36 @@
{%- if pool.network.calico.get('systemd', true) %}
+{%- if common.get('containerd', {}).get('enabled', false) %}
+/etc/systemd/system/calico-node.service:
+ file.managed:
+ - source: salt://kubernetes/files/calico/calico-node.service.ctr
+ - user: root
+ - group: root
+ - template: jinja
+ - require:
+ - service: containerd
+ - defaults:
+ hostname: {{ pool.host.name }}{% if pool.host.get('domain') %}.{{ pool.host.domain }}{%- endif %}
+ address: {{ pool.address }}
+ calico: {{ pool.network.calico }}
+{%- else %}
/etc/systemd/system/calico-node.service:
file.managed:
- source: salt://kubernetes/files/calico/calico-node.service.pool
- user: root
- group: root
- template: jinja
+{%- endif %}
+
+{%- for dirname in ['lib', 'log'] %}
+/var/{{ dirname }}/calico:
+ file.directory:
+ - user: root
+ - group: root
+ - require_in:
+ - service: calico-node
+{%- endfor %}
calico_node:
service.running: