Custom Networking

Pharos allows users to plug-in any CNI networking implementation on the cluster.

Configuring Custom Networking

Custom networking can be enabled by setting the network provider to custom and configuring the deployment manifest path properly. This will make Pharos to deploy all the needed networking components during the cluster creation.

network:
  provider: custom
  pod_network_cidr: 172.30.0.0/16
  service_cidr: 172.31.0.0/16
  custom:
    manifest_path: ./network-manifests/
    options: {}

Options

Pharos does not define any structure for the options key, it can have any yaml conformant structure. These options, as well as the full cluster configuration yaml, can be used in the manifest templates.

Manifests

As with addons the manifests can be either normal yaml files or templated with Erb. Templating allows easy customizability of the deployment and the ability to match the deployment configuration with the cluster level configuration options.

Example configuration for Flannel

As an example, let's configure the cluster using Flannel as the networking implementation.

In the cluster configuration, you set the provider into custom and point Pharos to use correct set of deployment manifests:

network:
  provider: custom
  pod_network_cidr: 172.30.0.0/16
  service_cidr: 172.31.0.0/16
  custom:
    manifest_path: ./flannel/

There's no configuration options defined as Flannel needs only the pod network CIDR to be configured and that it can get from cluster configuration.

The manifests are told to locate in ./flannel folder. So in that folder, you need to have all the deployment descriptors available. For a simple example Flannel deployment, you'd have following:

01-cluster-role.yml

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes/status
    verbs:
      - patch

02-cluster-role-binding.yml

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system

03-service-account.yml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-system

04-config-map.yml.erb

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-system
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "<%= cluster_config.network.pod_network_cidr %>",
      "Backend": {
        "Type": "vxlan"
      }
    }

Notice how the full cluster configuration is available for the templates using cluster_config variable. If there's specific options provided for custom network you'd access them using cluster_config.networking.custom.options.option_name syntax. In this example we set the pod network CIDR for Flannel.

03-daemon-set.yml

---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay.io/coreos/flannel:v0.10.0-amd64
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.10.0-amd64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: true
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg

results matching ""

    No results matching ""