Calico upgrade path validation and old version cleanup (#6733)

* calico: add constant calico_min_version_required and verify current deployed version against it. * calico: remove upgrade support with data migration The tool was used pre v3.0.0 and is no longer needed. * calico: remove old version support from tasks * calico: remove old ver support from policy ctrl * calico: remove old ver support from node * canal: remove old ver support * remove unused calicoctl download checksums calico_min_version_required is the oldest version that can be installed Older versions can be removed.
2026-05-08 09:57:38 -02:30 · 2020-09-24 18:04:06 +02:00
parent 50e8a52c74
commit 28073c76ac
19 changed files with 21 additions and 253 deletions
--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -36,36 +36,3 @@
    msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
  when:
    - "calico_vxlan_mode in ['Always', 'CrossSubnet']"
-
- name: "Get current version of calico cluster version"
-  shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version  | grep 'Cluster Version:' | awk '{ print $3}'"
-  args:
-    executable: /bin/bash
-  register: calico_version_on_server
-  async: 10
-  poll: 3
-  run_once: yes
-  changed_when: false
-  failed_when: false
-
- name: "Determine if calico upgrade is needed"
-  block:
-    - name: "Check that calico version is enough for upgrade"
-      assert:
-        that:
-          - calico_version_on_server.stdout is version('v2.6.5', '>=')
-        msg: "Your version of calico is not fresh enough for upgrade"
-      when: calico_upgrade_enabled
-
-    - name: "Set upgrade flag when version needs to be updated"
-      set_fact:
-        calico_upgrade_needed: True
-      when:
-        - calico_version_on_server.stdout is version('v2.6.5', '>=')
-        - calico_version_on_server.stdout is version('v3.0.0', '<')
-
-  when:
-    - calico_version_on_server.stdout is defined
-    - calico_version_on_server.stdout
-    - inventory_hostname == groups['kube-master'][0]
-  run_once: yes
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -32,7 +32,7 @@
 - name: Calico | Write Calico cni config
  template:
    src: "cni-calico.conflist.j2"
-    dest: "/etc/cni/net.d/{% if calico_version is version('v3.3.0', '>=') %}calico.conflist.template{% else %}10-calico.conflist{% endif %}"
+    dest: "/etc/cni/net.d/calico.conflist.template"
    owner: kube
  register: calico_conflist
  notify: reset_calico_cni
@@ -135,26 +135,7 @@
  loop_control:
    label: "{{ item.item.file }}"

- name: Calico | Configure calico network pool (version < v3.3.0)
-  command:
-    cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
-    stdin: >
-      { "kind": "IPPool",
-        "apiVersion": "projectcalico.org/v3",
-        "metadata": {
-          "name": "{{ calico_pool_name }}",
-        },
-        "spec": {
-          "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
-          "ipipMode": "{{ calico_ipip_mode }}",
-          "vxlanMode": "{{ calico_vxlan_mode }}",
-          "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }}
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-    - 'calico_conf.stdout == "0"'
-    - calico_version is version("v3.3.0", "<")
-
- name: Calico | Configure calico network pool (version >= v3.3.0)
+- name: Calico | Configure calico network pool
  command:
    cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
    stdin: >
@@ -172,7 +153,6 @@
  when:
    - inventory_hostname == groups['kube-master'][0]
    - 'calico_conf.stdout == "0"'
-    - calico_version is version("v3.3.0", ">=")

 - name: "Determine nodeToNodeMesh needed state"
  set_fact:
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -3,11 +3,4 @@

 - import_tasks: pre.yml

- include_tasks: upgrade.yml
-  when:
-    - calico_upgrade_enabled
-    - calico_upgrade_needed
-    - inventory_hostname in groups['kube-master']
-  run_once: yes
-
 - include_tasks: install.yml
--- a/roles/network_plugin/calico/tasks/upgrade.yml
+++ b/roles/network_plugin/calico/tasks/upgrade.yml
@@ -1,26 +0,0 @@
---
- name: "Download calico-upgrade tool (force version)"
-  get_url:
-    url: "{{ calico_upgrade_url }}"
-    dest: "{{ bin_dir }}/calico-upgrade"
-    mode: 0755
-    owner: root
-    group: root
-    force: yes
-  environment: "{{ proxy_env }}"
- name: "Create etcdv2 and etcdv3 calicoApiConfig"
-  template:
-    src: "{{ item }}-store.yml.j2"
-    dest: "/etc/calico/{{ item }}.yml"
-  with_items:
-    - "etcdv2"
-    - "etcdv3"
-
- name: "Tests data migration (dry-run)"  # noqa 301 305
-  shell: "{{ bin_dir }}/calico-upgrade dry-run --output-dir=/tmp --apiconfigv1 /etc/calico/etcdv2.yml --apiconfigv3 /etc/calico/etcdv3.yml"
-  register: calico_upgrade_test_data
-  failed_when: '"Successfully" not in calico_upgrade_test_data.stdout'
-
- name: "If test migration is success continue with calico data real migration"  # noqa 301 305
-  shell: "{{ bin_dir }}/calico-upgrade start --no-prompts --apiconfigv1 /etc/calico/etcdv2.yml --apiconfigv3 /etc/calico/etcdv3.yml --output-dir=/tmp/calico_upgrade"
-  register: calico_upgrade_migration_data