richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7837 Commits
29 Branches
81 Tags
151 MiB
Tree: 1fa4bb733d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1fa4bb733d'
${ noResults }
kubespray/roles/network_plugin/calico/tasks/check.yml

208 lines
7.6 KiB
Raw Normal View History

calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Fix some typo (#9056) * fix ingress controller task name * fix calico word * add check typo
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
Fix some typo (#9056) * fix ingress controller task name * fix calico word * add check typo
2 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Fix Get current calico version (#9873) Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
1 year ago
Update check calico version command (#9861)
1 year ago
Fix Get current calico version (#9873) Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
1 year ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Add Retry for Checking calico exists (#9883) Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
1 year ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
Add Retry for Checking calico exists (#9883) Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
1 year ago
Fix Get current calico version (#9873) Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
1 year ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
project: resolve ansible-lint key-order rule (#10314) Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
Update check calico version command (#9861)
1 year ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Add additional checking for calico rr cluster_id (#11112) Signed-off-by: tu1h <lihai.tu@daocloud.io>
7 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Add additional checking for calico rr cluster_id (#11112) Signed-off-by: tu1h <lihai.tu@daocloud.io>
7 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix ansible syntax to avoid ansible warnings (one more) (#3536) * warning on meta flush_handlers * avoid rm * avoid "Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually" warning on subsequent tasks using blockinfile * is match
6 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
4 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
4 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
4 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
project: resolve ansible-lint key-order rule (#10314) Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
4 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
4 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
Fix abort because calicoctl.sh is not a full path (#9217)
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
Disable podCIDR allocation from control-plane when using calico (#10639) * Disable control plane allocating podCIDR for nodes when using calico Calico does not use the .spec.podCIDR field for its IP address management. Furthermore, it can false positives from the kube controller manager if kube_network_node_prefix and calico_pool_blocksize are unaligned, which is the case with the default shipped by kubespray. If the subnets obtained from using kube_network_node_prefix are bigger, this would result at some point in the control plane thinking it does not have subnets left for a new node, while calico will work without problems. Explicitely set a default value of false for calico_ipam_host_local to facilitate its use in templates. * Don't default to kube_network_node_prefix for calico_pool_blocksize They have different semantics: kube_network_node_prefix is intended to be the size of the subnet for all pods on a node, while there can be more than on calico block of the specified size (they are allocated on demand). Besides, this commit does not actually change anything, because the current code is buggy: we don't ever default to kube_network_node_prefix, since the variable is defined in the role defaults.
11 months ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
Calico: fixup check when ipipMode / vxlanMode is not present (#7195) calicoctl.sh get ipPool default-pool -o json { "kind": "IPPool", "apiVersion": "projectcalico.org/v3", "metadata": { "name": "default-pool", ... }, "spec": { "cidr": "10.233.64.0/18", "ipipMode": "Always", "natOutgoing": true, "blockSize": 24, "nodeSelector": "all()" } } Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
check calico ipv6 (#8738) * check calico ipv6 * just check ipip mode for ipv6
2 years ago
Fix typo in calico check (#8969)
2 years ago
check calico ipv6 (#8738) * check calico ipv6 * just check ipip mode for ipv6
2 years ago
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks
3 months ago
check calico ipv6 (#8738) * check calico ipv6 * just check ipip mode for ipv6
2 years ago
  1. ---
  2. - name: Stop if legacy encapsulation variables are detected (ipip)
  3. assert:
  4. that:
  5. - ipip is not defined
  6. msg: "'ipip' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs"
  7. run_once: true
  8. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  10. - name: Stop if legacy encapsulation variables are detected (ipip_mode)
  11. assert:
  12. that:
  13. - ipip_mode is not defined
  14. msg: "'ipip_mode' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs"
  15. run_once: true
  16. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  18. - name: Stop if legacy encapsulation variables are detected (calcio_ipam_autoallocateblocks)
  19. assert:
  20. that:
  21. - calcio_ipam_autoallocateblocks is not defined
  22. msg: "'calcio_ipam_autoallocateblocks' configuration variable is deprecated, it's a typo, please configure your inventory with 'calico_ipam_autoallocateblocks' set to 'true' or 'false' according to your specific needs"
  23. run_once: true
  24. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  27. - name: Stop if incompatible network plugin and cloudprovider
  28. assert:
  29. that:
  30. - calico_ipip_mode == 'Never'
  31. - calico_vxlan_mode in ['Always', 'CrossSubnet']
  32. msg: "When using cloud_provider azure and network_plugin calico calico_ipip_mode must be 'Never' and calico_vxlan_mode 'Always' or 'CrossSubnet'"
  33. when:
  34. - cloud_provider is defined and cloud_provider == 'azure'
  35. run_once: true
  36. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  38. - name: Stop if supported Calico versions
  39. assert:
  40. that:
  41. - "calico_version in calico_crds_archive_checksums.keys()"
  42. msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.keys() }}"
  43. run_once: true
  44. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  46. - name: Check if calicoctl.sh exists
  47. stat:
  48. path: "{{ bin_dir }}/calicoctl.sh"
  49. register: calicoctl_sh_exists
  50. run_once: true
  51. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  53. - name: Check if calico ready
  54. command: "{{ bin_dir }}/calicoctl.sh get ClusterInformation default"
  55. register: calico_ready
  56. run_once: true
  57. ignore_errors: true
  58. retries: 5
  59. delay: 10
  60. until: calico_ready.rc == 0
  61. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  62. when: calicoctl_sh_exists.stat.exists
  64. - name: Check that current calico version is enough for upgrade
  65. run_once: true
  66. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  67. when: calicoctl_sh_exists.stat.exists and calico_ready.rc == 0
  68. block:
  69. - name: Get current calico version
  70. shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Client Version:' | awk '{ print $3}'"
  71. args:
  72. executable: /bin/bash
  73. register: calico_version_on_server
  74. changed_when: false
  76. - name: Assert that current calico version is enough for upgrade
  77. assert:
  78. that:
  79. - calico_version_on_server.stdout is version(calico_min_version_required, '>=')
