update calico to 2.6.2 (#1874)
Move RS to deployment so no need to take care of the revision history limits : - Delete the old RS - Make Calico manifest a deployment - move deployments to apps/v1beta2 API since Kubernetes 1.8pull/2007/head
parent
8aafe64397
commit
9368dbe0e7
|
@ -29,10 +29,10 @@ kubeadm_version: "{{ kube_version }}"
|
||||||
etcd_version: v3.2.4
|
etcd_version: v3.2.4
|
||||||
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
||||||
# after migration to container download
|
# after migration to container download
|
||||||
calico_version: "v2.5.0"
|
calico_version: "v2.6.2"
|
||||||
calico_ctl_version: "v1.5.0"
|
calico_ctl_version: "v1.6.1"
|
||||||
calico_cni_version: "v1.10.0"
|
calico_cni_version: "v1.11.0"
|
||||||
calico_policy_version: "v0.7.0"
|
calico_policy_version: "v1.0.0"
|
||||||
calico_rr_version: "v0.4.0"
|
calico_rr_version: "v0.4.0"
|
||||||
flannel_version: "v0.9.0"
|
flannel_version: "v0.9.0"
|
||||||
flannel_cni_version: "v0.3.0"
|
flannel_cni_version: "v0.3.0"
|
||||||
|
@ -70,7 +70,7 @@ calico_node_image_repo: "quay.io/calico/node"
|
||||||
calico_node_image_tag: "{{ calico_version }}"
|
calico_node_image_tag: "{{ calico_version }}"
|
||||||
calico_cni_image_repo: "quay.io/calico/cni"
|
calico_cni_image_repo: "quay.io/calico/cni"
|
||||||
calico_cni_image_tag: "{{ calico_cni_version }}"
|
calico_cni_image_tag: "{{ calico_cni_version }}"
|
||||||
calico_policy_image_repo: "quay.io/calico/kube-policy-controller"
|
calico_policy_image_repo: "quay.io/calico/kube-controllers"
|
||||||
calico_policy_image_tag: "{{ calico_policy_version }}"
|
calico_policy_image_tag: "{{ calico_policy_version }}"
|
||||||
calico_rr_image_repo: "quay.io/calico/routereflector"
|
calico_rr_image_repo: "quay.io/calico/routereflector"
|
||||||
calico_rr_image_tag: "{{ calico_rr_version }}"
|
calico_rr_image_tag: "{{ calico_rr_version }}"
|
||||||
|
|
|
@ -7,15 +7,7 @@
|
||||||
- facts
|
- facts
|
||||||
- canal
|
- canal
|
||||||
|
|
||||||
- name: Get calico-policy-controller version if running
|
- name: Delete the old calico-policy-controller if it exist
|
||||||
shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2"
|
|
||||||
register: existing_calico_policy_version
|
|
||||||
run_once: true
|
|
||||||
changed_when: false
|
|
||||||
failed_when: false
|
|
||||||
|
|
||||||
# FIXME(mattymo): This should not be necessary
|
|
||||||
- name: Delete calico-policy-controller if an old one is installed
|
|
||||||
kube:
|
kube:
|
||||||
name: calico-policy-controller
|
name: calico-policy-controller
|
||||||
kubectl: "{{bin_dir}}/kubectl"
|
kubectl: "{{bin_dir}}/kubectl"
|
||||||
|
@ -23,24 +15,21 @@
|
||||||
namespace: "{{ system_namespace }}"
|
namespace: "{{ system_namespace }}"
|
||||||
state: absent
|
state: absent
|
||||||
run_once: true
|
run_once: true
|
||||||
when:
|
|
||||||
- not "NotFound" in existing_calico_policy_version.stderr
|
|
||||||
- existing_calico_policy_version.stdout | version_compare('v0.7.0', '<')
|
|
||||||
|
|
||||||
- name: Create calico-policy-controller manifests
|
- name: Create calico-kube-controllers manifests
|
||||||
template:
|
template:
|
||||||
src: "{{item.file}}.j2"
|
src: "{{item.file}}.j2"
|
||||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||||
with_items:
|
with_items:
|
||||||
- {name: calico-policy-controller, file: calico-policy-controller.yml, type: rs}
|
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
|
||||||
- {name: calico-policy-controller, file: calico-policy-sa.yml, type: sa}
|
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
|
||||||
- {name: calico-policy-controller, file: calico-policy-cr.yml, type: clusterrole}
