calico upgrade to v3 (#3086)

* calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
2026-02-19 20:20:10 -03:30 · 2018-08-23 17:17:18 +03:00
parent f453567cce
commit 23fd3461bc
27 changed files with 399 additions and 252 deletions
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -77,12 +77,6 @@ spec:
            # Set Felix logging to "info"
            - name: FELIX_LOGSEVERITYSCREEN
              value: "info"
-            # Disable autocreation of pools
-            - name: CALICO_NO_DEFAULT_POOLS
-              value: "true"
-            # Enable libnetwork
-            - name: CALICO_LIBNETWORK_ENABLED
-              value: "true"
            # Set MTU for tunnel device used if ipip is enabled
 {% if calico_mtu is defined %}
            - name: FELIX_IPINIPMTU
@@ -158,6 +152,8 @@ spec:
              readOnly: true
            - mountPath: /var/run/calico
              name: var-run-calico
+            - mountPath: /var/lib/calico
+              name: var-lib-calico
              readOnly: false
            - mountPath: /calico-secrets
              name: etcd-certs
@@ -169,6 +165,9 @@ spec:
        - name: var-run-calico
          hostPath:
            path: /var/run/calico
+        - name: var-lib-calico
+          hostPath:
+            path: /var/lib/calico
        # Used to install CNI.
        - name: cni-bin-dir
          hostPath:
@@ -183,5 +182,4 @@ spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: {{ serial | default('20%') }}
-    type: RollingUpdate
-
+    type: RollingUpdate
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -3,7 +3,7 @@
  "cniVersion":"0.3.1",
  "plugins":[
    {
-    {% if cloud_provider is defined %}
+{% if cloud_provider is defined %}
      "nodename": "{{ calico_kubelet_name.stdout }}",
    {% else %}
      "nodename": "{{ calico_baremetal_nodename }}",
@@ -19,14 +19,14 @@
        "assign_ipv4": "true",
        "ipv4_pools": ["{{ kube_pods_subnet }}"]
      },
-    {% if enable_network_policy %}
+{% if enable_network_policy %}
      "policy": {
        "type": "k8s"
      },
-    {%- endif %}
-    {% if calico_mtu is defined and calico_mtu is number %}
+{%- endif %}
+{% if calico_mtu is defined and calico_mtu is number %}
      "mtu": {{ calico_mtu }},
-    {%- endif %}
+{%- endif %}
      "kubernetes": {
        "kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml"
      }
--- a/roles/network_plugin/calico/templates/etcdv2-store.yml.j2
+++ b/roles/network_plugin/calico/templates/etcdv2-store.yml.j2
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: calicoApiConfig
+metadata:
+spec:
+  datastoreType: "etcdv2"
+  etcdEndpoints: "{{ etcd_access_addresses }}"
+  etcdKeyFile: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
+  etcdCertFile: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+  etcdCACertFile: "{{ etcd_cert_dir }}/ca.pem"
--- a/roles/network_plugin/calico/templates/etcdv3-store.yml.j2
+++ b/roles/network_plugin/calico/templates/etcdv3-store.yml.j2
@@ -0,0 +1,9 @@
+apiVersion: projectcalico.org/v3
+kind: CalicoAPIConfig
+metadata:
+spec:
+  datastoreType: "etcdv3"
+  etcdEndpoints: "{{ etcd_access_addresses }}"
+  etcdKeyFile: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
+  etcdCertFile: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+  etcdCACertFile: "{{ etcd_cert_dir }}/ca.pem"