Merge pull request #880 from bradbeam/weave-kube

Weave kube

.gitlab-ci.yml

@@ -54,6 +54,7 @@ before_script:
   LOG_LEVEL: "-vv"
   ETCD_DEPLOYMENT: "docker"
   KUBELET_DEPLOYMENT: "docker"
+  WEAVE_CPU_LIMIT: "100m"
   MAGIC: "ci check this"
 
 .gce: &gce
@@ -114,6 +115,8 @@ before_script:
       -e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
       -e local_release_dir=${PWD}/downloads
       -e resolvconf_mode=${RESOLVCONF_MODE}
+      -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
+      -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
       cluster.yml
 
 

roles/download/defaults/main.yml

@@ -23,16 +23,14 @@ etcd_version: v3.0.6
 # after migration to container download
 calico_version: "v1.0.0"
 calico_cni_version: "v1.5.5"
-weave_version: v1.6.1
+weave_version: 1.8.2
 flannel_version: v0.6.2
 pod_infra_version: 3.0
 
 # Download URL's
 etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
-weave_download_url: "https://storage.googleapis.com/kargo/{{weave_version}}_weave"
 
 # Checksums
-weave_checksum: "9bf9d6e5a839e7bcbb28cc00c7acae9d09284faa3e7a3720ca9c2b9e93c68580"
 etcd_checksum: "385afd518f93e3005510b7aaa04d38ee4a39f06f5152cd33bb86d4f0c94c7485"
 
 # Containers
@@ -66,6 +64,10 @@ netcheck_kubectl_tag: v0.18.0-120-gaeb4ac55ad12b1-dirty
 netcheck_agent_img_repo: "quay.io/l23network/mcp-netchecker-agent"
 netcheck_server_img_repo: "quay.io/l23network/mcp-netchecker-server"
 netcheck_kubectl_img_repo: "gcr.io/google_containers/kubectl"
+weave_kube_image_repo: "weaveworks/weave-kube"
+weave_kube_image_tag: "{{ weave_version }}"
+weave_npc_image_repo: "weaveworks/weave-npc"
+weave_npc_image_tag: "{{ weave_version }}"
 
 nginx_image_repo: nginx
 nginx_image_tag: 1.11.4-alpine
@@ -100,15 +102,6 @@ downloads:
     tag: "{{ netcheck_kubectl_tag }}"
     sha256: "{{ netcheck_kubectl_digest_checksum|default(None) }}"
     enabled: "{{ deploy_netchecker|bool }}"
-  weave:
-    dest: weave/bin/weave
-    version: "{{weave_version}}"
-    source_url: "{{weave_download_url}}"
-    url: "{{weave_download_url}}"
-    sha256: "{{ weave_checksum }}"
-    owner: "root"
-    mode: "0755"
-    enabled: "{{ kube_network_plugin == 'weave' }}"
   etcd:
     version: "{{etcd_version}}"
     dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
@@ -163,6 +156,18 @@ downloads:
     tag: "{{ calico_rr_image_tag }}"
     sha256: "{{ calico_rr_digest_checksum|default(None) }}"
     enabled: "{{ peer_with_calico_rr is defined and peer_with_calico_rr}} and kube_network_plugin == 'calico'"
+  weave_kube:
+    container: true
+    repo: "{{ weave_kube_image_repo }}"
+    tag: "{{ weave_kube_image_tag }}"
+    sha256: "{{ weave_kube_digest_checksum|default(None) }}"
+    enabled: "{{ kube_network_plugin == 'weave' }}"
+  weave_npc:
+    container: true
+    repo: "{{ weave_npc_image_repo }}"
+    tag: "{{ weave_npc_image_tag }}"
+    sha256: "{{ weave_npc_digest_checksum|default(None) }}"
+    enabled: "{{ kube_network_plugin == 'weave' }}"
   pod_infra:
     container: true
     repo: "{{ pod_infra_image_repo }}"

roles/kubernetes-apps/network_plugin/meta/main.yml

@@ -3,3 +3,6 @@ dependencies:
  - role: kubernetes-apps/network_plugin/canal
    when: kube_network_plugin == 'canal'
    tags: canal
+ - role: kubernetes-apps/network_plugin/weave
+   when: kube_network_plugin == 'weave'
+   tags: weave

