network: Add script to install weave net

This commit removes the routes and adds a script to install weave net as the overlay network for the cluster created this way. Signed-off-by: Suraj Deshmukh <[email protected]>
kinvolk-archives · Nov 12, 2018 · 683ca46 · 683ca46
1 parent 43fa5b5
commit 683ca46
Show file tree

Hide file tree

Showing 15 changed files with 27 additions and 106 deletions.
diff --git a/README.md b/README.md
@@ -6,8 +6,6 @@ The setup follows https://github.com/kelseyhightower/kubernetes-the-hard-way
 with the following exceptions:
 
 * `cri-o` is used as a container runtime, not `cri-containerd`
-* The `pod-cidr` is `10.2${i}.0.0/16`, routes are provisioned from
-  `scripts/vagrant-setup-routes.bash` automatically
 * For `crio`, an explicit `--stream-address` must be set, as the address
   of the default interface isn't routable (see e.g. [`config/worker-0-crio.service`](config/worker-0-crio.service))
 * `192.168.199.40` is the IP of the loadbalancer (haproxy) for HA controllers
@@ -27,9 +25,6 @@ To learn Kubernetes from the bottom up, it's recommended to go through
 KTHW manually. `vagrant up` gives you three controller and three worker
 nodes to do that.
 
-The `pod-cidr` is `10.2${i}.0.0/16`, for which the Vagrant nodes have
-configured routes (see `route -n`).
-
 The following KTHW parts can/should be skipped:
 
 * Everything in regard to the frontend loadbalancer
@@ -155,6 +150,23 @@ kubectl get nodes
 [...]
 ```
 
+Install overlay network so pods on different nodes can connect with each other,
+by running following command:
+
+```bash
+./scripts/setup-networking
+```
+
+Now verify that the weave pods are all up and running, using following command:
+
+```console
+$ kubectl -n kube-system get pods -l name=weave-net
+NAME              READY     STATUS    RESTARTS   AGE
+weave-net-24wdp   2/2       Running   0          8m
+weave-net-bnxl6   2/2       Running   0          8m
+weave-net-jh9nx   2/2       Running   0          8m
+```
+
 ## Using the cluster
 
 ### Setup DNS add-on

diff --git a/Vagrantfile b/Vagrantfile
@@ -39,15 +39,12 @@ Vagrant.configure("2") do |config|
         c.vm.hostname = "worker-#{n}"
         c.vm.network "private_network", ip: "192.168.199.2#{n}"
 
-        c.vm.provision :shell, :path => "scripts/vagrant-setup-routes.bash"
         c.vm.provision :shell, :path => "scripts/vagrant-setup-hosts-file.bash"
     end
   end
 
   config.vm.define "traefik-0", autostart: false do |c|
       c.vm.hostname = "traefik-0"
       c.vm.network "private_network", ip: "192.168.199.30"
-
-      c.vm.provision :shell, :path => "scripts/vagrant-setup-routes.bash"
   end
 end
diff --git a/config/worker-0-10-bridge.conf b/config/worker-0-10-bridge.conf
diff --git a/config/worker-0-kubelet-config b/config/worker-0-kubelet-config
@@ -12,7 +12,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.20.0.0/16"
 resolvConf: "/run/systemd/resolve/resolv.conf"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-0.pem"

diff --git a/config/worker-1-10-bridge.conf b/config/worker-1-10-bridge.conf
diff --git a/config/worker-1-kubelet-config b/config/worker-1-kubelet-config
@@ -12,7 +12,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.21.0.0/16"
 resolvConf: "/run/systemd/resolve/resolv.conf"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-1.pem"

diff --git a/config/worker-2-10-bridge.conf b/config/worker-2-10-bridge.conf
diff --git a/config/worker-2-kubelet-config b/config/worker-2-kubelet-config
@@ -12,7 +12,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.22.0.0/16"
 resolvConf: "/run/systemd/resolve/resolv.conf"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-2.pem"

diff --git a/scripts/generate-cni-config b/scripts/generate-cni-config
diff --git a/scripts/generate-kubelet-config-file b/scripts/generate-kubelet-config-file
@@ -20,7 +20,6 @@ authorization:
 clusterDomain: "cluster.local"
 clusterDNS:
 - "10.32.0.10"
-podCIDR: "10.2${i}.0.0/16"
 resolvConf: "/run/systemd/resolve/resolv.conf"
 runtimeRequestTimeout: "10m"
 tlsCertFile: "/var/lib/kubelet/worker-${i}.pem"

diff --git a/scripts/setup b/scripts/setup
@@ -18,6 +18,7 @@ vagrant up
 ./scripts/setup-kubelet-api-cluster-role
 ./scripts/setup-worker-services
 ./scripts/configure-kubectl-on-host
+./scripts/setup-networking
 echo -e "\033[1mFinished. Cluster should be healthy and soon in state ready:\033[0m"
 kubectl get componentstatuses
 kubectl get nodes
diff --git a/scripts/setup-networking b/scripts/setup-networking
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# As mentioned in https://www.weave.works/docs/net/latest/kubernetes/kube-addon/#install
+kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')
diff --git a/scripts/setup-worker-services b/scripts/setup-worker-services
@@ -33,7 +33,6 @@ cp /vagrant/tools/{conmon,pause} /usr/local/libexec/crio/
 cp /vagrant/tools/{crio.conf,seccomp.json} /etc/crio/
 cp /vagrant/tools/policy.json /etc/containers/
 
-cp "/vagrant/config/$(hostname)-10-bridge.conf" /etc/cni/net.d/10-bridge.conf
 cp /vagrant/config/99-loopback.conf /etc/cni/net.d
 cp "/vagrant/config/$(hostname)-crio.service" /etc/systemd/system/crio.service
 

diff --git a/scripts/vagrant-setup-hosts-file.bash b/scripts/vagrant-setup-hosts-file.bash
@@ -12,3 +12,6 @@ cat <<EOF | sudo tee -a /etc/hosts
 192.168.199.21 worker-1
 192.168.199.22 worker-2
 EOF
+
+# Make sure all the nodes do port forwarding
+sudo sysctl -w net.ipv4.ip_forward=1
diff --git a/scripts/vagrant-setup-routes.bash b/scripts/vagrant-setup-routes.bash