From 23ae6027ab3e7cd1a7c8f25b13178d94f208135f Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Mon, 15 Jul 2019 17:47:09 +0300
Subject: [PATCH] remove support for calico v2.x (#4974)

* Remove support for calico below version v3.0.0

Change-Id: If8fe3036b9e054901a8b2c48516eff1e1271970f

* Update main.yml

* fixup node peering

Change-Id: Ifac4d363deba826f0c80e390ce80a28df9827323

* fixups

Change-Id: Ic35417330af6741962003b3930604393c90804d1

* fixups

Change-Id: I0ea82d634bb0c81d9b7dc50569c70988bc8d3a3b
---
 .../preinstall/tasks/0020-verify-settings.yml |   8 ++
 roles/network_plugin/calico/rr/tasks/main.yml |  20 ---
 roles/network_plugin/calico/tasks/install.yml | 115 +-----------------
 roles/network_plugin/calico/tasks/pre.yml     |   7 --
 .../calico/templates/calico-node.yml.j2       |   2 -
 .../canal/templates/canal-node.yaml.j2        |   2 -
 6 files changed, 9 insertions(+), 145 deletions(-)

diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index d5b139e2b..8ebf6fc8b 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -137,6 +137,14 @@
     - cloud-provider
     - facts
 
+- name: Ensure minimum calico version
+  assert:
+    that: calico_version is version('v3.0.0', '>=')
+    msg: "calico_version is too low. Minimum version v3.0.0"
+  run_once: yes
+  when:
+    - kube_network_plugin == 'calico'
+
 - name: "Get current version of calico cluster version"
   shell: "{{ bin_dir }}/calicoctl.sh version  | grep 'Cluster Version:' | awk '{ print $3}'"
   register: calico_version_on_server
diff --git a/roles/network_plugin/calico/rr/tasks/main.yml b/roles/network_plugin/calico/rr/tasks/main.yml
index 2d9ba6ba0..2b023a2aa 100644
--- a/roles/network_plugin/calico/rr/tasks/main.yml
+++ b/roles/network_plugin/calico/rr/tasks/main.yml
@@ -72,26 +72,6 @@
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
   delegate_to: "{{ groups['etcd'][0] }}"
-  when:
-    - calico_version is version("v3.0.0", ">=")
-
-- name: Calico-rr | Configure route reflector (legacy)
-  command: |-
-    {{ bin_dir }}/etcdctl \
-    --peers={{ etcd_access_addresses }} \
-    set /calico/bgp/v1/rr_v4/{{ rr_ip }} \
-    '{
-       "ip": "{{ rr_ip }}",
-       "cluster_id": "{{ cluster_id }}"
-     }'
-  environment:
-    ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
-    ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  delegate_to: "{{ groups['etcd'][0] }}"
-  when:
-    - calico_version is version("v3.0.0", "<")
 
 - meta: flush_handlers
 
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 543fa5e37..7ee560095 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -102,7 +102,7 @@
   loop_control:
     label: "{{ item.item.file }}"
 
-- name: Calico | Configure calico network pool (v3.0.0 <= version < v3.3.0)
+- name: Calico | Configure calico network pool (version < v3.3.0)
   shell: >
     echo "
       { "kind": "IPPool",
@@ -117,7 +117,6 @@
   when:
     - inventory_hostname == groups['kube-master'][0]
     - 'calico_conf.stdout == "0"'
-    - calico_version is version("v3.0.0", ">=")
     - calico_version is version("v3.3.0", "<")
 
 - name: Calico | Configure calico network pool (version >= v3.3.0)
@@ -138,22 +137,6 @@
     - 'calico_conf.stdout == "0"'
     - calico_version is version("v3.3.0", ">=")
 
-- name: Calico | Configure calico network pool (legacy)
-  shell: >
-    echo '
-      { "kind": "ipPool",
-        "spec": {"disabled": false, "ipip": {"enabled": {{ ipip }}, "mode": "{{ ipip_mode|lower }}"},
-                 "nat-outgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}},
-        "apiVersion": "v1",
-        "metadata": {"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}"}
-      }' | {{ bin_dir }}/calicoctl.sh apply -f -
-  environment:
-    NO_DEFAULT_POOLS: true
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-    - 'calico_conf.stdout == "0"'
-    - calico_version is version("v3.0.0", "<")
-
 - name: "Determine nodeToNodeMesh needed state"
   set_fact:
     nodeToNodeMeshEnabled: "false"
@@ -177,20 +160,6 @@
   changed_when: false
   when:
     - inventory_hostname == groups['kube-master'][0]
-    - calico_version is version('v3.0.0', '>=')
-
-- name: Calico | Set global as_num (legacy)
-  command: "{{ bin_dir }}/calicoctl.sh config set asNumber {{ global_as_num }}"
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-    - calico_version is version('v3.0.0', '<')
-
-- name: Calico | Disable node mesh (legacy)
-  command: "{{ bin_dir }}/calicoctl.sh config set nodeToNodeMesh off"
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-    - calico_version is version('v3.0.0', '<')
-    - nodeToMeshEnabled|default(True)
 
