calico upgrade to v3 (#3086)

* calico upgrade to v3

* update calico_rr version

* add missing file

* change contents of main.yml as it was left old version

* enable network policy by default

* remove unneeded task

* Fix kubelet calico settings

* fix when statement

* switch back to node-kubeconfig.yaml

roles/kubernetes/kubeadm/tasks/main.yml

@@ -88,6 +88,15 @@
     - is_kube_master
     - kubeadm_discovery_address != kube_apiserver_endpoint
 
+# FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
+- name: Symlink kubelet kubeconfig for calico/canal
+  file:
+    src: "{{ kube_config_dir }}/kubelet.conf"
+    dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
+    state: link
+    force: yes
+  when: kube_network_plugin in ['calico','canal']
+
 - name: Restart all kube-proxy pods to ensure that they load the new configmap
   shell: "{{ bin_dir }}/kubectl delete pod -n kube-system -l k8s-app=kube-proxy"
   delegate_to: "{{groups['kube-master']|first}}"

roles/kubernetes/node/templates/kubelet-container.j2

@@ -22,6 +22,7 @@
   -v {{ docker_daemon_graph }}:{{ docker_daemon_graph }}:rw \
   -v /var/log:/var/log:rw \
   -v /var/lib/kubelet:/var/lib/kubelet:shared \
+  -v /var/lib/calico:/var/lib/calico:shared \
   -v /var/lib/cni:/var/lib/cni:shared \
   -v /var/run:/var/run:rw \
   {# we can run into issues with double mounting /var/lib/kubelet #}

roles/kubernetes/node/templates/kubelet.rkt.service.j2

@@ -37,6 +37,10 @@ ExecStart=/usr/bin/rkt run \
         --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
         --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
         --volume var-lib-cni,kind=host,source=/var/lib/cni,readOnly=false \
+{% endif %}
+{% if kube_network_plugin in ["calico", "canal"] %}
+        --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=false \
+{% endif %}
 {# we can run into issues with double mounting /var/lib/kubelet #}
 {# surely there's a better way to do this #}
 {% if '/var/lib/kubelet' not in kubelet_flexvolumes_plugins_dir %}
@@ -55,6 +59,9 @@ ExecStart=/usr/bin/rkt run \
         --mount volume=etc-cni,target=/etc/cni \
         --mount volume=opt-cni,target=/opt/cni \
         --mount volume=var-lib-cni,target=/var/lib/cni \
+{% if kube_network_plugin in ["calico", "canal"] %}
+        --mount volume=var-lib-calico,target=/var/lib/calico \
+{% endif %}
 {% endif %}
         --mount volume=os-release,target=/etc/os-release \
         --mount volume=dns,target=/etc/resolv.conf \

roles/kubernetes/preinstall/tasks/main.yml

@@ -89,6 +89,7 @@
   with_items:
     - "/etc/cni/net.d"
     - "/opt/cni/bin"
+    - "/var/lib/calico"
   when:
     - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"]
     - inventory_hostname in groups['k8s-cluster']

roles/kubernetes/preinstall/tasks/set_resolv_facts.yml

@@ -98,7 +98,7 @@
       {%- elif dns_mode == 'coredns_dual' and not dns_early|bool -%}
         {{ [ skydns_server ] + [ skydns_server_secondary ] + upstream_dns_servers|default([]) }}
       {%- elif dns_mode == 'manual' and not dns_early|bool -%}
-        {{ [ manual_dns_server ] + upstream_dns_servers|default([]) }}
+        {{ ( manual_dns_server.split(',') | list) + upstream_dns_servers|default([]) }}
       {%- elif dns_early|bool -%}
         {{ upstream_dns_servers|default([]) }}
       {%- else -%}