richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6466 Commits
33 Branches
82 Tags
153 MiB
Tree: 593359ec77
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '593359ec77'
${ noResults }
kubespray/roles/network_plugin/calico/tasks/check.yml

185 lines
6.6 KiB
Raw Normal View History

calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix ansible syntax to avoid ansible warnings (one more) (#3536) * warning on meta flush_handlers * avoid rm * avoid "Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually" warning on subsequent tasks using blockinfile * is match
6 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
5 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
5 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
5 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
5 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
5 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
missing "check_mode: no"s for several read-only tasks (#8584) this is not complete -- there are almost certainly more instances of this issue
3 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
calico_pool_blocksize must be cast as well in assertion when defined (#8321) * calico_pool_blocksize must be cast as string in assertion when defined * Cast as int rather than string
3 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Calico: fixup check when ipipMode / vxlanMode is not present (#7195) calicoctl.sh get ipPool default-pool -o json { "kind": "IPPool", "apiVersion": "projectcalico.org/v3", "metadata": { "name": "default-pool", ... }, "spec": { "cidr": "10.233.64.0/18", "ipipMode": "Always", "natOutgoing": true, "blockSize": 24, "nodeSelector": "all()" } } Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
calico: check if inventory settings match cluster settings (#6969) If some settings were changed from the default but not commited into an inventory repo, we risk breaking the cluster / cause downtime, so add some extra checks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
[calico] add calico apiserver (#8690) * [calico] add calico apiserver * fix yamllint * remove addext argument * Configure API server with the CA bundle * add check kdd
2 years ago
[calico] call calico checks early on to prevent altering the cluster with bad configuration (#8707)
2 years ago
check calico ipv6 (#8738) * check calico ipv6 * just check ipip mode for ipv6
2 years ago
  1. ---
  2. - name: Stop if legacy encapsulation variables are detected (ipip)
  3. assert:
  4. that:
  5. - ipip is not defined
  6. msg: "'ipip' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs"
  7. run_once: True
  8. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  10. - name: Stop if legacy encapsulation variables are detected (ipip_mode)
  11. assert:
  12. that:
  13. - ipip_mode is not defined
  14. msg: "'ipip_mode' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs"
  15. run_once: True
  16. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  18. - name: Stop if incompatible network plugin and cloudprovider
  19. assert:
  20. that:
  21. - calico_ipip_mode == 'Never'
  22. - calico_vxlan_mode in ['Always', 'CrossSubnet']
  23. msg: "When using cloud_provider azure and network_plugin calico calico_ipip_mode must be 'Never' and calico_vxlan_mode 'Always' or 'CrossSubnet'"
  24. when:
  25. - cloud_provider is defined and cloud_provider == 'azure'
  26. run_once: True
  27. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  29. - name: Stop if supported Calico versions
  30. assert:
  31. that:
  32. - "calico_version in calico_crds_archive_checksums.keys()"
  33. msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.keys() }}"
  34. run_once: True
  35. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  37. - name: Get current calico cluster version
  38. shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'"
  39. args:
  40. executable: /bin/bash
  41. register: calico_version_on_server
  42. async: 10
  43. poll: 3
  44. run_once: True
  45. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  46. changed_when: false
  47. failed_when: false
  49. - name: Check that current calico version is enough for upgrade
  50. assert:
  51. that:
  52. - calico_version_on_server.stdout is version(calico_min_version_required, '>=')
