update calico to 2.6.2 (#1874)

Move RS to deployment so no need to take care of the revision history
limits :
  - Delete the old RS
  - Make Calico manifest a deployment
  - move deployments to apps/v1beta2 API since Kubernetes 1.8

roles/download/defaults/main.yml

@@ -29,10 +29,10 @@ kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.2.4
 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download
-calico_version: "v2.5.0"
-calico_ctl_version: "v1.5.0"
-calico_cni_version: "v1.10.0"
-calico_policy_version: "v0.7.0"
+calico_version: "v2.6.2"
+calico_ctl_version: "v1.6.1"
+calico_cni_version: "v1.11.0"
+calico_policy_version: "v1.0.0"
 calico_rr_version: "v0.4.0"
 flannel_version: "v0.9.0"
 flannel_cni_version: "v0.3.0"
@@ -70,7 +70,7 @@ calico_node_image_repo: "quay.io/calico/node"
 calico_node_image_tag: "{{ calico_version }}"
 calico_cni_image_repo: "quay.io/calico/cni"
 calico_cni_image_tag: "{{ calico_cni_version }}"
-calico_policy_image_repo: "quay.io/calico/kube-policy-controller"
+calico_policy_image_repo: "quay.io/calico/kube-controllers"
 calico_policy_image_tag: "{{ calico_policy_version }}"
 calico_rr_image_repo: "quay.io/calico/routereflector"
 calico_rr_image_tag: "{{ calico_rr_version }}"

roles/kubernetes-apps/policy_controller/calico/tasks/main.yml

@@ -7,15 +7,7 @@
     - facts
     - canal
 
-- name: Get calico-policy-controller version if running
-  shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2"
-  register: existing_calico_policy_version
-  run_once: true
-  changed_when: false
-  failed_when: false
-
-# FIXME(mattymo): This should not be necessary
-- name: Delete calico-policy-controller if an old one is installed
+- name: Delete the old calico-policy-controller if it exist
   kube:
     name: calico-policy-controller
     kubectl: "{{bin_dir}}/kubectl"
@@ -23,24 +15,21 @@
     namespace: "{{ system_namespace }}"
     state: absent
   run_once: true
-  when:
-    - not "NotFound" in existing_calico_policy_version.stderr
-    - existing_calico_policy_version.stdout | version_compare('v0.7.0', '<')
 
-- name: Create calico-policy-controller manifests
+- name: Create calico-kube-controllers manifests
   template:
     src: "{{item.file}}.j2"
     dest: "{{kube_config_dir}}/{{item.file}}"
   with_items:
-    - {name: calico-policy-controller, file: calico-policy-controller.yml, type: rs}
-    - {name: calico-policy-controller, file: calico-policy-sa.yml, type: sa}
-    - {name: calico-policy-controller, file: calico-policy-cr.yml, type: clusterrole}
-    - {name: calico-policy-controller, file: calico-policy-crb.yml, type: clusterrolebinding}
-  register: calico_policy_manifests
+    - {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
+    - {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
+    - {name: calico-kube-controllers, file: calico-kube-cr.yml, type: clusterrole}
+    - {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding}
+  register: calico_kube_manifests
   when:
     - rbac_enabled or item.type not in rbac_resources
 
-- name: Start of Calico policy controller
+- name: Start of Calico kube controllers
   kube:
     name: "{{item.item.name}}"
     namespace: "{{ system_namespace }}"
@@ -48,5 +37,5 @@
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
     state: "latest"
-  with_items: "{{ calico_policy_manifests.results }}"
+  with_items: "{{ calico_kube_manifests.results }}"
   when: inventory_hostname == groups['kube-master'][0] and not item|skipped

roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2

@@ -1,34 +1,34 @@
-apiVersion: extensions/v1beta1
-kind: ReplicaSet
+apiVersion: apps/v1beta2
+kind: Deployment
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
   namespace: {{ system_namespace }}
   labels:
-    k8s-app: calico-policy
+    k8s-app: calico-kube-controllers
     kubernetes.io/cluster-service: "true"
 spec:
   replicas: 1
   selector:
     matchLabels:
       kubernetes.io/cluster-service: "true"
-      k8s-app: calico-policy
+      k8s-app: calico-kube-controllers
   template:
     metadata:
-      name: calico-policy-controller
+      name: calico-kube-controllers
       namespace: {{ system_namespace }}
       labels:
         kubernetes.io/cluster-service: "true"
-        k8s-app: calico-policy
+        k8s-app: calico-kube-controllers
     spec:
       hostNetwork: true
 {% if rbac_enabled %}
-      serviceAccountName: calico-policy-controller
+      serviceAccountName: calico-kube-controllers
 {% endif %}
       tolerations:
         - effect: NoSchedule
           operator: Exists
       containers:
-        - name: calico-policy-controller
+        - name: calico-kube-controllers
           image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
           imagePullPolicy: {{ k8s_image_pull_policy }}
           resources:

roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2

@@ -2,7 +2,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
   namespace: {{ system_namespace }}
 rules:
   - apiGroups:

roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2

@@ -2,12 +2,12 @@
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: calico-policy-controller
+  name: calico-kube-controllers
 subjects:
 - kind: ServiceAccount
-  name: calico-policy-controller
+  name: calico-kube-controllers
   namespace: {{ system_namespace }}

roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
   namespace: {{ system_namespace }}
   labels:
     kubernetes.io/cluster-service: "true"