  80. msg: >
  81. Your version of calico is not fresh enough for upgrade.
  82. Minimum version is {{ calico_min_version_required }} supported by the previous kubespray release.
  83. But current version is {{ calico_version_on_server.stdout }}.
  85. - name: "Check that cluster_id is set and a valid IPv4 address if calico_rr enabled"
  86. assert:
  87. that:
  88. - cluster_id is defined
  89. - cluster_id is ansible.utils.ipv4
  90. msg: "A unique cluster_id is required if using calico_rr, and it must be a valid IPv4 address"
  91. when:
  92. - peer_with_calico_rr
  93. - inventory_hostname == groups['kube_control_plane'][0]
  94. run_once: true
  95. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  97. - name: "Check that calico_rr nodes are in k8s_cluster group"
  98. assert:
  99. that:
  100. - '"k8s_cluster" in group_names'
  101. msg: "calico_rr must be a child group of k8s_cluster group"
  102. when:
  103. - '"calico_rr" in group_names'
  104. run_once: true
  105. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  107. - name: "Check vars defined correctly"
  108. assert:
  109. that:
  110. - "calico_pool_name is defined"
  111. - "calico_pool_name is match('^[a-zA-Z0-9-_\\\\.]{2,63}$')"
  112. msg: "calico_pool_name contains invalid characters"
  113. run_once: true
  114. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  116. - name: "Check calico network backend defined correctly"
  117. assert:
  118. that:
  119. - "calico_network_backend in ['bird', 'vxlan', 'none']"
  120. msg: "calico network backend is not 'bird', 'vxlan' or 'none'"
  121. run_once: true
  122. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  124. - name: "Check ipip and vxlan mode defined correctly"
  125. run_once: true
  126. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  127. assert:
  128. that:
  129. - "calico_ipip_mode in ['Always', 'CrossSubnet', 'Never']"
  130. - "calico_vxlan_mode in ['Always', 'CrossSubnet', 'Never']"
  131. msg: "calico inter host encapsulation mode is not 'Always', 'CrossSubnet' or 'Never'"
  133. - name: "Check ipip and vxlan mode if simultaneously enabled"
  134. assert:
  135. that:
  136. - "calico_vxlan_mode in ['Never']"
  137. msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
  138. when:
  139. - "calico_ipip_mode in ['Always', 'CrossSubnet']"
  140. run_once: true
  141. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  143. - name: "Check ipip and vxlan mode if simultaneously enabled"
  144. assert:
  145. that:
  146. - "calico_ipip_mode in ['Never']"
  147. msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
  148. when:
  149. - "calico_vxlan_mode in ['Always', 'CrossSubnet']"
  150. run_once: true
  151. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  153. - name: "Get Calico {{ calico_pool_name }} configuration"
  154. command: "{{ bin_dir }}/calicoctl.sh get ipPool {{ calico_pool_name }} -o json"
  155. failed_when: false
  156. changed_when: false
  157. check_mode: false
  158. register: calico
  159. run_once: true
  160. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  162. - name: "Set calico_pool_conf"
  163. set_fact:
  164. calico_pool_conf: '{{ calico.stdout | from_json }}'
  165. when: calico.rc == 0 and calico.stdout
  166. run_once: true
  167. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  169. - name: "Check if inventory match current cluster configuration"
  170. assert:
  171. that:
  172. - calico_pool_conf.spec.blockSize | int == calico_pool_blocksize | int
  173. - calico_pool_conf.spec.cidr == (calico_pool_cidr | default(kube_pods_subnet))
  174. - not calico_pool_conf.spec.ipipMode is defined or calico_pool_conf.spec.ipipMode == calico_ipip_mode
  175. - not calico_pool_conf.spec.vxlanMode is defined or calico_pool_conf.spec.vxlanMode == calico_vxlan_mode
  176. msg: "Your inventory doesn't match the current cluster configuration"
  177. when:
  178. - calico_pool_conf is defined
  179. run_once: true
  180. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  182. - name: "Check kdd calico_datastore if calico_apiserver_enabled"
  183. assert:
  184. that: calico_datastore == "kdd"
  185. msg: "When using calico apiserver you need to use the kubernetes datastore"
  186. when:
  187. - calico_apiserver_enabled
  188. run_once: true
  189. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  191. - name: "Check kdd calico_datastore if typha_enabled"
  192. assert:
  193. that: calico_datastore == "kdd"
  194. msg: "When using typha you need to use the kubernetes datastore"
  195. when:
  196. - typha_enabled
  197. run_once: true
  198. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  200. - name: "Check ipip mode is Never for calico ipv6"
  201. assert:
  202. that:
  203. - "calico_ipip_mode_ipv6 in ['Never']"
  204. msg: "Calico doesn't support ipip tunneling for the IPv6"
  205. when:
  206. - enable_dual_stack_networks
  207. run_once: true
  208. delegate_to: "{{ groups['kube_control_plane'][0] }}"