update calico to 2.6.2 (#1874)

Move RS to deployment so no need to take care of the revision history limits : - Delete the old RS - Make Calico manifest a deployment - move deployments to apps/v1beta2 API since Kubernetes 1.8
2017-11-28 13:01:30 +01:00 · 2017-11-28 13:01:30 +01:00 · 9368dbe0e7
commit 9368dbe0e7
parent 8aafe64397
6 changed files with 28 additions and 39 deletions
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -29,10 +29,10 @@ kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.2.4
 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download
-calico_version: "v2.5.0"
-calico_ctl_version: "v1.5.0"
-calico_cni_version: "v1.10.0"
-calico_policy_version: "v0.7.0"
+calico_version: "v2.6.2"
+calico_ctl_version: "v1.6.1"
+calico_cni_version: "v1.11.0"
+calico_policy_version: "v1.0.0"
 calico_rr_version: "v0.4.0"
 flannel_version: "v0.9.0"
 flannel_cni_version: "v0.3.0"
@ -70,7 +70,7 @@ calico_node_image_repo: "quay.io/calico/node"
 calico_node_image_tag: "{{ calico_version }}"
 calico_cni_image_repo: "quay.io/calico/cni"
 calico_cni_image_tag: "{{ calico_cni_version }}"
-calico_policy_image_repo: "quay.io/calico/kube-policy-controller"
+calico_policy_image_repo: "quay.io/calico/kube-controllers"
 calico_policy_image_tag: "{{ calico_policy_version }}"
 calico_rr_image_repo: "quay.io/calico/routereflector"
 calico_rr_image_tag: "{{ calico_rr_version }}"
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@ -7,15 +7,7 @@
    - facts
    - canal

- name: Get calico-policy-controller version if running
-  shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2"
-  register: existing_calico_policy_version
-  run_once: true
-  changed_when: false
-  failed_when: false
-
-# FIXME(mattymo): This should not be necessary
- name: Delete calico-policy-controller if an old one is installed
+- name: Delete the old calico-policy-controller if it exist
  kube:
    name: calico-policy-controller
    kubectl: "{{bin_dir}}/kubectl"
@ -23,24 +15,21 @@
    namespace: "{{ system_namespace }}"
    state: absent
  run_once: true
-  when:
-    - not "NotFound" in existing_calico_policy_version.stderr
-    - existing_calico_policy_version.stdout | version_compare('v0.7.0', '<')

- name: Create calico-policy-controller manifests
+- name: Create calico-kube-controllers manifests
  template:
    src: "{{item.file}}.j2"
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items:
-    - {name: calico-policy-controller, file: calico-policy-controller.yml, type: rs}
-    - {name: calico-policy-controller, file: calico-policy-sa.yml, type: sa}
-    - {name: calico-policy-controller, file: calico-policy-cr.yml, type: clusterrole}
-    - {name: calico-policy-controller, file: calico-policy-crb.yml, type: clusterrolebinding}
-  register: calico_policy_manifests
+    - {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
+    - {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
+    - {name: calico-kube-controllers, file: calico-kube-cr.yml, type: clusterrole}
+    - {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding}
+  register: calico_kube_manifests
  when:
    - rbac_enabled or item.type not in rbac_resources

- name: Start of Calico policy controller
+- name: Start of Calico kube controllers
  kube:
    name: "{{item.item.name}}"
    namespace: "{{ system_namespace }}"
@ -48,5 +37,5 @@
    resource: "{{item.item.type}}"
    filename: "{{kube_config_dir}}/{{item.item.file}}"
    state: "latest"
-  with_items: "{{ calico_policy_manifests.results }}"
+  with_items: "{{ calico_kube_manifests.results }}"
  when: inventory_hostname == groups['kube-master'][0] and not item|skipped
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2
@ -1,34 +1,34 @@
-apiVersion: extensions/v1beta1
-kind: ReplicaSet
+apiVersion: apps/v1beta2
+kind: Deployment
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
  namespace: {{ system_namespace }}
  labels:
-    k8s-app: calico-policy
+    k8s-app: calico-kube-controllers
    kubernetes.io/cluster-service: "true"
 spec:
  replicas: 1
  selector:
    matchLabels:
      kubernetes.io/cluster-service: "true"
-      k8s-app: calico-policy
+      k8s-app: calico-kube-controllers
  template:
    metadata:
-      name: calico-policy-controller
+      name: calico-kube-controllers
      namespace: {{ system_namespace }}
      labels:
        kubernetes.io/cluster-service: "true"
-        k8s-app: calico-policy
+        k8s-app: calico-kube-controllers
    spec:
      hostNetwork: true
 {% if rbac_enabled %}
-      serviceAccountName: calico-policy-controller
+      serviceAccountName: calico-kube-controllers
 {% endif %}
      tolerations:
        - effect: NoSchedule
          operator: Exists
      containers:
-        - name: calico-policy-controller
+        - name: calico-kube-controllers
          image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
          imagePullPolicy: {{ k8s_image_pull_policy }}
          resources:
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-cr.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-cr.yml.j2
@ -2,7 +2,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
  namespace: {{ system_namespace }}
 rules:
  - apiGroups:
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-crb.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-crb.yml.j2
@ -2,12 +2,12 @@
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: calico-policy-controller
+  name: calico-kube-controllers
 subjects:
 - kind: ServiceAccount
-  name: calico-policy-controller
+  name: calico-kube-controllers
  namespace: {{ system_namespace }}
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-sa.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-sa.yml.j2
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: calico-policy-controller
+  name: calico-kube-controllers
  namespace: {{ system_namespace }}
  labels:
    kubernetes.io/cluster-service: "true"