update calico to 2.6.2 (#1874)

Move RS to deployment so no need to take care of the revision history
limits :
  - Delete the old RS
  - Make Calico manifest a deployment
  - move deployments to apps/v1beta2 API since Kubernetes 1.8
pull/2007/head
Kevin Lefevre 2017-11-28 13:01:30 +01:00 committed by Matthew Mosesohn
parent 8aafe64397
commit 9368dbe0e7
6 changed files with 28 additions and 39 deletions

View File

@ -29,10 +29,10 @@ kubeadm_version: "{{ kube_version }}"
etcd_version: v3.2.4
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download
calico_version: "v2.5.0"
calico_ctl_version: "v1.5.0"
calico_cni_version: "v1.10.0"
calico_policy_version: "v0.7.0"
calico_version: "v2.6.2"
calico_ctl_version: "v1.6.1"
calico_cni_version: "v1.11.0"
calico_policy_version: "v1.0.0"
calico_rr_version: "v0.4.0"
flannel_version: "v0.9.0"
flannel_cni_version: "v0.3.0"
@ -70,7 +70,7 @@ calico_node_image_repo: "quay.io/calico/node"
calico_node_image_tag: "{{ calico_version }}"
calico_cni_image_repo: "quay.io/calico/cni"
calico_cni_image_tag: "{{ calico_cni_version }}"
calico_policy_image_repo: "quay.io/calico/kube-policy-controller"
calico_policy_image_repo: "quay.io/calico/kube-controllers"
calico_policy_image_tag: "{{ calico_policy_version }}"
calico_rr_image_repo: "quay.io/calico/routereflector"
calico_rr_image_tag: "{{ calico_rr_version }}"

View File

@ -7,15 +7,7 @@
- facts
- canal
- name: Get calico-policy-controller version if running
shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2"
register: existing_calico_policy_version
run_once: true
changed_when: false
failed_when: false
# FIXME(mattymo): This should not be necessary
- name: Delete calico-policy-controller if an old one is installed
- name: Delete the old calico-policy-controller if it exist
kube:
name: calico-policy-controller
kubectl: "{{bin_dir}}/kubectl"
@ -23,24 +15,21 @@
namespace: "{{ system_namespace }}"
state: absent
run_once: true
when:
- not "NotFound" in existing_calico_policy_version.stderr
- existing_calico_policy_version.stdout | version_compare('v0.7.0', '<')
- name: Create calico-policy-controller manifests
- name: Create calico-kube-controllers manifests
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
with_items:
- {name: calico-policy-controller, file: calico-policy-controller.yml, type: rs}
- {name: calico-policy-controller, file: calico-policy-sa.yml, type: sa}
- {name: calico-policy-controller, file: calico-policy-cr.yml, type: clusterrole}
- {name: calico-policy-controller, file: calico-policy-crb.yml, type: clusterrolebinding}
register: calico_policy_manifests
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
- {name: calico-kube-controllers, file: calico-kube-cr.yml, type: clusterrole}
- {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding}
register: calico_kube_manifests
when:
- rbac_enabled or item.type not in rbac_resources
- name: Start of Calico policy controller
- name: Start of Calico kube controllers
kube:
name: "{{item.item.name}}"
namespace: "{{ system_namespace }}"
@ -48,5 +37,5 @@
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
state: "latest"
with_items: "{{ calico_policy_manifests.results }}"
with_items: "{{ calico_kube_manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item|skipped

View File

@ -1,34 +1,34 @@
apiVersion: extensions/v1beta1
kind: ReplicaSet
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }}
labels:
k8s-app: calico-policy
k8s-app: calico-kube-controllers
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
matchLabels:
kubernetes.io/cluster-service: "true"
k8s-app: calico-policy
k8s-app: calico-kube-controllers
template:
metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }}
labels:
kubernetes.io/cluster-service: "true"
k8s-app: calico-policy
k8s-app: calico-kube-controllers
spec:
hostNetwork: true
{% if rbac_enabled %}
serviceAccountName: calico-policy-controller
serviceAccountName: calico-kube-controllers
{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
containers:
- name: calico-policy-controller
- name: calico-kube-controllers
image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:

View File

@ -2,7 +2,7 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }}
rules:
- apiGroups:

View File

@ -2,12 +2,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-policy-controller
name: calico-kube-controllers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-policy-controller
name: calico-kube-controllers
subjects:
- kind: ServiceAccount
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }}

View File

@ -2,7 +2,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-policy-controller
name: calico-kube-controllers
namespace: {{ system_namespace }}
labels:
kubernetes.io/cluster-service: "true"