From e0781483faddd68bc90eaf56adb785758af34223 Mon Sep 17 00:00:00 2001 From: Rong Zhang Date: Mon, 3 Dec 2018 18:22:17 +0800 Subject: [PATCH] Use download binary instead of copying from the container (#3786) --- roles/download/defaults/main.yml | 19 ++++++++++- roles/network_plugin/calico/tasks/install.yml | 32 ++++++++----------- roles/network_plugin/canal/tasks/main.yml | 24 ++++++++------ roles/network_plugin/cloud/tasks/main.yml | 15 ++++----- roles/network_plugin/contiv/tasks/main.yml | 22 ++++++++----- .../flannel/tasks/pre-upgrade.yml | 2 +- .../network_plugin/kube-router/tasks/main.yml | 26 ++++++++------- roles/network_plugin/weave/tasks/main.yml | 24 ++++++++------ 8 files changed, 97 insertions(+), 67 deletions(-) diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index dc96c2908..396498ad1 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -53,6 +53,8 @@ calico_rr_version: "v0.6.1" flannel_version: "v0.10.0" flannel_cni_version: "v0.3.0" +cni_version: "v0.6.0" + weave_version: 2.5.0 pod_infra_version: 3.1 contiv_version: 1.2.1 @@ -62,8 +64,9 @@ multus_version: "v3.1.autoconf" # Download URLs kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm" -etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz" hyperkube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64/hyperkube" +etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz" +cni_download_url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" # Checksums hyperkube_checksums: @@ -104,6 +107,7 @@ kubeadm_checksums: v1.10.0: ebbac985834289037b544523c3e2f39bb44bea938aca9d9e88ef7e880fb8472f etcd_binary_checksum: 947849dbcfa13927c81236fb76a7c01d587bbab42ab1e807184cd91b026ebed7 +cni_binary_checksum: f04339a21b8edf76d415e7f17b620e63b8f37a76b2f706671587ab6464411f2d hyperkube_binary_checksum: "{{ hyperkube_checksums[kube_version] }}" kubeadm_binary_checksum: "{{ kubeadm_checksums[kubeadm_version] }}" @@ -251,6 +255,19 @@ downloads: groups: - etcd + cni: + enabled: true + file: true + version: "{{ cni_version }}" + dest: "{{local_release_dir}}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" + sha256: "{{ cni_binary_checksum }}" + url: "{{ cni_download_url }}" + unarchive: false + owner: "root" + mode: "0755" + groups: + - k8s-cluster + kubeadm: enabled: "{{ kubeadm_enabled }}" file: true diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 9de50c05d..583ac0eb3 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -33,16 +33,20 @@ group: root changed_when: false -- name: Calico | Copy cni plugins from hyperkube - command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/" - register: cni_task_result - until: cni_task_result.rc == 0 - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - changed_when: false - tags: - - hyperkube - - upgrade +- name: Calico | Set cni directory permissions + file: + path: /opt/cni/bin + state: directory + owner: kube + recurse: true + mode: 0755 + +- name: Calico | Copy cni plugins + unarchive: + src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" + dest: "/opt/cni/bin" + mode: 0755 + remote_src: yes - name: Calico | Copy cni plugins from calico/cni container command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'" @@ -57,14 +61,6 @@ - hyperkube - upgrade -- name: Calico | Set cni directory permissions - file: - path: /opt/cni/bin - state: directory - owner: kube - recurse: true - mode: 0755 - - name: Calico | wait for etcd uri: url: "{{ etcd_access_addresses.split(',') | first }}/health" diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml index aedb47070..d59c818fe 100644 --- a/roles/network_plugin/canal/tasks/main.yml +++ b/roles/network_plugin/canal/tasks/main.yml @@ -54,16 +54,20 @@ when: - inventory_hostname in groups['kube-master'] -- name: Canal | Copy cni plugins from hyperkube - command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/" - register: cni_task_result - until: cni_task_result.rc == 0 - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - changed_when: false - tags: - - hyperkube - - upgrade +- name: Canal | Set cni directory permissions + file: + path: /opt/cni/bin + state: directory + owner: kube + recurse: true + mode: 0755 + +- name: Canal | Copy cni plugins + unarchive: + src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" + dest: "/opt/cni/bin" + mode: 0755 + remote_src: yes - name: Canal | Copy cni