update calico 3.0.3

README.md

@@ -19,7 +19,7 @@
 - kubernetes	v1.9.3
 - etcd		v3.3.1
 - docker	17.12.0-ce
-- calico/node	v2.6.7
+- calico/node	v3.0.3
 - flannel	v0.10.0
   - 附：集群用到的所有二进制文件已打包好供下载 [https://pan.baidu.com/s/1c4RFaA](https://pan.baidu.com/s/1c4RFaA)
   - 注：`Kubernetes v1.8.x` 版本请切换到项目分支 `v1.8`, 若你需要从v1.8 升级至 v1.9，请参考 [升级注意](docs/upgrade.md)

roles/calico/tasks/main.yml

@@ -17,6 +17,10 @@
         -config={{ ca_dir }}/ca-config.json \
         -profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
 
+# 因官方calico.yaml文件中使用特定的证书名，所以要重命名
+- name: 重命名相关证书
+  shell: "cd /etc/calico/ssl && cp ca.pem etcd-ca && cp calico.pem etcd-cert && cp calico-key.pem etcd-key"
+
 - name: 准备 calico DaemonSet yaml文件
   template: src=calico.yaml.j2 dest=/root/local/kube-system/calico/calico.yaml
 

roles/calico/templates/calico.yaml.j2

@@ -1,9 +1,9 @@
-# Calico Version v2.6.7
+# Calico Version v3.0.3
-# https://docs.projectcalico.org/v2.6/releases#v2.6.7
+# https://docs.projectcalico.org/v3.0/releases#v3.0.3
 # This manifest includes the following component versions:
-#   calico/node:v2.6.7
+#   calico/node:v3.0.3
-#   calico/cni:v1.11.2
+#   calico/cni:v2.0.1
-#   calico/kube-controllers:v1.0.3
+#   calico/kube-controllers:v2.0.1
 
 # This ConfigMap is used to configure a self-hosted Calico installation.
 kind: ConfigMap
@@ -22,7 +22,9 @@ data:
   cni_network_config: |-
     {
       "name": "k8s-pod-network",
-        "cniVersion": "0.1.0",
+      "cniVersion": "0.3.0",
+      "plugins": [
+        {
             "type": "calico",
             "etcd_endpoints": "{{ ETCD_ENDPOINTS }}",
             "etcd_key_file": "/etc/calico/ssl/calico-key.pem",
@@ -39,13 +41,21 @@ data:
             "kubernetes": {
                 "kubeconfig": "/root/.kube/config" 
             }
+        },
+        {
+          "type": "portmap",
+          "snat": true,
+          "capabilities": {"portMappings": true}
+        }
+      ]
     }
 
   # If you're using TLS enabled etcd uncomment the following.
   # You must also populate the Secret below with these files.
-  etcd_ca: "/calico-secrets/ca.pem"
+  etcd_ca: "/calico-secrets/etcd-ca" 
-  etcd_cert: "/calico-secrets/calico.pem"
+  etcd_cert: "/calico-secrets/etcd-cert"
-  etcd_key: "/calico-secrets/calico-key.pem"
+  etcd_key: "/calico-secrets/etcd-key"
+
 ---
 
 # This manifest installs the calico/node container, as well
@@ -62,6 +72,10 @@ spec:
   selector:
     matchLabels:
       k8s-app: calico-node
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
   template:
     metadata:
       labels:
@@ -82,8 +96,8 @@ spec:
         # container programs network policy and routes on each
         # host.
         - name: calico-node
-          #image: quay.io/calico/node:v2.6.7
+          #image: quay.io/calico/node:v3.0.3
-          image: calico/node:v2.6.7
+          image: calico/node:v3.0.3
           env:
             # The location of the Calico etcd cluster.
             - name: ETCD_ENDPOINTS
@@ -103,6 +117,11 @@ spec:
             # Disable file logging so `kubectl logs` works.
             - name: CALICO_DISABLE_FILE_LOGGING
               value: "true"
+            # Set noderef for node controller.
+            - name: CALICO_K8S_NODE_REF
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
             # Set Felix endpoint to host default action to ACCEPT.
             - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
               value: "ACCEPT"
@@ -111,11 +130,6 @@ spec:
               value: "{{ CLUSTER_CIDR }}"
             - name: CALICO_IPV4POOL_IPIP
               value: "{{ CALICO_IPV4POOL_IPIP }}"
-            # Set noderef for node controller.
-            - name: CALICO_K8S_NODE_REF
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
             # Disable IPv6 on Kubernetes.
             - name: FELIX_IPV6SUPPORT
               value: "false"
@@ -145,7 +159,7 @@ spec:
                   key: etcd_cert
             # Auto-detect the BGP IP address.
             - name: IP
-              value: ""
+              value: "autodetect"
             - name: IP_AUTODETECTION_METHOD
               value: "{{ IP_AUTODETECTION_METHOD }}"
             - name: FELIX_HEALTHENABLED
@@ -179,10 +193,13 @@ spec:
         # This container installs the Calico CNI binaries
         # and CNI network config file on each node.
         - name: install-cni
-          #image: quay.io/calico/cni:v1.11.2
+          #image: quay.io/calico/cni:v2.0.1
-          image: calico/cni:v1.11.2
+          image: calico/cni:v2.0.1
           command: ["/install-cni.sh"]
           env:
+            # Name of the CNI config file to create.
+            - name: CNI_CONF_NAME
+              value: "10-calico.conflist"
             # The location of the Calico etcd cluster.
             - name: ETCD_ENDPOINTS
               valueFrom:
@@ -259,8 +276,8 @@ spec:
       serviceAccountName: calico-kube-controllers
       containers:
         - name: calico-kube-controllers
-          #image: quay.io/calico/kube-controllers:v1.0.3
+          #image: quay.io/calico/kube-controllers:v2.0.1
-          image: calico/kube-controllers:v1.0.3
+          image: calico/kube-controllers:v2.0.1
           env:
             # The location of the Calico etcd cluster.
             - name: ETCD_ENDPOINTS