diff --git a/contrib/gce/cloud-init/master.yaml b/contrib/gce/cloud-init/master.yaml index b7f2692fb..23b2e3491 100644 --- a/contrib/gce/cloud-init/master.yaml +++ b/contrib/gce/cloud-init/master.yaml @@ -38,7 +38,8 @@ write_files: enable_tls_streaming = true [plugins.cri.cni] bin_dir = "/home/containerd/opt/cni/bin" - conf_dir = "/home/containerd/etc/cni/net.d" + conf_dir = "/etc/cni/net.d" + conf_template = "/home/containerd/opt/containerd/cluster/gce/cni.template" [plugins.cri.registry.mirrors."docker.io"] endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"] diff --git a/contrib/gce/cloud-init/node.yaml b/contrib/gce/cloud-init/node.yaml index 2428fd85f..e44a4a6a5 100644 --- a/contrib/gce/cloud-init/node.yaml +++ b/contrib/gce/cloud-init/node.yaml @@ -35,8 +35,9 @@ write_files: [plugins.cri] enable_tls_streaming = true [plugins.cri.cni] - bin_dir = "/home/kubernetes/bin" + bin_dir = "/home/containerd/opt/cni/bin" conf_dir = "/etc/cni/net.d" + conf_template = "/home/containerd/opt/containerd/cluster/gce/cni.template" [plugins.cri.registry.mirrors."docker.io"] endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"] diff --git a/contrib/gce/cni.template b/contrib/gce/cni.template new file mode 100644 index 000000000..50a2ed424 --- /dev/null +++ b/contrib/gce/cni.template @@ -0,0 +1,24 @@ +{ + "name": "k8s-pod-network", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "ptp", + "mtu": 1460, + "ipam": { + "type": "host-local", + "subnet": "{{.PodCIDR}}", + "routes": [ + {"dst": "0.0.0.0/0"} + ] + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + }, + "noSnat": true + } + ] +} diff --git a/contrib/gce/env b/contrib/gce/env index 3d197933a..201bc58f1 100644 --- a/contrib/gce/env +++ b/contrib/gce/env @@ -13,7 +13,7 @@ export KUBE_NODE_EXTRA_METADATA="user-data=${GCE_DIR}/cloud-init/node.yaml,conta export KUBE_CONTAINER_RUNTIME="remote" export KUBE_CONTAINER_RUNTIME_ENDPOINT="/run/containerd/containerd.sock" export KUBE_LOAD_IMAGE_COMMAND="/home/containerd/usr/local/bin/ctr cri load" -export NETWORK_POLICY_PROVIDER="calico" +export NETWORK_PROVIDER="" export NON_MASQUERADE_CIDR="0.0.0.0/0" export KUBE_KUBELET_EXTRA_ARGS="--runtime-cgroups=/system.slice/containerd.service" export KUBE_FEATURE_GATES="ExperimentalCriticalPodAnnotation=true,CRIContainerLogRotation=true"