From fe16fecd8f09dbf09a30300cdc1420755ec34cae Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Thu, 10 Nov 2016 12:49:47 +0300 Subject: [PATCH] Fix canal's calico networking config for ETCD TLS Also fixes kube-apiserver upgrade that was erroneously deleted in a previous commit. --- roles/kubernetes/master/tasks/pre-upgrade.yml | 9 +++++++ roles/network_plugin/canal/tasks/main.yml | 12 +++++---- .../canal/templates/canal-node.yml.j2 | 27 ------------------- .../canal/templates/network.json.j2 | 1 - 4 files changed, 16 insertions(+), 33 deletions(-) delete mode 100644 roles/network_plugin/canal/templates/network.json.j2 diff --git a/roles/kubernetes/master/tasks/pre-upgrade.yml b/roles/kubernetes/master/tasks/pre-upgrade.yml index 239c46be9..3b9f26de1 100644 --- a/roles/kubernetes/master/tasks/pre-upgrade.yml +++ b/roles/kubernetes/master/tasks/pre-upgrade.yml @@ -14,3 +14,12 @@ name: kube-apiserver state: stopped when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False)) + +- name: "Pre-upgrade | remove kube-apiserver service definition" + file: + path: "{{ item }}" + state: absent + when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False)) + with_items: + - /etc/systemd/system/kube-apiserver.service + - /etc/init.d/kube-apiserver diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml index ba83edee8..e88cfad7e 100644 --- a/roles/network_plugin/canal/tasks/main.yml +++ b/roles/network_plugin/canal/tasks/main.yml @@ -1,9 +1,11 @@ --- -- name: Canal | Write flannel configuration - template: - src: network.json.j2 - dest: /etc/flannel-network.json - backup: yes +- name: Canal | Set Flannel etcd configuration + command: |- + {{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} \ + set /{{ cluster_name }}/network/config \ + '{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }' + delegate_to: "{{groups['etcd'][0]}}" + run_once: true - name: Canal | Write canal configmap template: diff --git a/roles/network_plugin/canal/templates/canal-node.yml.j2 b/roles/network_plugin/canal/templates/canal-node.yml.j2 index bdeae6cfd..ef6793f30 100644 --- a/roles/network_plugin/canal/templates/canal-node.yml.j2 +++ b/roles/network_plugin/canal/templates/canal-node.yml.j2 @@ -19,10 +19,6 @@ spec: spec: hostNetwork: true volumes: - # Used by flannel-server-helper - - name: "networkconfig" - hostPath: - path: "/etc/flannel-network.json" # Used by calico/node. - name: lib-modules hostPath: @@ -45,29 +41,6 @@ spec: hostPath: path: /etc/resolv.conf containers: - - name: "flannel-server-helper" - image: "{{ flannel_server_helper_image_repo }}:{{ flannel_server_helper_image_tag }}" - env: - # Cluster name - - name: CLUSTER_NAME - valueFrom: - configMapKeyRef: - name: canal-config - key: cluster_name - # The location of the etcd cluster. - - name: FLANNELD_ETCD_ENDPOINTS - valueFrom: - configMapKeyRef: - name: canal-config - key: etcd_endpoints - args: - - "--network-config=/etc/flannel-network.json" - - "--etcd-prefix=/$(CLUSTER_NAME)/network" - - "--etcd-server=$(FLANNELD_ETCD_ENDPOINTS)" - volumeMounts: - - name: "networkconfig" - mountPath: "/etc/flannel-network.json" - imagePullPolicy: "Always" # Runs the flannel daemon to enable vxlan networking between # container hosts. - name: flannel diff --git a/roles/network_plugin/canal/templates/network.json.j2 b/roles/network_plugin/canal/templates/network.json.j2 deleted file mode 100644 index cbbec3841..000000000 --- a/roles/network_plugin/canal/templates/network.json.j2 +++ /dev/null @@ -1 +0,0 @@ -{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }