From dc3e317d20de66e9da3a74fa5c6d6a5e3e9d9e1b Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Thu, 6 Sep 2018 15:49:06 +0300 Subject: [PATCH] Fix backward compatibility with calico 2.6 --- .../network_plugin/calico/tasks/main.yml | 1 + roles/kubespray-defaults/defaults/main.yaml | 3 ++ roles/network_plugin/calico/defaults/main.yml | 3 +- roles/network_plugin/calico/tasks/install.yml | 45 ++++++++++++++++++- roles/network_plugin/calico/tasks/main.yml | 1 + 5 files changed, 50 insertions(+), 3 deletions(-) diff --git a/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml b/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml index 013d3b056..e4215ed62 100644 --- a/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml @@ -16,4 +16,5 @@ shell: "{{ bin_dir }}/calico-upgrade complete --no-prompts --apiconfigv1 /etc/calico/etcdv2.yml --apiconfigv3 /etc/calico/etcdv3.yml" when: - inventory_hostname == groups['kube-master'][0] + - calico_upgrade_enabled|default(True) - calico_upgrade_needed|default(False) diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 0d36d21eb..1d708bda9 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -95,6 +95,9 @@ kube_network_plugin: calico # Determines if calico-rr group exists peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}" +# Set to false to disable calico-upgrade +calico_upgrade_enabled: true + # Kubernetes internal network for services, unused block of space. kube_service_addresses: 10.233.0.0/18 diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml index e65d569ed..e9f3c70a7 100644 --- a/roles/network_plugin/calico/defaults/main.yml +++ b/roles/network_plugin/calico/defaults/main.yml @@ -41,6 +41,7 @@ calico_felix_prometheusgometricsenabled: "true" calico_felix_prometheusprocessmetricsenabled: "true" ### check latest version https://github.com/projectcalico/calico-upgrade/releases +calico_upgrade_enabled: true calico_upgrade_version: v1.0.5 # Should calico ignore kernel's RPF check setting, @@ -56,4 +57,4 @@ calico_node_ignorelooserpf: false calico_baremetal_nodename: "{{ inventory_hostname }}" ### do not enable this, this is detected in scope of tasks, this is just a default value -calico_upgrade_needed: false \ No newline at end of file +calico_upgrade_needed: false diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 67eaec0fd..94cbbde5f 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -147,9 +147,28 @@ with_items: - "{{ peers|default([]) }}" when: + - calico_version_on_server.stdout|version_compare('v3.0.0', '>') or calico_upgrade_enabled - peer_with_router|default(false) - inventory_hostname in groups['k8s-cluster'] +- name: Calico | Configure peering with router(s) (legacy) + shell: > + echo '{ + "kind": "bgpPeer", + "spec": {"asNumber": "{{ item.as }}"}, + "apiVersion": "v1", + "metadata": {"node": "{{ inventory_hostname }}", "scope": "node", "peerIP": "{{ item.router_id }}"} + }' + | {{ bin_dir }}/calicoctl create --skip-exists -f - + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + with_items: "{{ peers|default([]) }}" + when: + - calico_version_on_server.stdout|version_compare('v3.0.0', '<') + - not calico_upgrade_enabled + - peer_with_router|default(false) + - inventory_hostname in groups['k8s-cluster'] + - name: Calico | Configure peering with route reflectors shell: > echo '{ @@ -169,9 +188,31 @@ with_items: - "{{ groups['calico-rr'] | default([]) }}" when: - - (peer_with_calico_rr|default(false) + - calico_version_on_server.stdout|version_compare('v3.0.0', '>') or calico_upgrade_enabled + - peer_with_calico_rr|default(false) - inventory_hostname in groups['k8s-cluster'] - - hostvars[item]['cluster_id'] == cluster_id) + - hostvars[item]['cluster_id'] == cluster_id + +- name: Calico | Configure peering with route reflectors (legacy) + shell: > + echo '{ + "kind": "bgpPeer", + "spec": {"asNumber": "{{ local_as | default(global_as_num)}}"}, + "apiVersion": "v1", + "metadata": {"node": "{{ inventory_hostname }}", + "scope": "node", + "peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(hostvars[item]["ansible_default_ipv4"]["address"]) }}"} + }' + | {{ bin_dir }}/calicoctl create --skip-exists -f - + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + with_items: "{{ groups['calico-rr'] | default([]) }}" + when: + - calico_version_on_server.stdout|version_compare('v3.0.0', '<') + - not calico_upgrade_enabled + - peer_with_calico_rr|default(false) + - hostvars[item]['cluster_id'] == cluster_id + - name: Calico | Create calico manifests template: diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml index 72d8e3e11..fefd8a7ff 100644 --- a/roles/network_plugin/calico/tasks/main.yml +++ b/roles/network_plugin/calico/tasks/main.yml @@ -5,6 +5,7 @@ - include_tasks: upgrade.yml when: + - calico_upgrade_enabled - calico_upgrade_needed run_once: yes delegate_to: "{{ groups['kube-master'][0] }}"