External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-23 05:56:02 -03:30
Code Issues Packages Projects Releases Wiki Activity

Calico upgrade path validation and old version cleanup (#6733)

Browse Source 
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
This commit is contained in:
Hans Feldt
2020-09-24 18:04:06 +02:00
committed by GitHub
parent 50e8a52c74
commit 28073c76ac
19 changed files with 21 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
roles/network_plugin/calico/tasks/check.yml
View File

@@ -36,36 +36,3 @@
msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
when:
- "calico_vxlan_mode in ['Always', 'CrossSubnet']"
- name: "Get current version of calico cluster version"
shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'"
args:
executable: /bin/bash
register: calico_version_on_server
async: 10
poll: 3
run_once: yes
changed_when: false
failed_when: false
- name: "Determine if calico upgrade is needed"
block:
- name: "Check that calico version is enough for upgrade"
assert:
that:
- calico_version_on_server.stdout is version('v2.6.5', '>=')
msg: "Your version of calico is not fresh enough for upgrade"
when: calico_upgrade_enabled
- name: "Set upgrade flag when version needs to be updated"
set_fact:
calico_upgrade_needed: True
when:
- calico_version_on_server.stdout is version('v2.6.5', '>=')
- calico_version_on_server.stdout is version('v3.0.0', '<')
when:
- calico_version_on_server.stdout is defined
- calico_version_on_server.stdout
- inventory_hostname == groups['kube-master'][0]
run_once: yes

24
roles/network_plugin/calico/tasks/install.yml
View File

@@ -32,7 +32,7 @@
- name: Calico | Write Calico cni config
template:
src: "cni-calico.conflist.j2"
dest: "/etc/cni/net.d/{% if calico_version is version('v3.3.0', '>=') %}calico.conflist.template{% else %}10-calico.conflist{% endif %}"
dest: "/etc/cni/net.d/calico.conflist.template"
owner: kube
register: calico_conflist
notify: reset_calico_cni
@@ -135,26 +135,7 @@
loop_control:
label: "{{ item.item.file }}"
- name: Calico | Configure calico network pool (version < v3.3.0)
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: >
{ "kind": "IPPool",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "{{ calico_pool_name }}",
},
"spec": {
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
"ipipMode": "{{ calico_ipip_mode }}",
"vxlanMode": "{{ calico_vxlan_mode }}",
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }}
when:
- inventory_hostname == groups['kube-master'][0]
- 'calico_conf.stdout == "0"'
- calico_version is version("v3.3.0", "<")
- name: Calico | Configure calico network pool (version >= v3.3.0)
- name: Calico | Configure calico network pool
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: >
@@ -172,7 +153,6 @@
when:
- inventory_hostname == groups['kube-master'][0]
- 'calico_conf.stdout == "0"'
- calico_version is version("v3.3.0", ">=")
- name: "Determine nodeToNodeMesh needed state"
set_fact:

7
roles/network_plugin/calico/tasks/main.yml
View File

@@ -3,11 +3,4 @@
- import_tasks: pre.yml
- include_tasks: upgrade.yml
when:
- calico_upgrade_enabled
- calico_upgrade_needed
- inventory_hostname in groups['kube-master']
run_once: yes
- include_tasks: install.yml

26
roles/network_plugin/calico/tasks/upgrade.yml
View File

@@ -1,26 +0,0 @@
---
- name: "Download calico-upgrade tool (force version)"
get_url:
url: "{{ calico_upgrade_url }}"
dest: "{{ bin_dir }}/calico-upgrade"
mode: 0755
owner: root
group: root
force: yes
environment: "{{ proxy_env }}"
- name: "Create etcdv2 and etcdv3 calicoApiConfig"
template:
src: "{{ item }}-store.yml.j2"
dest: "/etc/calico/{{ item }}.yml"
with_items:
- "etcdv2"
- "etcdv3"
- name: "Tests data migration (dry-run)" # noqa 301 305
shell: "{{ bin_dir }}/calico-upgrade dry-run --output-dir=/tmp --apiconfigv1 /etc/calico/etcdv2.yml --apiconfigv3 /etc/calico/etcdv3.yml"
register: calico_upgrade_test_data
failed_when: '"Successfully" not in calico_upgrade_test_data.stdout'
- name: "If test migration is success continue with calico data real migration" # noqa 301 305
shell: "{{ bin_dir }}/calico-upgrade start --no-prompts --apiconfigv1 /etc/calico/etcdv2.yml --apiconfigv3 /etc/calico/etcdv3.yml --output-dir=/tmp/calico_upgrade"
register: calico_upgrade_migration_data

8
roles/network_plugin/calico/templates/calico-cr.yml.j2
View File

@@ -72,20 +72,14 @@ rules:
- globalbgpconfigs
- bgpconfigurations
- ippools
{% if calico_version is version('v3.6.0', '>=') %}
- ipamblocks
{% endif %}
- globalnetworkpolicies
- globalnetworksets
- networkpolicies
{% if calico_version is version('v3.7.0', '>=') %}
- networksets
{% endif %}
- clusterinformations
- hostendpoints
{% if calico_version is version('v3.9.0', '>=') %}
- blockaffinities
{% endif %}
verbs:
- get
- list
@@ -116,7 +110,6 @@ rules:
verbs:
- create
- update
{% if calico_version is version('v3.6.0', '>=') %}
# These permissions are required for Calico CNI to perform IPAM allocations.
- apiGroups: ["crd.projectcalico.org"]
resources:
@@ -148,4 +141,3 @@ rules:
verbs:
- get
{% endif %}
{% endif %}

49
roles/network_plugin/calico/templates/calico-node.yml.j2
View File

@@ -33,9 +33,8 @@ spec:
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
terminationGracePeriodSeconds: 0
{% if calico_version is version('v3.4.0', '>=') %}
initContainers:
{% if calico_datastore == "kdd" and calico_version is version('v3.6.0', '>=') %}
{% if calico_datastore == "kdd" %}
# This container performs upgrade from host-local IPAM to calico-ipam.
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
@@ -92,31 +91,7 @@ spec:
name: cni-bin-dir
securityContext:
privileged: true
{% endif %}
containers:
{% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
- name: install-cni
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
command: ["/opt/cni/bin/install"]
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: "10-calico.conflist"
# Install CNI binaries
- name: UPDATE_CNI_BINARIES
value: "true"
# The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG_FILE
value: "/host/etc/cni/net.d/calico.conflist.template"
# Prevents the container from sleeping forever.
- name: SLEEP
value: "false"
volumeMounts:
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{% endif %}
# Runs calico/node container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
@@ -209,10 +184,8 @@ spec:
- name: FELIX_KUBENODEPORTRANGES
value: "{{ kube_apiserver_node_port_range.split('-')[0] }}:{{ kube_apiserver_node_port_range.split('-')[1] }}"
{% endif %}
{% if calico_version is version('v3.8.1', '>=') %}
- name: FELIX_IPTABLESBACKEND
value: "{{ calico_iptables_backend }}"
{% endif %}
- name: FELIX_IPTABLESLOCKTIMEOUTSECS
value: "{{ calico_iptables_lock_timeout_secs }}"
# should be set in etcd before deployment
@@ -250,7 +223,7 @@ spec:
value: "{{ calico_felix_prometheusgometricsenabled }}"
- name: FELIX_PROMETHEUSPROCESSMETRICSENABLED
value: "{{ calico_felix_prometheusprocessmetricsenabled }}"
{% if calico_version is version('v3.4.0', '>=') and calico_advertise_cluster_ips|default(false) %}
{% if calico_advertise_cluster_ips|default(false) %}
- name: CALICO_ADVERTISE_CLUSTER_IPS
value: "{{ kube_service_addresses }}"
{% endif %}
@@ -265,7 +238,7 @@ spec:
fieldRef:
fieldPath: status.hostIP
{% endif %}
{% if calico_version is version('v3.9.0', '>=') and calico_use_default_route_src_ipaddr|default(false) %}
{% if calico_use_default_route_src_ipaddr|default(false) %}
- name: FELIX_DEVICEROUTESOURCEADDRESS
valueFrom:
fieldRef:
@@ -295,30 +268,17 @@ spec:
cpu: {{ calico_node_cpu_requests }}
memory: {{ calico_node_memory_requests }}
livenessProbe:
{% if calico_version is version('v3.8.0', '<') %}
httpGet:
host: 127.0.0.1
path: /liveness
port: 9099
{% else %}
exec:
command:
- /bin/calico-node
- -felix-live
{% if calico_network_backend|default("bird") == "bird" %}
- -bird-live
{% endif %}
{% endif %}
initialDelaySeconds: 5
failureThreshold: 6
readinessProbe:
failureThreshold: 6
{% if calico_version is version('v3.3.0', '<') %}
httpGet:
host: 127.0.0.1
path: /readiness
port: 9099
{% else %}
exec:
command:
- /bin/calico-node
@@ -326,7 +286,6 @@ spec:
- -bird-ready
{% endif %}
- -felix-ready
{% endif %}
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
@@ -382,7 +341,7 @@ spec:
hostPath:
path: /run/xtables.lock
type: FileOrCreate
{% if calico_datastore == "kdd" and calico_version is version('v3.6.0', '>=') %}
{% if calico_datastore == "kdd" %}
# Mount in the directory for host-local IPAM allocations. This is
# used when upgrading from host-local to calico-ipam, and can be removed
# if not using the upgrade-ipam init container.

