diff --git a/docs/assets/scripts/developer/k3d-dev.sh b/docs/assets/scripts/developer/k3d-dev.sh
index 86b7444e9d0c8e3934a7b0f544cc6cf4e946c59c..b3d80c7f7feef7365aa1b2259b4fabeec9c168a8 100755
--- a/docs/assets/scripts/developer/k3d-dev.sh
+++ b/docs/assets/scripts/developer/k3d-dev.sh
@@ -2,6 +2,9 @@
K3D_VERSION="5.5.1"
+# get the current script dir
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
function run() {
ssh -i ~/.ssh/${KeyName}.pem -o StrictHostKeyChecking=no -o IdentitiesOnly=yes ubuntu@${PublicIP} "$@"
}
@@ -158,15 +161,20 @@ while [ -n "$1" ]; do # while loop starts
-h) echo "Usage:"
echo "k3d-dev.sh -b -p -m -a -d -h"
echo ""
- echo " -b use BIG M5 instance. Default is t3.2xlarge"
+ echo " -b use BIG M5 instance. Default is m5a.4xlarge"
echo " -p use private IP for security group and k3d cluster"
echo " -m create k3d cluster with metalLB"
echo " -a attach secondary Public IP (overrides -p and -m flags)"
echo " -d destroy related AWS resources"
+ echo " -w install the weave CNI instead of the default flannel CNI"
echo " -h output help"
exit 0
;;
+ -w) echo "-w option passed to use Weave CNI"
+ USE_WEAVE=true
+ ;;
+
*) echo "Option $1 not recognized" ;; # In case a non-existent option is submitted
esac
@@ -548,12 +556,15 @@ if [[ $K3S_IMAGE_TAG ]]; then
k3d_command+=" --image docker.io/rancher/k3s:$K3S_IMAGE_TAG"
fi
+# create docker network for k3d cluster
+echo "creating docker network for k3d cluster"
+run "docker network remove k3d-network"
+run "docker network create k3d-network --driver=bridge --subnet=172.20.0.0/16 --gateway 172.20.0.1"
+k3d_command+=" --network k3d-network"
+
# Add MetalLB specific k3d config
if [[ "$METAL_LB" == true || "$ATTACH_SECONDARY_IP" == true ]]; then
- # create docker network for k3d cluster
- echo "creating docker network for k3d cluster"
- run "docker network create k3d-network --driver=bridge --subnet=172.20.0.0/16 --gateway 172.20.0.1"
- k3d_command+=" --k3s-arg \"--disable=servicelb@server:0\" --network k3d-network"
+ k3d_command+=" --k3s-arg \"--disable=servicelb@server:0\""
fi
# Add Public/Private IP specific k3d config
@@ -565,6 +576,30 @@ else
k3d_command+=" --k3s-arg \"--tls-san=${PublicIP}@server:0\""
fi
+# use weave instead of flannel -- helps with large installs
+# we match the 172.x subnets used by CI for consistency
+if [[ "$USE_WEAVE" == true ]]; then
+
+ run "if [[ ! -f /opt/cni/bin/loopback ]]; then sudo mkdir -p /opt/cni/bin && sudo curl -s -L https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz | sudo tar xvz -C /opt/cni/bin; fi"
+
+ scp -i ~/.ssh/${KeyName}.pem -o StrictHostKeyChecking=no -o IdentitiesOnly=yes ${SCRIPT_DIR}/weave/* ubuntu@${PublicIP}:/tmp/
+
+ # network settings
+ k3d_command+=" --k3s-arg \"--flannel-backend=none@server:*\""
+ k3d_command+=" --k3s-arg \"--disable-network-policy@server:*\""
+ k3d_command+=" --k3s-arg \"--cluster-cidr=172.21.0.0/16@server:*\""
+ k3d_command+=" --k3s-arg \"--service-cidr=172.20.0.0/16@server:*\""
+ k3d_command+=" --k3s-arg \"--cluster-dns=172.20.0.10@server:*\""
+
+ # volume mounts
+ k3d_command+=" --volume \"/tmp/weave.yaml:/var/lib/rancher/k3s/server/manifests/weave.yaml@server:*\""
+ k3d_command+=" --volume /tmp/machine-id-server-0:/etc/machine-id@server:0"
+ k3d_command+=" --volume /tmp/machine-id-agent-0:/etc/machine-id@agent:0"
+ k3d_command+=" --volume /tmp/machine-id-agent-1:/etc/machine-id@agent:1"
