Download Calico KDD CRDs (#7372)

* Download Calico KDD CRDs

* Replace kustomize with lineinfile and use ansible assemble module

* Replace find+lineinfile by sed in shell module to avoid nested loop

* add condition on sed

* use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"

(cherry picked from commit 1c62af0c95)

Conflicts:
        roles/network_plugin/calico/tasks/install.yml

docs/offline-environment.md

@@ -28,6 +28,8 @@ cni_download_url: "{{ files_repo }}/kubernetes/cni/cni-plugins-linux-{{ image_ar
 crictl_download_url: "{{ files_repo }}/kubernetes/cri-tools/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 # If using Calico
 calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
+# If using Calico with kdd
+calico_crds_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_version }}.tar.gz"
 
 # CentOS/Redhat
 ## Docker / Containerd

inventory/sample/group_vars/k8s-cluster/offline.yml

@@ -32,6 +32,8 @@
 
 # [Optional] Calico: If using Calico network plugin
 # calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
+# [Optional] Calico with kdd: If using Calico network plugin with kdd datastore
+# calico_crds_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_version }}.tar.gz"
 
 ## CentOS/Redhat
 ### For EL7, base and extras repo must be available, for EL8, baseos and appstream

roles/download/defaults/main.yml

@@ -99,6 +99,7 @@ kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release
 etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
 cni_download_url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
 calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/download/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
+calico_crds_download_url: "https://github.com/projectcalico/calico/archive/{{ calico_version }}.tar.gz"
 crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
 
@@ -418,6 +419,9 @@ calicoctl_binary_checksums:
   arm64:
     v3.16.8: 3d6569c54dbe1f1d2220824aaedb10e87631808ca3153eed3d2475d03bd81661
     v3.15.2: 49165f9e4ad55402248b578310fcf68a57363f54e66be04ac24be9714899b4d5
+calico_crds_archive_checksums:
+  v3.16.8: f3c2b87c560fc0114d07ef21214429c2c228431c75ea3ad28a23b12722531771
+  v3.15.2: 82e7122ec04a89c89861b8377c39ae357c7cdbbf60b5f0f1b8fc18ba6bda7dc2
 
 helm_archive_checksums:
   arm:
@@ -439,6 +443,7 @@ kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
 kubectl_binary_checksum: "{{ kubectl_checksums[image_arch][kube_version] }}"
 kubeadm_binary_checksum: "{{ kubeadm_checksums[image_arch][kubeadm_version] }}"
 calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl_version] }}"
+calico_crds_archive_checksum: "{{ calico_crds_archive_checksums[calico_version] }}"
 crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
 helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
 
@@ -798,6 +803,23 @@ downloads:
     groups:
     - k8s-cluster
 
+  calico_crds:
+    file: true
+    enabled: "{{ kube_network_plugin == 'calico' and calico_datastore == 'kdd' }}"
+    version: "{{ calico_version }}"
+    dest: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ calico_version }}.tar.gz"
+    sha256: "{{ calico_crds_archive_checksum }}"
+    url: "{{ calico_crds_download_url }}"
+    unarchive: true
+    unarchive_extra_opts:
+    - "--strip=6"
+    - "--wildcards"
+    - "*/_includes/charts/calico/crds/kdd/"
+    owner: "root"
+    mode: "0755"
+    groups:
+    - kube-master
+
   weave_kube:
     enabled: "{{ kube_network_plugin == 'weave' }}"
     container: true

roles/download/tasks/extract_file.yml

@@ -6,5 +6,6 @@
     owner: "{{ download.owner | default(omit) }}"
     mode: "{{ download.mode | default(omit) }}"
     copy: no
+    extra_opts: "{{ download.unarchive_extra_opts|default(omit) }}"
   when:
     - download.unarchive | default(false)

roles/network_plugin/calico/tasks/install.yml

@@ -85,33 +85,35 @@
     - 'calico_conf.stdout == "0"'
     - calico_pool_cidr is defined
 
-- name: Calico | Create calico manifests for kdd
+- block:
-  template:
+    - name: Calico | Remove unwanted annotations and creationTimestamp keys from metadata in Calico manifests
-    src: "{{ item.file }}.j2"
+      # noqa 303 - sed avoids using nested loop
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
+      shell: >-
-  with_items:
+        sed -E -i
-    - {name: calico, file: kdd-crds.yml, type: kdd}
+        -e '/^\s{2,4}creationTimestamp: null$/d'
-  register: calico_node_kdd_manifest
+        -e '/^\s{2,4}annotations:/{:1;/\(devel\)$/!{N;b 1}; /.*/d}'
+        {{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/*.yaml
+      when:
+        - calico_version is version('v3.17.0', '<')
+
+    - name: Calico | Create calico manifests for kdd
+      assemble:
+        src: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds"
+        dest: "{{ kube_config_dir }}/kdd-crds.yml"
+        regexp: ".*\\.yaml"
+        remote_src: true
+
+    - name: Calico | Create Calico Kubernetes datastore resources
+      kube:
+        kubectl: "{{ bin_dir }}/kubectl"
+        filename: "{{ kube_config_dir }}/kdd-crds.yml"
+        state: "latest"
+      when:
+        - inventory_hostname == groups['kube-master'][0]
   when:
     - inventory_hostname in groups['kube-master']
     - calico_datastore == "kdd"
 
-- name: Calico | Create Calico Kubernetes datastore resources
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "kube-system"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items:
-    - "{{ calico_node_kdd_manifest.results }}"
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-    - not item is skipped
-  loop_control:
-    label: "{{ item.item.file }}"
-
 - name: Calico | Configure calico network pool
   command:
     cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
@@ -281,7 +283,6 @@
     state: "latest"
   with_items:
     - "{{ calico_node_manifests.results }}"
-    - "{{ calico_node_kdd_manifest.results }}"
     - "{{ calico_node_typha_manifest.results }}"
   when:
     - inventory_hostname == groups['kube-master'][0]