roles/kubernetes-apps/network_plugin/weave/tasks/main.yml

@@ -0,0 +1,24 @@
+- name: Weave | Start Resources
+  run_once: true
+  kube:
+    name: "weave-kube"
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/weave-kube.yml"
+    resource: "ds"
+    namespace: "{{system_namespace}}"
+    state: "{{ item | ternary('latest','present') }}"
+  with_items: "{{ weave_manifest.changed }}"
+
+
+- name: "Weave | wait for weave to become available"
+  uri:
+    url: http://127.0.0.1:6784/status
+    return_content: yes
+  register: weave_status
+  retries: 10
+  delay: "{{ retry_stagger | random + 3 }}"
+  until: weave_status.status == 200
+
+- name: "Weave | check if weave is ready"
+  fail:
+  when: "'Status: ready' not in weave_status.content"

roles/network_plugin/weave/defaults/main.yml

@@ -2,3 +2,5 @@
 # Limits
 weave_memory_limit: 500M
 weave_cpu_limit: 300m
+weave_memory_requests: 300M
+weave_cpu_requests: 200m

roles/network_plugin/weave/handlers/main.yml

@@ -1,36 +0,0 @@
----
-- name: restart weave
-  command: /bin/true
-  notify:
-    - Weave | reload systemd
-    - reload weave
-
-- name : Weave | reload systemd
-  shell: systemctl daemon-reload
-
-- name: restart weaveproxy
-  command: /bin/true
-  notify:
-    - Weave | reload systemd
-    - reload weaveproxy
-
-- name: restart weaveexpose
-  command: /bin/true
-  notify:
-    - Weave | reload systemd
-    - reload weaveexpose
-
-- name: reload weave
-  service:
-    name: weave
-    state: restarted
-
-- name: reload weaveproxy
-  service:
-    name: weaveproxy
-    state: restarted
-
-- name: reload weaveexpose
-  service:
-    name: weaveexpose
-    state: restarted

roles/network_plugin/weave/meta/main.yml

@@ -1,5 +1,8 @@
 ---
 dependencies:
   - role: download
-    file: "{{ downloads.weave }}"
+    file: "{{ downloads.weave_kube }}"
+    tags: download
+  - role: download
+    file: "{{ downloads.weave_npc }}"
     tags: download

roles/network_plugin/weave/tasks/main.yml

@@ -8,46 +8,8 @@
   changed_when: false
   tags: [hyperkube, upgrade]
 
-- name: Weave | Install weave
-  command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave"
-  changed_when: false
-
-- name: Weave | pull weave images
-  shell: "{{ bin_dir }}/weave setup"
-  changed_when: false
-
-- name: Weave | set perms
-  file: path="{{ bin_dir }}/weave" mode=0755 state=file
-
-- name: Weave | Set options
+- name: Weave | Create weave-kube manifest
   template:
-    src: weave.j2
-    dest: "/etc/weave.env"
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - restart weave
-
-- name: Weave | Write weave systemd init file
-  template: src=weave.service.j2 dest=/etc/systemd/system/weave.service
-  notify: restart weave
-
-- name: Weave | Write weaveproxy systemd init file
-  template: src=weaveproxy.service.j2 dest=/etc/systemd/system/weaveproxy.service
-  notify: restart weaveproxy
-
-- name: Weave | Write weaveexpose systemd init file
-  template: src=weaveexpose.service.j2 dest=/etc/systemd/system/weaveexpose.service
-  notify: restart weaveexpose
-
-- meta: flush_handlers
-
-- name: Weave | Enable weave
-  service: name=weave enabled=yes state=started
-
-- name: Weave | Enable weaveproxy
-  service: name=weaveproxy enabled=yes state=started
-
-- name: Weave | Enable weaveexpose
-  service: name=weaveexpose enabled=yes state=started
+    src: weave-kube.yml.j2
+    dest: "{{ kube_config_dir }}/weave-kube.yml"
+  register: weave_manifest