  53. msg: >
  54. Your version of calico is not fresh enough for upgrade.
  55. Minimum version is {{ calico_min_version_required }} supported by the previous kubespray release.
  56. when:
  57. - 'calico_version_on_server.stdout is defined'
  58. - calico_version_on_server.stdout
  59. - inventory_hostname == groups['kube_control_plane'][0]
  60. run_once: True
  61. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  63. - name: "Check that cluster_id is set if calico_rr enabled"
  64. assert:
  65. that:
  66. - cluster_id is defined
  67. msg: "A unique cluster_id is required if using calico_rr"
  68. when:
  69. - peer_with_calico_rr
  70. - inventory_hostname == groups['kube_control_plane'][0]
  71. run_once: True
  72. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  74. - name: "Check that calico_rr nodes are in k8s_cluster group"
  75. assert:
  76. that:
  77. - '"k8s_cluster" in group_names'
  78. msg: "calico_rr must be a child group of k8s_cluster group"
  79. when:
  80. - '"calico_rr" in group_names'
  81. run_once: True
  82. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  84. - name: "Check vars defined correctly"
  85. assert:
  86. that:
  87. - "calico_pool_name is defined"
  88. - "calico_pool_name is match('^[a-zA-Z0-9-_\\\\.]{2,63}$')"
  89. msg: "calico_pool_name contains invalid characters"
  90. run_once: True
  91. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  93. - name: "Check calico network backend defined correctly"
  94. assert:
  95. that:
  96. - "calico_network_backend in ['bird', 'vxlan', 'none']"
  97. msg: "calico network backend is not 'bird', 'vxlan' or 'none'"
  98. run_once: True
  99. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  101. - name: "Check ipip and vxlan mode defined correctly"
  102. assert:
  103. that:
  104. - "calico_ipip_mode in ['Always', 'CrossSubnet', 'Never']"
  105. - "calico_vxlan_mode in ['Always', 'CrossSubnet', 'Never']"
  106. msg: "calico inter host encapsulation mode is not 'Always', 'CrossSubnet' or 'Never'"
  107. run_once: True
  108. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  110. - name: "Check ipip and vxlan mode if simultaneously enabled"
  111. assert:
  112. that:
  113. - "calico_vxlan_mode in ['Never']"
  114. msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
  115. when:
  116. - "calico_ipip_mode in ['Always', 'CrossSubnet']"
  117. run_once: True
  118. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  120. - name: "Check ipip and vxlan mode if simultaneously enabled"
  121. assert:
  122. that:
  123. - "calico_ipip_mode in ['Never']"
  124. msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
  125. when:
  126. - "calico_vxlan_mode in ['Always', 'CrossSubnet']"
  127. run_once: True
  128. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  130. - name: "Get Calico {{ calico_pool_name }} configuration"
  131. command: calicoctl.sh get ipPool {{ calico_pool_name }} -o json
  132. failed_when: False
  133. changed_when: False
  134. check_mode: no
  135. register: calico
  136. run_once: True
  137. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  139. - name: "Set calico_pool_conf"
  140. set_fact:
  141. calico_pool_conf: '{{ calico.stdout | from_json }}'
  142. when: calico.rc == 0 and calico.stdout
  143. run_once: True
  144. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  146. - name: "Check if inventory match current cluster configuration"
  147. assert:
  148. that:
  149. - calico_pool_conf.spec.blockSize|int == (calico_pool_blocksize | default(kube_network_node_prefix) | int)
  150. - calico_pool_conf.spec.cidr == (calico_pool_cidr | default(kube_pods_subnet))
  151. - not calico_pool_conf.spec.ipipMode is defined or calico_pool_conf.spec.ipipMode == calico_ipip_mode
  152. - not calico_pool_conf.spec.vxlanMode is defined or calico_pool_conf.spec.vxlanMode == calico_vxlan_mode
  153. msg: "Your inventory doesn't match the current cluster configuration"
  154. when:
  155. - calico_pool_conf is defined
  156. run_once: True
  157. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  159. - name: "Check kdd calico_datastore if calico_apiserver_enabled"
  160. assert:
  161. that: calico_datastore == "kdd"
  162. msg: "When using calico apiserver you need to use the kubernetes datastore"
  163. when:
  164. - calico_apiserver_enabled
  165. run_once: True
  166. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  168. - name: "Check kdd calico_datastore if typha_enabled"
  169. assert:
  170. that: calico_datastore == "kdd"
  171. msg: "When using typha you need to use the kubernetes datastore"
  172. when:
  173. - typha_enabled
  174. run_once: True
  175. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  177. - name: "Check ipip mode is Nerver for calco ipv6"
  178. assert:
  179. that:
  180. - "calico_ipip_mode_ipv6 in ['Never']"
  181. msg: "Calico doesn't support ipip tunneling for the IPv6"
  182. when:
  183. - enable_dual_stack_networks
  184. run_once: True
  185. delegate_to: "{{ groups['kube_control_plane'][0] }}"