kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use install_cni init container for cni copy for calico/canal (#4416)

pull/4421/head
Matthew Mosesohn 2019-04-02 13:32:36 +03:00 committed by Kubernetes Prow Robot
parent 5d5c9cab19
commit 4fe2aa6bf7
5 changed files with 19 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/network_plugin/calico/defaults/main.yml
View File

@ -10,10 +10,6 @@ calico_ipv4pool_ipip: "Off"
ipip: true ipip: true
ipip_mode: Always # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets ipip_mode: Always # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
# Set to true if you want your calico cni binaries to overwrite the
# ones from hyperkube while leaving other cni plugins intact.
overwrite_hyperkube_cni: true
calico_cert_dir: /etc/calico/certs calico_cert_dir: /etc/calico/certs
# Global as_num (/calico/bgp/v1/global/as_num) # Global as_num (/calico/bgp/v1/global/as_num)

28
roles/network_plugin/calico/tasks/install.yml
View File

@ -33,34 +33,6 @@
group: root group: root
changed_when: false changed_when: false
- name: Calico | Copy cni plugins
unarchive:
src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
dest: "/opt/cni/bin"
mode: 0755
remote_src: yes
- name: Calico | Set cni directory permissions
file:
path: /opt/cni/bin
state: directory
owner: kube
recurse: true
mode: 0755
- name: Calico | Copy cni plugins from calico/cni container
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
register: cni_task_result
until: cni_task_result.rc == 0
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
when:
- "overwrite_hyperkube_cni|bool"
tags:
- hyperkube
- upgrade
- name: Calico | wait for etcd - name: Calico | wait for etcd
uri: uri:
url: "{{ etcd_access_addresses.split(',') | first }}/health" url: "{{ etcd_access_addresses.split(',') | first }}/health"

15
roles/network_plugin/calico/templates/calico-node.yml.j2
View File

@ -52,9 +52,9 @@ spec:
# Name of the CNI config file to create. # Name of the CNI config file to create.
- name: CNI_CONF_NAME - name: CNI_CONF_NAME
value: "10-calico.conflist" value: "10-calico.conflist"
# CNI binaries are already on the host # Install CNI binaries
- name: UPDATE_CNI_BINARIES - name: UPDATE_CNI_BINARIES
value: "false" value: "true"
# The CNI network config to install on each node. # The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG_FILE - name: CNI_NETWORK_CONFIG_FILE
value: "/host/etc/cni/net.d/calico.conflist.template" value: "/host/etc/cni/net.d/calico.conflist.template"
@ -64,6 +64,8 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{% endif %} {% endif %}
containers: containers:
{% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %} {% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
@ -74,9 +76,9 @@ spec:
# Name of the CNI config file to create. # Name of the CNI config file to create.
- name: CNI_CONF_NAME - name: CNI_CONF_NAME
value: "10-calico.conflist" value: "10-calico.conflist"
# CNI binaries are already on the host # Install CNI binaries
- name: UPDATE_CNI_BINARIES - name: UPDATE_CNI_BINARIES
value: "false" value: "true"
# The CNI network config to install on each node. # The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG_FILE - name: CNI_NETWORK_CONFIG_FILE
value: "/host/etc/cni/net.d/calico.conflist.template" value: "/host/etc/cni/net.d/calico.conflist.template"
@ -86,6 +88,8 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{% endif %} {% endif %}
# Runs calico/node container on each Kubernetes node. This # Runs calico/node container on each Kubernetes node. This
# container programs network policy and routes on each # container programs network policy and routes on each
@ -260,6 +264,9 @@ spec:
- name: cni-net-dir - name: cni-net-dir
hostPath: hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
# Mount in the etcd TLS secrets. # Mount in the etcd TLS secrets.
- name: etcd-certs - name: etcd-certs
hostPath: hostPath:

34
roles/network_plugin/canal/tasks/main.yml
View File

@ -54,40 +54,6 @@
when: when:
- inventory_hostname in groups['kube-master'] - inventory_hostname in groups['kube-master']
- name: Canal | Set cni directory permissions
file:
path: /opt/cni/bin
state: directory
owner: kube
recurse: true
mode: 0755
- name: Canal | Copy cni plugins
unarchive:
src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
dest: "/opt/cni/bin"
mode: 0755
remote_src: yes
- name: Canal | Copy cni plugins from calico/cni
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
register: cni_task_result
until: cni_task_result.rc == 0
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags:
- hyperkube
- upgrade
- name: Canal | Set cni directory permissions
file:
path: /opt/cni/bin
state: directory
owner: kube
recurse: true
mode: 0755
- name: Canal | Install calicoctl container script - name: Canal | Install calicoctl container script
template: template:
src: calicoctl-container.j2 src: calicoctl-container.j2

12
roles/network_plugin/canal/templates/canal-node.yaml.j2
View File

@ -68,9 +68,9 @@ spec:
# Name of the CNI config file to create. # Name of the CNI config file to create.
- name: CNI_CONF_NAME - name: CNI_CONF_NAME
value: "10-canal.conflist" value: "10-canal.conflist"
# CNI binaries are already on the host # Install CNI binaries
- name: UPDATE_CNI_BINARIES - name: UPDATE_CNI_BINARIES
value: "false" value: "true"
# The CNI network config to install on each node. # The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG_FILE - name: CNI_NETWORK_CONFIG_FILE
value: "/host/etc/cni/net.d/canal.conflist.template" value: "/host/etc/cni/net.d/canal.conflist.template"
@ -80,6 +80,8 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{% endif %} {% endif %}
containers: containers:
{% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %} {% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
@ -90,15 +92,17 @@ spec:
# Name of the CNI config file to create. # Name of the CNI config file to create.
- name: CNI_CONF_NAME - name: CNI_CONF_NAME
value: "10-canal.conflist" value: "10-canal.conflist"
# CNI binaries are already on the host # Install CNI binaries
- name: UPDATE_CNI_BINARIES - name: UPDATE_CNI_BINARIES
value: "false" value: "true"
# The CNI network config to install on each node. # The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG_FILE - name: CNI_NETWORK_CONFIG_FILE
value: "/host/etc/cni/net.d/canal.conflist.template" value: "/host/etc/cni/net.d/canal.conflist.template"
volumeMounts: volumeMounts:
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{% endif %} {% endif %}
# Runs the flannel daemon to enable vxlan networking between # Runs the flannel daemon to enable vxlan networking between
# container hosts. # container hosts.