richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

update calico to 2.6.2 (#1874) 

Move RS to deployment so no need to take care of the revision history
limits :
  - Delete the old RS
  - Make Calico manifest a deployment
  - move deployments to apps/v1beta2 API since Kubernetes 1.8
pull/2007/head
Kevin Lefevre 7 years ago
committed by Matthew Mosesohn
parent
8aafe64397
commit
9368dbe0e7
6 changed files with 28 additions and 39 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      roles/download/defaults/main.yml
  2. 29
      roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
  3. 18
      roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
  4. 2
      roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
  5. 6
      roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2
  6. 2
      roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2

10
roles/download/defaults/main.yml
View File

@ -29,10 +29,10 @@ kubeadm_version: "{{ kube_version }}"
etcd_version: v3.2.4 etcd_version: v3.2.4
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download # after migration to container download
calico_version: "v2.5.0"
calico_ctl_version: "v1.5.0"
calico_cni_version: "v1.10.0"
calico_policy_version: "v0.7.0"
calico_version: "v2.6.2"
calico_ctl_version: "v1.6.1"
calico_cni_version: "v1.11.0"
calico_policy_version: "v1.0.0"
calico_rr_version: "v0.4.0" calico_rr_version: "v0.4.0"
flannel_version: "v0.9.0" flannel_version: "v0.9.0"
flannel_cni_version: "v0.3.0" flannel_cni_version: "v0.3.0"
@ -70,7 +70,7 @@ calico_node_image_repo: "quay.io/calico/node"
calico_node_image_tag: "{{ calico_version }}" calico_node_image_tag: "{{ calico_version }}"
calico_cni_image_repo: "quay.io/calico/cni" calico_cni_image_repo: "quay.io/calico/cni"
calico_cni_image_tag: "{{ calico_cni_version }}" calico_cni_image_tag: "{{ calico_cni_version }}"
calico_policy_image_repo: "quay.io/calico/kube-policy-controller"
calico_policy_image_repo: "quay.io/calico/kube-controllers"
calico_policy_image_tag: "{{ calico_policy_version }}" calico_policy_image_tag: "{{ calico_policy_version }}"
calico_rr_image_repo: "quay.io/calico/routereflector" calico_rr_image_repo: "quay.io/calico/routereflector"
calico_rr_image_tag: "{{ calico_rr_version }}" calico_rr_image_tag: "{{ calico_rr_version }}"

29
roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
View File

@ -7,15 +7,7 @@
- facts - facts
- canal - canal
- name: Get calico-policy-controller version if running
shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2"
register: existing_calico_policy_version
run_once: true
changed_when: false
failed_when: false
# FIXME(mattymo): This should not be necessary
- name: Delete calico-policy-controller if an old one is installed
- name: Delete the old calico-policy-controller if it exist
kube: kube:
name: calico-policy-controller name: calico-policy-controller
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
@ -23,24 +15,21 @@
namespace: "{{ system_namespace }}" namespace: "{{ system_namespace }}"
state: absent state: absent
run_once: true run_once: true
when:
- not "NotFound" in existing_calico_policy_version.stderr
- existing_calico_policy_version.stdout | version_compare('v0.7.0', '<')
- name: Create calico-policy-controller manifests
- name: Create calico-kube-controllers manifests
template: template:
src: "{{item.file}}.j2" src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}" dest: "{{kube_config_dir}}/{{item.file}}"
with_items: with_items:
- {name: calico-policy-controller, file: calico-policy-controller.yml, type: rs}
- {name: calico-policy-controller, file: calico-policy-sa.yml, type: sa}
- {name: calico-policy-controller, file: calico-policy-cr.yml, type: clusterrole}
- {name: calico-policy-controller, file: calico-policy-crb.yml, type: clusterrolebinding}
register: calico_policy_manifests
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
- {name: calico-kube-controllers, file: calico-kube-cr.yml, type: clusterrole}
- {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding}
register: calico_kube_manifests
when: when:
- rbac_enabled or item.type not in rbac_resources - rbac_enabled or item.type not in rbac_resources
- name: Start of Calico policy controller
- name: Start of Calico kube controllers
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{ system_namespace }}" namespace: "{{ system_namespace }}"
@ -48,5 +37,5 @@
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"
state: "latest" state: "latest"
with_items: "{{ calico_policy_manifests.results }}"
with_items: "{{ calico_kube_manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item|skipped when: inventory_hostname == groups['kube-master'][0] and not item|skipped

roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 → roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
View File

@ -1,34 +1,34 @@
apiVersion: extensions/v1beta1
kind: ReplicaSet
apiVersion: apps/v1beta2
kind: Deployment
metadata: metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: {{ system_namespace }}
labels: labels:
k8s-app: calico-policy
k8s-app: calico-kube-controllers
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
k8s-app: calico-policy
k8s-app: calico-kube-controllers
template: template:
metadata: metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: {{ system_namespace }}
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
k8s-app: calico-policy
k8s-app: calico-kube-controllers
spec: spec:
hostNetwork: true hostNetwork: true
{% if rbac_enabled %} {% if rbac_enabled %}
serviceAccountName: calico-policy-controller
serviceAccountName: calico-kube-controllers
{% endif %} {% endif %}
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists
containers: containers:
- name: calico-policy-controller
- name: calico-kube-controllers
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }} image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
resources: resources:

roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-cr.yml.j2 → roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
View File

@ -2,7 +2,7 @@
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: {{ system_namespace }}
rules: rules:
- apiGroups: - apiGroups:

roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-crb.yml.j2 → roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2
View File

@ -2,12 +2,12 @@
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: calico-policy-controller
name: calico-kube-controllers
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: calico-policy-controller
name: calico-kube-controllers
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: {{ system_namespace }}

roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-sa.yml.j2 → roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2
View File

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: {{ system_namespace }}
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
Write Preview
Loading…
Cancel
Save