roles/network_plugin/weave/templates/weave-kube.yml.j2

@@ -0,0 +1,104 @@
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: weave-net
+  namespace: {{ system_namespace }}
+  labels:
+    version: {{ weave_version }}
+spec:
+  template:
+    metadata:
+      labels:
+        name: weave-net
+      annotations:
+        scheduler.alpha.kubernetes.io/tolerations: |
+          [
+            {
+              "key": "dedicated",
+              "operator": "Equal",
+              "value": "master",
+              "effect": "NoSchedule"
+            }
+          ]
+    spec:
+      hostNetwork: true
+      hostPID: true
+      containers:
+        - name: weave
+          image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
+          imagePullPolicy: Always
+          command:
+            - /home/weave/launch.sh
+          env:
+            - name: IPALLOC_RANGE
+              value: {{ kube_pods_subnet }}
+{% if weave_checkpoint_disable is defined %}
+            - name: CHECKPOINT_DISABLE
+              value: {{ weave_checkpoint_disable }}
+{% endif %}
+{% if weave_expect_npc is defined %}
+            - name: EXPECT_NPC
+              value: {{ weave_expect_npc }}
+{% endif %}
+{% if weave_kube_peers is defined %}
+            - name: KUBE_PEERS
+              value: {{ weave_kube_peers }}
+{% endif %}
+{% if weave_ipalloc_init is defined %}
+            - name: IPALLOC_INIT
+              value: {{ weave_ipalloc_init }}
+{% endif %}
+{% if weave_expose_ip is defined %}
+            - name: WEAVE_EXPOSE_IP
+              value: {{ weave_expose_ip }}
+{% endif %}
+          livenessProbe:
+            initialDelaySeconds: 30
+            httpGet:
+              host: 127.0.0.1
+              path: /status
+              port: 6784
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: weavedb
+              mountPath: /weavedb
+            - name: cni-bin
+              mountPath: /opt
+            - name: cni-bin2
+              mountPath: /host_home
+            - name: cni-conf
+              mountPath: /etc
+          resources:
+            requests:
+              cpu: {{ weave_cpu_requests }}
+              memory: {{ weave_memory_requests }}
+            limits:
+              cpu: {{ weave_cpu_limit }}
+              memory: {{ weave_memory_limit }}
+        - name: weave-npc
+          image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
+          imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: {{ weave_cpu_requests }}
+              memory: {{ weave_memory_requests }}
+            limits:
+              cpu: {{ weave_cpu_limit }}
+              memory: {{ weave_memory_limit }}
+          securityContext:
+            privileged: true
+      restartPolicy: Always
+      volumes:
+        - name: weavedb
+          emptyDir: {}
+        - name: cni-bin
+          hostPath:
+            path: /opt
+        - name: cni-bin2
+          hostPath:
+            path: /home
+        - name: cni-conf
+          hostPath:
+            path: /etc

roles/network_plugin/weave/templates/weave.j2

@@ -1,7 +0,0 @@
-WEAVE_DOCKER_ARGS="--memory={{ weave_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ weave_cpu_limit|regex_replace('m', '') }}"
-WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}{% if not loop.last %} {% endif %}{% endfor %}"
-WEAVEPROXY_ARGS="--rewrite-inspect --without-dns"
-WEAVE_SUBNET="--ipalloc-range {{ kube_pods_subnet }}"
-{% if weave_password is defined %}
-WEAVE_PASSWORD="{{ weave_password }}"
-{% endif %}

roles/network_plugin/weave/templates/weave.service.j2

@@ -1,18 +0,0 @@
-[Unit]
-Description=Weave Network
-Documentation=http://docs.weave.works/weave/latest_release/
-Wants=docker.socket
-After=docker.service docker.socket
-
-[Service]
-EnvironmentFile=-/etc/weave.env
-ExecStartPre=-{{ docker_bin_dir }}/docker rm -f weave
-ExecStartPre={{ bin_dir }}/weave launch-router \
-            $WEAVE_SUBNET \
-            $WEAVE_PEERS
-ExecStart={{ docker_bin_dir }}/docker attach weave
-ExecStop={{ bin_dir }}/weave stop
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target

roles/network_plugin/weave/templates/weaveexpose.service.j2

@@ -1,16 +0,0 @@
-[Unit]
-Documentation=http://docs.weave.works/
-Wants=docker.socket weave.service
-After=docker.service docker.socket weave.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-TimeoutStartSec=0
-EnvironmentFile=-/etc/weave.%H.env
-EnvironmentFile=-/etc/weave.env
-ExecStart={{ bin_dir }}/weave expose
-ExecStop={{ bin_dir }}/weave hide
-
-[Install]
-WantedBy=weave-network.target

roles/network_plugin/weave/templates/weaveproxy.service.j2

@@ -1,17 +0,0 @@
-[Unit]
-Description=Weave proxy for Docker API
-Documentation=http://docs.weave.works/
-Wants=docker.socket
-After=docker.service docker.socket
-
-[Service]
-EnvironmentFile=-/etc/weave.%H.env
-EnvironmentFile=-/etc/weave.env
-ExecStartPre=-{{ docker_bin_dir }}/docker rm -f weaveproxy
-ExecStartPre={{ bin_dir }}/weave launch-proxy $WEAVEPROXY_ARGS
-ExecStart={{ docker_bin_dir }}/docker attach weaveproxy
-Restart=on-failure
-ExecStop={{ bin_dir }}/weave stop-proxy
-
-[Install]
-WantedBy=weave-network.target