|
- {name: calico-kube-controllers, file: calico-kube-cr.yml, type: clusterrole}
|
||||||
- {name: calico-policy-controller, file: calico-policy-crb.yml, type: clusterrolebinding}
|
- {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding}
|
||||||
register: calico_policy_manifests
|
register: calico_kube_manifests
|
||||||
when:
|
when:
|
||||||
- rbac_enabled or item.type not in rbac_resources
|
- rbac_enabled or item.type not in rbac_resources
|
||||||
|
|
||||||
- name: Start of Calico policy controller
|
- name: Start of Calico kube controllers
|
||||||
kube:
|
kube:
|
||||||
name: "{{item.item.name}}"
|
name: "{{item.item.name}}"
|
||||||
namespace: "{{ system_namespace }}"
|
namespace: "{{ system_namespace }}"
|
||||||
|
@ -48,5 +37,5 @@
|
||||||
resource: "{{item.item.type}}"
|
resource: "{{item.item.type}}"
|
||||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||||
state: "latest"
|
state: "latest"
|
||||||
with_items: "{{ calico_policy_manifests.results }}"
|
with_items: "{{ calico_kube_manifests.results }}"
|
||||||
when: inventory_hostname == groups['kube-master'][0] and not item|skipped
|
when: inventory_hostname == groups['kube-master'][0] and not item|skipped
|
||||||
|
|
|
@ -1,34 +1,34 @@
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: apps/v1beta2
|
||||||
kind: ReplicaSet
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-policy-controller
|
name: calico-kube-controllers
|
||||||
namespace: {{ system_namespace }}
|
namespace: {{ system_namespace }}
|
||||||
labels:
|
labels:
|
||||||
k8s-app: calico-policy
|
k8s-app: calico-kube-controllers
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
||||||
k8s-app: calico-policy
|
k8s-app: calico-kube-controllers
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-policy-controller
|
name: calico-kube-controllers
|
||||||
namespace: {{ system_namespace }}
|
namespace: {{ system_namespace }}
|
||||||
labels:
|
labels:
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
||||||
k8s-app: calico-policy
|
k8s-app: calico-kube-controllers
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
{% if rbac_enabled %}
|
{% if rbac_enabled %}
|
||||||
serviceAccountName: calico-policy-controller
|
serviceAccountName: calico-kube-controllers
|
||||||
{% endif %}
|
{% endif %}
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
operator: Exists
|
operator: Exists
|
||||||
containers:
|
containers:
|
||||||
- name: calico-policy-controller
|
- name: calico-kube-controllers
|
||||||
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
|
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
resources:
|
resources:
|
|
@ -2,7 +2,7 @@
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-policy-controller
|
name: calico-kube-controllers
|
||||||
namespace: {{ system_namespace }}
|
namespace: {{ system_namespace }}
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
|
@ -2,12 +2,12 @@
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-policy-controller
|
name: calico-kube-controllers
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: calico-policy-controller
|
name: calico-kube-controllers
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: calico-policy-controller
|
name: calico-kube-controllers
|
||||||
namespace: {{ system_namespace }}
|
namespace: {{ system_namespace }}
|
|
@ -2,7 +2,7 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-policy-controller
|
name: calico-kube-controllers
|
||||||
namespace: {{ system_namespace }}
|
namespace: {{ system_namespace }}
|
||||||
labels:
|
labels:
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
Loading…
Reference in New Issue