diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d65be3b7c..2ff17249c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -54,6 +54,7 @@ before_script: LOG_LEVEL: "-vv" ETCD_DEPLOYMENT: "docker" KUBELET_DEPLOYMENT: "docker" + WEAVE_CPU_LIMIT: "100m" MAGIC: "ci check this" .gce: &gce @@ -115,6 +116,8 @@ before_script: -e kubelet_deployment_type=${KUBELET_DEPLOYMENT} -e local_release_dir=${PWD}/downloads -e resolvconf_mode=${RESOLVCONF_MODE} + -e weave_cpu_requests=${WEAVE_CPU_LIMIT} + -e weave_cpu_limit=${WEAVE_CPU_LIMIT} cluster.yml diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index b249f3aa9..7e06ac574 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -23,16 +23,14 @@ etcd_version: v3.0.6 # after migration to container download calico_version: "v1.0.0" calico_cni_version: "v1.5.5" -weave_version: v1.6.1 +weave_version: 1.8.2 flannel_version: v0.6.2 pod_infra_version: 3.0 # Download URL's etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd" -weave_download_url: "https://storage.googleapis.com/kargo/{{weave_version}}_weave" # Checksums -weave_checksum: "9bf9d6e5a839e7bcbb28cc00c7acae9d09284faa3e7a3720ca9c2b9e93c68580" etcd_checksum: "385afd518f93e3005510b7aaa04d38ee4a39f06f5152cd33bb86d4f0c94c7485" # Containers @@ -66,6 +64,10 @@ netcheck_kubectl_tag: v0.18.0-120-gaeb4ac55ad12b1-dirty netcheck_agent_img_repo: "quay.io/l23network/mcp-netchecker-agent" netcheck_server_img_repo: "quay.io/l23network/mcp-netchecker-server" netcheck_kubectl_img_repo: "gcr.io/google_containers/kubectl" +weave_kube_image_repo: "weaveworks/weave-kube" +weave_kube_image_tag: "{{ weave_version }}" +weave_npc_image_repo: "weaveworks/weave-npc" +weave_npc_image_tag: "{{ weave_version }}" nginx_image_repo: nginx nginx_image_tag: 1.11.4-alpine @@ -100,15 +102,6 @@ downloads: tag: "{{ netcheck_kubectl_tag }}" sha256: "{{ netcheck_kubectl_digest_checksum|default(None) }}" enabled: "{{ deploy_netchecker|bool }}" - weave: - dest: weave/bin/weave - version: "{{weave_version}}" - source_url: "{{weave_download_url}}" - url: "{{weave_download_url}}" - sha256: "{{ weave_checksum }}" - owner: "root" - mode: "0755" - enabled: "{{ kube_network_plugin == 'weave' }}" etcd: version: "{{etcd_version}}" dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz" @@ -163,6 +156,18 @@ downloads: tag: "{{ calico_rr_image_tag }}" sha256: "{{ calico_rr_digest_checksum|default(None) }}" enabled: "{{ peer_with_calico_rr is defined and peer_with_calico_rr}} and kube_network_plugin == 'calico'" + weave_kube: + container: true + repo: "{{ weave_kube_image_repo }}" + tag: "{{ weave_kube_image_tag }}" + sha256: "{{ weave_kube_digest_checksum|default(None) }}" + enabled: "{{ kube_network_plugin == 'weave' }}" + weave_npc: + container: true + repo: "{{ weave_npc_image_repo }}" + tag: "{{ weave_npc_image_tag }}" + sha256: "{{ weave_npc_digest_checksum|default(None) }}" + enabled: "{{ kube_network_plugin == 'weave' }}" pod_infra: container: true repo: "{{ pod_infra_image_repo }}" diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml index 1024e63a8..43382f2ae 100644 --- a/roles/kubernetes-apps/network_plugin/meta/main.yml +++ b/roles/kubernetes-apps/network_plugin/meta/main.yml @@ -3,3 +3,6 @@ dependencies: - role: kubernetes-apps/network_plugin/canal when: kube_network_plugin == 'canal' tags: canal + - role: kubernetes-apps/network_plugin/weave + when: kube_network_plugin == 'weave' + tags: weave diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml new file mode 100644 index 000000000..b2ee3a6c3 --- /dev/null +++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml @@ -0,0 +1,24 @@ +- name: Weave | Start Resources + run_once: true + kube: + name: "weave-kube" + kubectl: "{{ bin_dir }}/kubectl" + filename: "{{ kube_config_dir }}/weave-kube.yml" + resource: "ds" + namespace: "{{system_namespace}}" + state: "{{ item | ternary('latest','present') }}" + with_items: "{{ weave_manifest.changed }}" + + +- name: "Weave | wait for weave to become available" + uri: + url: http://127.0.0.1:6784/status + return_content: yes + register: weave_status + retries: 10 + delay: "{{ retry_stagger | random + 3 }}" + until: weave_status.status == 200 + +- name: "Weave | check if weave is ready" + fail: + when: "'Status: ready' not in weave_status.content" diff --git