 - name: Calico | Configure peering with router(s) at global scope
   shell: >
@@ -210,24 +179,6 @@
     - "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|list|default([]) }}"
   when:
     - inventory_hostname == groups['kube-master'][0]
-    - calico_version | version_compare('v3.0.0', '>=')
-    - peer_with_router|default(false)
-
-- name: Calico | Configure peering with router(s) at global scope (legacy)
-  shell: >
-   echo '{
-   "kind": "bgpPeer",
-   "spec": {"asNumber": "{{ item.as }}"},
-   "apiVersion": "v1",
-   "metadata": {"scope": "global", "peerIP": "{{ item.router_id }}"}
-   }'
-   | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  with_items: "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|default([]) }}"
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-    - calico_version is version('v3.0.0', '<')
     - peer_with_router|default(false)
 
 - name: Calico | Create calico manifests
@@ -298,30 +249,6 @@
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
   when:
-    - calico_version is version('v3.0.0', '>=')
-    - peer_with_router|default(false)
-    - inventory_hostname in groups['k8s-cluster']
-    - local_as is defined
-    - groups['calico-rr'] | default([]) | length == 0
-
-- name: Calico | Configure node asNumber for per node peering (legacy)
-  shell: >
-   echo '{
-   "apiVersion": "v1",
-   "kind": "node",
-   "metadata": {
-      "name": "{{ inventory_hostname }}"
-   },
-   "spec": {
-      "bgp": {
-        "asNumber": "{{ local_as }}"
-      },
-      "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}]
-   }}' | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - calico_version is version('v3.0.0', '<')
     - peer_with_router|default(false)
     - inventory_hostname in groups['k8s-cluster']
     - local_as is defined
@@ -345,28 +272,9 @@
   with_items:
     - "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
   when:
-    - calico_version is version('v3.0.0', '>=')
     - peer_with_router|default(false)
     - inventory_hostname in groups['k8s-cluster']
 
-- name: Calico | Configure peering with router(s) at node scope (legacy)
-  shell: >
-   echo '{
-   "kind": "bgpPeer",
-   "spec": {"asNumber": "{{ item.as }}"},
-   "apiVersion": "v1",
-   "metadata": {"node": "{{ inventory_hostname }}", "scope": "node", "peerIP": "{{ item.router_id }}"}
-   }'
-   | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  with_items: "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
-  when:
-    - calico_version | version_compare('v3.0.0', '<')
-    - peer_with_router|default(false)
-    - inventory_hostname in groups['k8s-cluster']
-
-
 - name: Calico | Configure peering with route reflectors
   shell: >
    echo '{
@@ -385,27 +293,6 @@
   with_items:
     - "{{ groups['calico-rr'] | default([]) }}"
   when:
-    - calico_version is version('v3.0.0', '>=')
     - peer_with_calico_rr|default(false)
     - inventory_hostname in groups['k8s-cluster']
     - hostvars[item]['cluster_id'] == cluster_id
-
-- name: Calico | Configure peering with route reflectors (legacy)
-  shell: >
-   echo '{
-   "kind": "bgpPeer",
-   "spec": {"asNumber": "{{ local_as | default(global_as_num) }}"},
-   "apiVersion": "v1",
-   "metadata": {"node": "{{ inventory_hostname }}",
-     "scope": "node",
-     "peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"}
-   }'
-   | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  with_items: "{{ groups['calico-rr'] | default([]) }}"
-  when:
-    - calico_version is version('v3.0.0', '<')
-    - not calico_upgrade_enabled
-    - peer_with_calico_rr|default(false)
-    - hostvars[item]['cluster_id'] == cluster_id
diff --git a/roles/network_plugin/calico/tasks/pre.yml b/roles/network_plugin/calico/tasks/pre.yml
index b843a92ad..e798142f3 100644
--- a/roles/network_plugin/calico/tasks/pre.yml
+++ b/roles/network_plugin/calico/tasks/pre.yml
@@ -1,11 +1,4 @@
 ---
-- name: Calico | Disable calico-node service if it exists
-  service:
-    name: calico-node
-    state: stopped
-    enabled: no
-  failed_when: false
-
 - name: Calico | Get kubelet hostname
   shell: >-
     {{ bin_dir }}/kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address'
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index f201bfec0..75c5bbe73 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -25,9 +25,7 @@ spec:
         prometheus.io/port: "{{ calico_felix_prometheusmetricsport }}"
 {% endif %}
     spec:
-{% if kube_version is version('v1.11.1', '>=') %}
       priorityClassName: system-node-critical
-{% endif %}
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: calico-node
diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2
index e6bb4d364..354cd0b94 100644
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@@ -15,9 +15,7 @@ spec:
       labels:
         k8s-app: canal-node
     spec:
-{% if kube_version is version('v1.11.1', '>=') %}
       priorityClassName: system-node-critical
-{% endif %}
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: canal