+ k3d_command+=" --volume /tmp/machine-id-agent-2:/etc/machine-id@agent:2"
+ k3d_command+=" --volume /opt/cni/bin:/opt/cni/bin@all:*"
+fi
+
# Create k3d cluster
echo "Creating k3d cluster with command: ${k3d_command}"
run "${k3d_command}"
diff --git a/docs/assets/scripts/developer/weave/README-weave.md b/docs/assets/scripts/developer/weave/README-weave.md
new file mode 100644
index 0000000000000000000000000000000000000000..ee4d2a79b4e557571fa9770754ff89d36e5047d4
--- /dev/null
+++ b/docs/assets/scripts/developer/weave/README-weave.md
@@ -0,0 +1,17 @@
+# K3d
+
+```
+curl -L https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml -O > weave.yaml
+```
+
+Weave expects `/etc/machine-id` to be a file, and each k3d node needs to have a unique value in this file.
+
+BB k3d uses the 172.21.0.0/16 cidr subnet for pods, so `IPALLOC_RANGE` needs to match:
+
+```
+ containers:
+ - name: weave
+ env:
+ - name: IPALLOC_RANGE
+ value: "172.21.0.0/16"
+```
diff --git a/docs/assets/scripts/developer/weave/machine-id-agent-0 b/docs/assets/scripts/developer/weave/machine-id-agent-0
new file mode 100644
index 0000000000000000000000000000000000000000..3fea3c1afd536277de9083218fd03e7a8ea9c858
--- /dev/null
+++ b/docs/assets/scripts/developer/weave/machine-id-agent-0
@@ -0,0 +1 @@
+242892d11ac2521aac3d2ad864baaa22
diff --git a/docs/assets/scripts/developer/weave/machine-id-agent-1 b/docs/assets/scripts/developer/weave/machine-id-agent-1
new file mode 100644
index 0000000000000000000000000000000000000000..701baa2381b01e8254be0572eab122b237ee8309
--- /dev/null
+++ b/docs/assets/scripts/developer/weave/machine-id-agent-1
@@ -0,0 +1 @@
+242892d11ac2521aac3d2ad864baaa23
diff --git a/docs/assets/scripts/developer/weave/machine-id-agent-2 b/docs/assets/scripts/developer/weave/machine-id-agent-2
new file mode 100644
index 0000000000000000000000000000000000000000..819a7199f0d863be48aa5d6a8d11a89dd02dd820
--- /dev/null
+++ b/docs/assets/scripts/developer/weave/machine-id-agent-2
@@ -0,0 +1 @@
+242892d11ac2521aac3d2ad864baaa24
diff --git a/docs/assets/scripts/developer/weave/machine-id-server-0 b/docs/assets/scripts/developer/weave/machine-id-server-0
new file mode 100644
index 0000000000000000000000000000000000000000..a9578ff130f542ed1c2c24d8f2fe1293ed96179f
--- /dev/null
+++ b/docs/assets/scripts/developer/weave/machine-id-server-0
@@ -0,0 +1 @@
+242892d11ac2521aac3d2ad864baaa21
diff --git a/docs/assets/scripts/developer/weave/weave.yaml b/docs/assets/scripts/developer/weave/weave.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..dcc6bec3fe85fa670d27a683535c7038d2c99444
--- /dev/null
+++ b/docs/assets/scripts/developer/weave/weave.yaml
@@ -0,0 +1,239 @@
+apiVersion: v1
+kind: List
+items:
+ - apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: weave-net
+ labels:
+ name: weave-net
+ namespace: kube-system
+ - apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: weave-net
+ labels:
+ name: weave-net
+ rules:
+ - apiGroups:
+ - ''
+ resources:
+ - pods
+ - namespaces
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ resources:
+ - networkpolicies
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - 'networking.k8s.io'
+ resources:
+ - networkpolicies
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ''
+ resources:
+ - nodes/status
+ verbs:
+ - patch
+ - update
+ - apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ name: weave-net
+ labels:
+ name: weave-net
+ roleRef:
+ kind: ClusterRole
+ name: weave-net
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: ServiceAccount
+ name: weave-net
+ namespace: kube-system
+ - apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ name: weave-net
+ namespace: kube-system
+ labels:
+ name: weave-net
+ rules:
+ - apiGroups:
+ - ''
+ resources:
+ - configmaps
+ resourceNames:
+ - weave-net
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ''
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: weave-net
+ namespace: kube-system
+ labels:
+ name: weave-net
+ roleRef:
+ kind: Role
+ name: weave-net
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: ServiceAccount
+ name: weave-net
+ namespace: kube-system
+ - apiVersion: apps/v1
+ kind: DaemonSet
+ metadata:
+ name: weave-net
+ labels:
+ name: weave-net
+ namespace: kube-system
+ spec:
+ # Wait 5 seconds to let pod connect before rolling next pod
+ selector:
+ matchLabels:
+ name: weave-net
+ minReadySeconds: 5
+ template:
+ metadata:
+ labels:
+ name: weave-net
+ spec:
+ initContainers:
+ - name: weave-init
+ image: 'weaveworks/weave-kube:latest'
+ imagePullPolicy: Always
+ command:
+ - /home/weave/init.sh
+ env:
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: cni-bin
+ mountPath: /host/opt
+ - name: cni-bin2
+ mountPath: /host/home
+ - name: cni-conf
+ mountPath: /host/etc
+ - name: lib-modules
+ mountPath: /lib/modules
+ - name: xtables-lock
+ mountPath: /run/xtables.lock
+ readOnly: false
+ containers:
+ - name: weave
+ command:
+ - /home/weave/launch.sh
+ env:
+ - name: IPALLOC_RANGE
+ value: "172.21.0.0/16"
+ - name: INIT_CONTAINER
+ value: "true"
+ - name: HOSTNAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ image: 'weaveworks/weave-kube:latest'
+ imagePullPolicy: Always
+ readinessProbe:
+ httpGet:
+ host: 127.0.0.1
+ path: /status
+ port: 6784
+ resources:
+ requests:
+ cpu: 50m
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: weavedb
+ mountPath: /weavedb
+ - name: dbus
+ mountPath: /host/var/lib/dbus
+ readOnly: true
+ - mountPath: /host/etc/machine-id
+ name: cni-machine-id
+ readOnly: true
+ - name: xtables-lock
+ mountPath: /run/xtables.lock
+ readOnly: false
+ - name: weave-npc
+ env:
+ - name: HOSTNAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ image: 'weaveworks/weave-npc:latest'
+ imagePullPolicy: Always
+#npc-args
+ resources:
+ requests:
+ cpu: 50m
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: xtables-lock
+ mountPath: /run/xtables.lock
+ readOnly: false
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ hostPID: false
+ restartPolicy: Always
+ securityContext:
+ seLinuxOptions: {}
+ serviceAccountName: weave-net
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
+ - effect: NoExecute
+ operator: Exists
+ volumes:
+ - name: weavedb
+ hostPath:
+ path: /var/lib/weave
+ - name: cni-bin
+ hostPath:
+ path: /opt
+ - name: cni-bin2
+ hostPath:
+ path: /home
+ - name: cni-conf
+ hostPath:
+ path: /etc
+ - name: cni-machine-id
+ hostPath:
+ path: /etc/machine-id
+ - name: dbus
+ hostPath:
+ path: /var/lib/dbus
+ - name: lib-modules
+ hostPath:
+ path: /lib/modules
+ - name: xtables-lock
+ hostPath:
+ path: /run/xtables.lock
+ type: FileOrCreate
+ priorityClassName: system-node-critical
+ updateStrategy:
+ type: RollingUpdate