plugins from calico/cni command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'" diff --git a/roles/network_plugin/cloud/tasks/main.yml b/roles/network_plugin/cloud/tasks/main.yml index 59750770b..b63447978 100644 --- a/roles/network_plugin/cloud/tasks/main.yml +++ b/roles/network_plugin/cloud/tasks/main.yml @@ -1,12 +1,4 @@ --- -- name: Cloud | Copy cni plugins from hyperkube - command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/" - register: cni_task_result - until: cni_task_result.rc == 0 - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - changed_when: false - - name: Cloud | Set cni directory permissions file: path: /opt/cni/bin @@ -14,3 +6,10 @@ owner: kube recurse: true mode: "u=rwX,g-rwx,o-rwx" + +- name: Canal | Copy cni plugins + unarchive: + src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" + dest: "/opt/cni/bin" + mode: 0755 + remote_src: yes diff --git a/roles/network_plugin/contiv/tasks/main.yml b/roles/network_plugin/contiv/tasks/main.yml index b6163a22b..a5be03fac 100644 --- a/roles/network_plugin/contiv/tasks/main.yml +++ b/roles/network_plugin/contiv/tasks/main.yml @@ -143,14 +143,20 @@ - contiv_enable_api_proxy - contiv_generate_certificate -- name: Contiv | Copy cni plugins from hyperkube - command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/bash -c '/bin/cp -fa /opt/cni/bin/* /cnibindir/'" - register: cni_task_result - until: cni_task_result.rc == 0 - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - changed_when: false - tags: [hyperkube, upgrade] +- name: Contiv | Set cni directory permissions + file: + path: /opt/cni/bin + state: directory + owner: kube + recurse: true + mode: 0755 + +- name: Contiv | Copy cni plugins + unarchive: + src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" + dest: "/opt/cni/bin" + mode: 0755 + remote_src: yes - name: Contiv | Copy netctl binary from docker container command: sh -c "{{ docker_bin_dir }}/docker rm -f netctl-binarycopy; diff --git a/roles/network_plugin/flannel/tasks/pre-upgrade.yml b/roles/network_plugin/flannel/tasks/pre-upgrade.yml index 6b6fcd54f..ef50ceb09 100644 --- a/roles/network_plugin/flannel/tasks/pre-upgrade.yml +++ b/roles/network_plugin/flannel/tasks/pre-upgrade.yml @@ -16,4 +16,4 @@ - name: Flannel pre-upgrade | Remove Flannel's certificate directory not required by CNI file: dest: "{{ flannel_cert_dir }}" - state: absent \ No newline at end of file + state: absent diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml index f1996313d..4f0ba8e79 100644 --- a/roles/network_plugin/kube-router/tasks/main.yml +++ b/roles/network_plugin/kube-router/tasks/main.yml @@ -3,18 +3,22 @@ include: annotate.yml tags: annotate -- name: kube-router | Copy cni plugins from hyperkube - command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -prf /opt/cni/bin/. /cnibindir/" - register: cni_task_result - until: cni_task_result.rc == 0 - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - changed_when: false - tags: - - hyperkube - - upgrade +- name: kube-roter | Set cni directory permissions + file: + path: /opt/cni/bin + state: directory + owner: kube + recurse: true + mode: 0755 + +- name: kube-router | Copy cni plugins + unarchive: + src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" + dest: "/opt/cni/bin" + mode: 0755 + remote_src: yes - name: kube-router | Create manifest template: src: kube-router.yml.j2 - dest: "{{ kube_config_dir }}/kube-router.yml" \ No newline at end of file + dest: "{{ kube_config_dir }}/kube-router.yml" diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml index a9922cf3f..f4560568f 100644 --- a/roles/network_plugin/weave/tasks/main.yml +++ b/roles/network_plugin/weave/tasks/main.yml @@ -1,15 +1,19 @@ --- -- name: Weave | Copy cni plugins from hyperkube - command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/" - register: cni_task_result - until: cni_task_result.rc == 0 - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - changed_when: false - tags: - - hyperkube - - upgrade +- name: Weave | Set cni directory permissions + file: + path: /opt/cni/bin + state: directory + owner: kube + recurse: true + mode: 0755 + +- name: Weave | Copy cni plugins + unarchive: + src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz" + dest: "/opt/cni/bin" + mode: 0755 + remote_src: yes - name: Weave | Create manifest template: