From 9368dbe0e7e6bb3aa6bffe0c59eb23a08060f4f6 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 28 Nov 2017 13:01:30 +0100 Subject: [PATCH] update calico to 2.6.2 (#1874) Move RS to deployment so no need to take care of the revision history limits : - Delete the old RS - Make Calico manifest a deployment - move deployments to apps/v1beta2 API since Kubernetes 1.8 --- roles/download/defaults/main.yml | 10 +++---- .../policy_controller/calico/tasks/main.yml | 29 ++++++------------- ....yml.j2 => calico-kube-controllers.yml.j2} | 18 ++++++------ ...policy-cr.yml.j2 => calico-kube-cr.yml.j2} | 2 +- ...licy-crb.yml.j2 => calico-kube-crb.yml.j2} | 6 ++-- ...policy-sa.yml.j2 => calico-kube-sa.yml.j2} | 2 +- 6 files changed, 28 insertions(+), 39 deletions(-) rename roles/kubernetes-apps/policy_controller/calico/templates/{calico-policy-controller.yml.j2 => calico-kube-controllers.yml.j2} (86%) rename roles/kubernetes-apps/policy_controller/calico/templates/{calico-policy-cr.yml.j2 => calico-kube-cr.yml.j2} (89%) rename roles/kubernetes-apps/policy_controller/calico/templates/{calico-policy-crb.yml.j2 => calico-kube-crb.yml.j2} (69%) rename roles/kubernetes-apps/policy_controller/calico/templates/{calico-policy-sa.yml.j2 => calico-kube-sa.yml.j2} (80%) diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 7fb0d69fa..513bacdd9 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -29,10 +29,10 @@ kubeadm_version: "{{ kube_version }}" etcd_version: v3.2.4 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults # after migration to container download -calico_version: "v2.5.0" -calico_ctl_version: "v1.5.0" -calico_cni_version: "v1.10.0" -calico_policy_version: "v0.7.0" +calico_version: "v2.6.2" +calico_ctl_version: "v1.6.1" +calico_cni_version: "v1.11.0" +calico_policy_version: "v1.0.0" calico_rr_version: "v0.4.0" flannel_version: "v0.9.0" flannel_cni_version: "v0.3.0" @@ -70,7 +70,7 @@ calico_node_image_repo: "quay.io/calico/node" calico_node_image_tag: "{{ calico_version }}" calico_cni_image_repo: "quay.io/calico/cni" calico_cni_image_tag: "{{ calico_cni_version }}" -calico_policy_image_repo: "quay.io/calico/kube-policy-controller" +calico_policy_image_repo: "quay.io/calico/kube-controllers" calico_policy_image_tag: "{{ calico_policy_version }}" calico_rr_image_repo: "quay.io/calico/routereflector" calico_rr_image_tag: "{{ calico_rr_version }}" diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml index 354a5ad35..ba1162799 100644 --- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml +++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml @@ -7,15 +7,7 @@ - facts - canal -- name: Get calico-policy-controller version if running - shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2" - register: existing_calico_policy_version - run_once: true - changed_when: false - failed_when: false - -# FIXME(mattymo): This should not be necessary -- name: Delete calico-policy-controller if an old one is installed +- name: Delete the old calico-policy-controller if it exist kube: name: calico-policy-controller kubectl: "{{bin_dir}}/kubectl" @@ -23,24 +15,21 @@ namespace: "{{ system_namespace }}" state: absent run_once: true - when: - - not "NotFound" in existing_calico_policy_version.stderr - - existing_calico_policy_version.stdout | version_compare('v0.7.0', '<') -- name: Create calico-policy-controller manifests +- name: Create calico-kube-controllers manifests template: src: "{{item.file}}.j2" dest: "{{kube_config_dir}}/{{item.file}}" with_items: - - {name: calico-policy-controller, file: calico-policy-controller.yml, type: rs} - - {name: calico-policy-controller, file: calico-policy-sa.yml, type: sa} - - {name: calico-policy-controller, file: calico-policy-cr.yml, type: clusterrole} - - {name: calico-policy-controller, file: calico-policy-crb.yml, type: clusterrolebinding} - register: calico_policy_manifests + - {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment} + - {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa} + - {name: calico-kube-controllers, file: calico-kube-cr.yml, type: clusterrole} + - {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding} + register: calico_kube_manifests when: - rbac_enabled or item.type not in rbac_resources -- name: Start of Calico policy controller +- name: Start of Calico kube controllers kube: name: "{{item.item.name}}" namespace: "{{ system_namespace }}" @@ -48,5 +37,5 @@ resource: "{{item.item.type}}" filename: "{{kube_config_dir}}/{{item.item.file}}" state: "latest" - with_items: "{{ calico_policy_manifests.results }}" + with_items: "{{ calico_kube_manifests.results }}" when: inventory_hostname == groups['kube-master'][0] and not item|skipped diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 similarity index 86% rename from roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 rename to roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 index d715358c8..7e1311b92 100644 --- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2 +++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 @@ -1,34 +1,34 @@ -apiVersion: extensions/v1beta1 -kind: ReplicaSet +apiVersion: apps/v1beta2 +kind: Deployment metadata: - name: calico-policy-controller + name: calico-kube-controllers namespace: {{ system_namespace }} labels: - k8s-app: calico-policy + k8s-app: calico-kube-controllers kubernetes.io/cluster-service: "true" spec: replicas: 1 selector: matchLabels: kubernetes.io/cluster-service: "true" - k8s-app: calico-policy + k8s-app: calico-kube-controllers template: metadata: - name: calico-policy-controller + name: calico-kube-controllers namespace: {{ system_namespace }} labels: kubernetes.io/cluster-service: "true" - k8s-app: calico-policy + k8s-app: calico-kube-controllers spec: hostNetwork: true {% if rbac_enabled %} - serviceAccountName: calico-policy-controller + serviceAccountName: calico-kube-controllers {% endif %} tolerations: - effect: NoSchedule operator: Exists containers: - - name: calico-policy-controller + - name: calico-kube-controllers image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} resources: diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-cr.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 similarity index 89% rename from roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-cr.yml.j2 rename to roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 index aac341ca6..82c2f3e44 100644 --- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-cr.yml.j2 +++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: - name: calico-policy-controller + name: calico-kube-controllers namespace: {{ system_namespace }} rules: - apiGroups: diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-crb.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2 similarity index 69% rename from roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-crb.yml.j2 rename to roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2 index d5c192018..38853a413 100644 --- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-crb.yml.j2 +++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2 @@ -2,12 +2,12 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: - name: calico-policy-controller + name: calico-kube-controllers roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: calico-policy-controller + name: calico-kube-controllers subjects: - kind: ServiceAccount - name: calico-policy-controller + name: calico-kube-controllers namespace: {{ system_namespace }} diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-sa.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2 similarity index 80% rename from roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-sa.yml.j2 rename to roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2 index c6bc07fbb..bf8958976 100644 --- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-sa.yml.j2 +++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: calico-policy-controller + name: calico-kube-controllers namespace: {{ system_namespace }} labels: kubernetes.io/cluster-service: "true"