a/roles/network_plugin/weave/defaults/main.yml b/roles/network_plugin/weave/defaults/main.yml index 4aabcac6f..91933ecf4 100644 --- a/roles/network_plugin/weave/defaults/main.yml +++ b/roles/network_plugin/weave/defaults/main.yml @@ -2,3 +2,5 @@ # Limits weave_memory_limit: 500M weave_cpu_limit: 300m +weave_memory_requests: 300M +weave_cpu_requests: 200m diff --git a/roles/network_plugin/weave/handlers/main.yml b/roles/network_plugin/weave/handlers/main.yml deleted file mode 100644 index b9c3e31d8..000000000 --- a/roles/network_plugin/weave/handlers/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: restart weave - command: /bin/true - notify: - - Weave | reload systemd - - reload weave - -- name : Weave | reload systemd - shell: systemctl daemon-reload - -- name: restart weaveproxy - command: /bin/true - notify: - - Weave | reload systemd - - reload weaveproxy - -- name: restart weaveexpose - command: /bin/true - notify: - - Weave | reload systemd - - reload weaveexpose - -- name: reload weave - service: - name: weave - state: restarted - -- name: reload weaveproxy - service: - name: weaveproxy - state: restarted - -- name: reload weaveexpose - service: - name: weaveexpose - state: restarted diff --git a/roles/network_plugin/weave/meta/main.yml b/roles/network_plugin/weave/meta/main.yml index a4e7c6fb7..37bcd9404 100644 --- a/roles/network_plugin/weave/meta/main.yml +++ b/roles/network_plugin/weave/meta/main.yml @@ -1,5 +1,8 @@ --- dependencies: - role: download - file: "{{ downloads.weave }}" + file: "{{ downloads.weave_kube }}" + tags: download + - role: download + file: "{{ downloads.weave_npc }}" tags: download diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml index ea226572b..fb9dae80f 100644 --- a/roles/network_plugin/weave/tasks/main.yml +++ b/roles/network_plugin/weave/tasks/main.yml @@ -8,46 +8,8 @@ changed_when: false tags: [hyperkube, upgrade] -- name: Weave | Install weave - command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave" - changed_when: false - -- name: Weave | pull weave images - shell: "{{ bin_dir }}/weave setup" - changed_when: false - -- name: Weave | set perms - file: path="{{ bin_dir }}/weave" mode=0755 state=file - -- name: Weave | Set options +- name: Weave | Create weave-kube manifest template: - src: weave.j2 - dest: "/etc/weave.env" - owner: root - group: root - mode: 0644 - notify: - - restart weave - -- name: Weave | Write weave systemd init file - template: src=weave.service.j2 dest=/etc/systemd/system/weave.service - notify: restart weave - -- name: Weave | Write weaveproxy systemd init file - template: src=weaveproxy.service.j2 dest=/etc/systemd/system/weaveproxy.service - notify: restart weaveproxy - -- name: Weave | Write weaveexpose systemd init file - template: src=weaveexpose.service.j2 dest=/etc/systemd/system/weaveexpose.service - notify: restart weaveexpose - -- meta: flush_handlers - -- name: Weave | Enable weave - service: name=weave enabled=yes state=started - -- name: Weave | Enable weaveproxy - service: name=weaveproxy enabled=yes state=started - -- name: Weave | Enable weaveexpose - service: name=weaveexpose enabled=yes state=started + src: weave-kube.yml.j2 + dest: "{{ kube_config_dir }}/weave-kube.yml" + register: weave_manifest diff --git a/roles/network_plugin/weave/templates/weave-kube.yml.j2 b/roles/network_plugin/weave/templates/weave-kube.yml.j2 new file mode 100644 index 000000000..38f23c359 --- /dev/null +++ b/roles/network_plugin/weave/templates/weave-kube.yml.j2 @@ -0,0 +1,104 @@ +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: weave-net + namespace: {{ system_namespace }} + labels: + version: {{ weave_version }} +spec: + template: + metadata: + labels: + name: weave-net + annotations: + scheduler.alpha.kubernetes.io/tolerations: | + [ + { + "key": "dedicated", + "operator": "Equal", + "value": "master", + "effect": "NoSchedule" + } + ] + spec: + hostNetwork: true + hostPID: true + containers: + - name: weave + image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} + imagePullPolicy: Always + command: + - /home/weave/launch.sh + env: + - name: IPALLOC_RANGE + value: {{ kube_pods_subnet }} +{% if weave_checkpoint_disable is defined %} + - name: CHECKPOINT_DISABLE + value: {{ weave_checkpoint_disable }} +{% endif %} +{% if