16
roles/network_plugin/calico/templates/calico-typha.yml.j2
View File

@@ -115,33 +115,17 @@ spec:
# - name: USE_POD_CIDR
# value: "true"
livenessProbe:
{% if calico_version is version('v3.7.0', '<') %}
exec:
command:
- calico-typha
- check
- liveness
{% else %}
httpGet:
path: /liveness
port: 9098
host: localhost
{% endif %}
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
{% if calico_version is version('v3.7.0', '<') %}
exec:
command:
- calico-typha
- check
- readiness
{% else %}
httpGet:
path: /readiness
port: 9098
host: localhost
{% endif %}
periodSeconds: 10
{% if typha_secure %}
volumes:

2
roles/network_plugin/calico/templates/cni-calico.conflist.j2
View File

@@ -52,7 +52,7 @@
"mtu": {{ calico_mtu }},
{% endif %}
"kubernetes": {
"kubeconfig": "{% if calico_version is version('v3.3.0', '>=') %}__KUBECONFIG_FILEPATH__{% else %}{{ kube_config_dir }}/node-kubeconfig.yaml{% endif %}"
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
},
{

6
roles/network_plugin/calico/templates/kdd-crds.yml.j2
View File

@@ -514,7 +514,6 @@ spec:
storage: true
---
{% if calico_version is version('v3.6.0', '>=') %}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@@ -740,7 +739,6 @@ spec:
storage: true
---
{% endif %}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@@ -2693,7 +2691,6 @@ spec:
served: true
storage: true
{% if calico_version is version('v3.7.0', '>=') %}
---
apiVersion: apiextensions.k8s.io/v1
@@ -2739,8 +2736,6 @@ spec:
type: object
served: true
storage: true
{% endif %}
{% if calico_version is version('v3.14.0', '>=') %}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -2957,4 +2952,3 @@ spec:
type: object
served: true
storage: true
{% endif %}

2
roles/network_plugin/canal/tasks/main.yml
View File

@@ -2,7 +2,7 @@
- name: Canal | Write Canal cni config
template:
src: "cni-canal.conflist.j2"
dest: "/etc/cni/net.d/{% if calico_version is version('v3.3.0', '>=') %}canal.conflist.template{% else %}10-canal.conflist{% endif %}"
dest: "/etc/cni/net.d/canal.conflist.template"
owner: kube
register: canal_conflist
notify: reset_canal_cni

35
roles/network_plugin/canal/templates/canal-node.yaml.j2
View File

@@ -53,7 +53,6 @@ spec:
hostPath:
path: /run/xtables.lock
type: FileOrCreate
{% if calico_version is version('v3.4.0', '>=') %}
initContainers:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
@@ -78,28 +77,7 @@ spec:
name: cni-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{% endif %}
containers:
{% if calico_version is version('v3.3.0', '>=') and calico_version is version('v3.4.0', '<') %}
- name: install-cni
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
command: ["/opt/cni/bin/install"]
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: "10-canal.conflist"
# Install CNI binaries
- name: UPDATE_CNI_BINARIES
value: "true"
# The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG_FILE
value: "/host/etc/cni/net.d/canal.conflist.template"
volumeMounts:
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{% endif %}
# Runs the flannel daemon to enable vxlan networking between
# container hosts.
- name: flannel
@@ -215,12 +193,6 @@ spec:
fieldPath: spec.nodeName
- name: FELIX_HEALTHENABLED
value: "true"
# Prior to v3.2.1 iptables didn't acquire the lock, so Calico's own implementation of the lock should be used,
# this is not required in later versions https://github.com/projectcalico/calico/issues/2179
{% if calico_version is version('v3.2.1', '<') %}
- name: FELIX_IPTABLESLOCKTIMEOUTSECS
value: "10"
{% endif %}
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"
@@ -255,17 +227,10 @@ spec:
initialDelaySeconds: 5
failureThreshold: 6
readinessProbe:
{% if calico_version is version('v3.3.0', '<')%}
httpGet:
host: 127.0.0.1
path: /readiness
port: 9099
{% else %}
exec:
command:
- /bin/calico-node
- -felix-ready
{% endif %}
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules

2
roles/network_plugin/canal/templates/cni-canal.conflist.j2
View File

@@ -17,7 +17,7 @@
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "{% if calico_version is version('v3.3.0', '>=') %}__KUBECONFIG_FILEPATH__{% else %}{{ kube_config_dir }}/node-kubeconfig.yaml{% endif %}"
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
}
},