Update Calico and Canal

- Updating to use calico-node v2.6.7 - A few updates to their manifests too
2018-02-05 13:34:59 -06:00 · 2018-02-05 13:34:59 -06:00 · 60bfc56e8e
parent 4175431dcd
commit 60bfc56e8e
3 changed files with 31 additions and 4 deletions
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -29,9 +29,9 @@ kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.2.4
 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download
-calico_version: "v2.6.2"
+calico_version: "v2.6.7"
 calico_ctl_version: "v1.6.1"
-calico_cni_version: "v1.11.0"
+calico_cni_version: "v1.11.2"
 calico_policy_version: "v1.0.0"
 calico_rr_version: "v0.4.0"
 flannel_version: "v0.10.0"
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@ -28,6 +28,9 @@ spec:
      tolerations:
        - effect: NoSchedule
          operator: Exists
+      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
+      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
+      terminationGracePeriodSeconds: 0
      containers:
        # Runs calico/node container on each Kubernetes node.  This
        # container programs network policy and routes on each
@ -53,6 +56,11 @@ spec:
                configMapKeyRef:
                  name: calico-config
                  key: cluster_type
+            # Set noderef for node controller.
+            - name: CALICO_K8S_NODE_REF
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
            # Disable file logging so `kubectl logs` works.
            - name: CALICO_DISABLE_FILE_LOGGING
              value: "true"
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@ -148,14 +148,21 @@ spec:
                  name: canal-config
                  key: etcd_endpoints
            # Disable Calico BGP.  Calico is simply enforcing policy.
-            - name: CALICO_NETWORKING
-              value: "false"
+            - name: CALICO_NETWORKING_BACKEND
+              value: "none"
            # Cluster type to identify the deployment type
            - name: CLUSTER_TYPE
              value: "kubespray,canal"
            # Disable file logging so `kubectl logs` works.
            - name: CALICO_DISABLE_FILE_LOGGING
              value: "true"
+            # Set noderef for node controller.
+            - name: CALICO_K8S_NODE_REF
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: FELIX_HEALTHENABLED
+              value: "true"
            # Etcd SSL vars
            - name: ETCD_CA_CERT_FILE
              valueFrom:
@ -178,6 +185,18 @@ spec:
                  fieldPath: spec.nodeName
          securityContext:
            privileged: true
+          livenessProbe:
+            httpGet:
+              path: /liveness
+              port: 9099
+            periodSeconds: 10
+            initialDelaySeconds: 10
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              path: /readiness
+              port: 9099
+            periodSeconds: 10
          volumeMounts:
            - mountPath: /lib/modules
              name: lib-modules