weave_expect_npc is defined %} + - name: EXPECT_NPC + value: {{ weave_expect_npc }} +{% endif %} +{% if weave_kube_peers is defined %} + - name: KUBE_PEERS + value: {{ weave_kube_peers }} +{% endif %} +{% if weave_ipalloc_init is defined %} + - name: IPALLOC_INIT + value: {{ weave_ipalloc_init }} +{% endif %} +{% if weave_expose_ip is defined %} + - name: WEAVE_EXPOSE_IP + value: {{ weave_expose_ip }} +{% endif %} + livenessProbe: + initialDelaySeconds: 30 + httpGet: + host: 127.0.0.1 + path: /status + port: 6784 + securityContext: + privileged: true + volumeMounts: + - name: weavedb + mountPath: /weavedb + - name: cni-bin + mountPath: /opt + - name: cni-bin2 + mountPath: /host_home + - name: cni-conf + mountPath: /etc + resources: + requests: + cpu: {{ weave_cpu_requests }} + memory: {{ weave_memory_requests }} + limits: + cpu: {{ weave_cpu_limit }} + memory: {{ weave_memory_limit }} + - name: weave-npc + image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }} + imagePullPolicy: Always + resources: + requests: + cpu: {{ weave_cpu_requests }} + memory: {{ weave_memory_requests }} + limits: + cpu: {{ weave_cpu_limit }} + memory: {{ weave_memory_limit }} + securityContext: + privileged: true + restartPolicy: Always + volumes: + - name: weavedb + emptyDir: {} + - name: cni-bin + hostPath: + path: /opt + - name: cni-bin2 + hostPath: + path: /home + - name: cni-conf + hostPath: + path: /etc diff --git a/roles/network_plugin/weave/templates/weave.j2 b/roles/network_plugin/weave/templates/weave.j2 deleted file mode 100644 index f1e92c25c..000000000 --- a/roles/network_plugin/weave/templates/weave.j2 +++ /dev/null @@ -1,7 +0,0 @@ -WEAVE_DOCKER_ARGS="--memory={{ weave_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ weave_cpu_limit|regex_replace('m', '') }}" -WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}{% if not loop.last %} {% endif %}{% endfor %}" -WEAVEPROXY_ARGS="--rewrite-inspect --without-dns" -WEAVE_SUBNET="--ipalloc-range {{ kube_pods_subnet }}" -{% if weave_password is defined %} -WEAVE_PASSWORD="{{ weave_password }}" -{% endif %} diff --git a/roles/network_plugin/weave/templates/weave.service.j2 b/roles/network_plugin/weave/templates/weave.service.j2 deleted file mode 100644 index 6c2aad249..000000000 --- a/roles/network_plugin/weave/templates/weave.service.j2 +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Weave Network -Documentation=http://docs.weave.works/weave/latest_release/ -Wants=docker.socket -After=docker.service docker.socket - -[Service] -EnvironmentFile=-/etc/weave.env -ExecStartPre=-{{ docker_bin_dir }}/docker rm -f weave -ExecStartPre={{ bin_dir }}/weave launch-router \ - $WEAVE_SUBNET \ - $WEAVE_PEERS -ExecStart={{ docker_bin_dir }}/docker attach weave -ExecStop={{ bin_dir }}/weave stop -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/roles/network_plugin/weave/templates/weaveexpose.service.j2 b/roles/network_plugin/weave/templates/weaveexpose.service.j2 deleted file mode 100644 index f9931696e..000000000 --- a/roles/network_plugin/weave/templates/weaveexpose.service.j2 +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Documentation=http://docs.weave.works/ -Wants=docker.socket weave.service -After=docker.service docker.socket weave.service - -[Service] -Type=oneshot -RemainAfterExit=yes -TimeoutStartSec=0 -EnvironmentFile=-/etc/weave.%H.env -EnvironmentFile=-/etc/weave.env -ExecStart={{ bin_dir }}/weave expose -ExecStop={{ bin_dir }}/weave hide - -[Install] -WantedBy=weave-network.target diff --git a/roles/network_plugin/weave/templates/weaveproxy.service.j2 b/roles/network_plugin/weave/templates/weaveproxy.service.j2 deleted file mode 100644 index 5b3f4f86d..000000000 --- a/roles/network_plugin/weave/templates/weaveproxy.service.j2 +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Weave proxy for Docker API -Documentation=http://docs.weave.works/ -Wants=docker.socket -After=docker.service docker.socket - -[Service] -EnvironmentFile=-/etc/weave.%H.env -EnvironmentFile=-/etc/weave.env -ExecStartPre=-{{ docker_bin_dir }}/docker rm -f weaveproxy -ExecStartPre={{ bin_dir }}/weave launch-proxy $WEAVEPROXY_ARGS -ExecStart={{ docker_bin_dir }}/docker attach weaveproxy -Restart=on-failure -ExecStop={{ bin_dir }}/weave stop-proxy - -[Install] -WantedBy=weave-network.target