Commit graph

267 commits

Author SHA1 Message Date
Erwan Miran
e12850be55 Download Calico KDD CRDs (#7372)
* Download Calico KDD CRDs

* Replace kustomize with lineinfile and use ansible assemble module

* Replace find+lineinfile by sed in shell module to avoid nested loop

* add condition on sed

* use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"

(cherry picked from commit 1c62af0c95)

Conflicts:
        roles/network_plugin/calico/tasks/install.yml
2021-03-23 07:29:36 -07:00
Etienne Champetier
53b9388b82 Add kube-ipvs0/nodelocaldns to NetworkManager unmanaged-devices (#7315)
On CentOS 8 they seem to be ignored by default, but better be extra safe
This also make it easy to exclude other network plugin interfaces

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit e442b1d2b9)
2021-03-15 07:07:05 -07:00
Etienne Champetier
f26cc9f75b Only use stat get_checksum: yes when needed (#7270)
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit de1d9df787)

Conflicts:
	roles/etcd/tasks/check_certs.yml
2021-03-15 07:07:05 -07:00
Etienne Champetier
c7658c0256 Remove calico-upgrade leftovers (#7282)
This is dead code since 28073c76ac

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 3749729d5a)
2021-02-22 06:01:43 -08:00
forselli-stratio
960844d87b Fix ansible calico route reflector tasks in calico role (#7224)
* Fix calico-rr tasks

* revert stdin only when it's already a string

(cherry picked from commit 88bee6c68e)
2021-02-22 06:01:43 -08:00
Jorik Jonker
6b184905e6 calico: fix NetworkManager check (#7169)
Previous check for presence of NM assumed "systemctl show
NetworkManager" would exit with a nonzero status code, which seems not
the case anymore with recent Flatcar Container Linux.

This new check also checks the activeness of network manager, as
`is-active` implies presence.

Signed-off-by Jorik Jonker <jorik@kippendief.biz>

(cherry picked from commit bba55faae8)
2021-02-22 06:01:43 -08:00
Etienne Champetier
4ed05cf655 Calico: fixup check when ipipMode / vxlanMode is not present
calicoctl.sh get ipPool default-pool -o json
{
  "kind": "IPPool",
  "apiVersion": "projectcalico.org/v3",
  "metadata": {
    "name": "default-pool",
...
  },
  "spec": {
    "cidr": "10.233.64.0/18",
    "ipipMode": "Always",
    "natOutgoing": true,
    "blockSize": 24,
    "nodeSelector": "all()"
  }
}

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit f1576eabb1)
2021-01-25 23:48:34 -08:00
Etienne Champetier
ff95292435
calico: fix warnings (#7121)
TASK [network_plugin/calico : Calico | Configure calico network pool] **********
task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138
Friday 08 January 2021  17:10:12 +0000 (0:00:01.521)       0:11:36.885 ********
[WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3',
'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr':
'10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing':
True}} (type dict) in a string field was converted to "{'kind': 'IPPool',
'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'},
'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always',
'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not
look like what you expect, quote the entire value to ensure it does not change.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-08 16:01:05 -08:00
Etienne Champetier
c14388629a
calico: check if inventory settings match cluster settings (#6969)
If some settings were changed from the default but not commited into an inventory repo,
we risk breaking the cluster / cause downtime, so add some extra checks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-04 09:07:56 -08:00
Teo Klestrup Röijezon
161c7e9fce
Blacklist Calico's VXLAN interface from NetworkManager (#7037)
See https://github.com/projectcalico/calico/issues/3271

Otherwise Calico can get into a fight with NM about who "owns" the vxlan.calico
interface, breaking all pod traffic.
2020-12-23 08:24:27 -08:00
Etienne Champetier
7d7739e031
Calico: fix node ip subnet detection (#7065)
We are currently setting the IP variable to hostIP,
Before https://github.com/projectcalico/node/pull/593 (not yet released)
Calico interpret that as hostIP/32
Using 'can-reach' we get the future behavior
This fixes vxlan and IPIP CrossSubnet modes

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-21 00:58:25 -08:00
Catblade
10a6bd67de
Calico: update files to handle multi-asn bgp peering conditions. (#6971)
* update files to handle multi-asn bgp peering conditions.

* put back in the serviceClusterIPs.  Bad merge.

* remove extraneous environment var.

* update files as discussed with mirwan

* update titles.

* add not in.

* add a conditional for using bgp to advertise cluster ips.

Co-authored-by: marlow-h <mweston@habana.ai>
2020-12-17 22:54:25 -08:00
Andrii
8a153ed38e
Add serviceExternalIPs option for calico installation (#6928) 2020-11-25 05:34:39 -08:00
Hans Feldt
70bbb3e280
calico: avoid POD restart during initial deploy (#6886)
calico PODs are first started and then in a handler killed and
restarted for no reason, nothing has changed.

By using the existing variable 'calico_cni_config' (only defined when
calico has already started) the restart can be skipped.
2020-11-13 00:02:23 -08:00
Mikael Johansson
93a1693040
Update BGPPeer CRD to match v3.16 of Calico (#6881) 2020-11-05 11:14:51 -08:00
Hans Feldt
04b19359cb
allow non existing etcd group (#6797)
When using kubeadm managed etcd, configuring an etcd group can now
be skipped.
2020-10-21 07:32:20 -07:00
emiran-orange
081a9e7bd8
/opt/cni/bin/install not before calico 3.16 (#6738) 2020-09-25 06:15:11 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup (#6733)
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Marco Martínez
5c448b6896
Add retries to update calico-rr data in etcd through calicoctl (#6505)
* Add retries to update calico-rr data in etcd through calicoctl

* Update update-node yaml syntax

* Add comment to clarify ansible block loop

* Remove trailing space
2020-09-24 03:24:05 -07:00
Hans Feldt
6141b98bf8
calico: default to using kdd datastore (#6693)
If already deployed, get current datastore from CNI config file
2020-09-23 08:38:09 -07:00
David Louks
1e79dcfcaa
Added ability to set calico vxlan vni and port. defaults to calico's … (#6678)
* Added ability to set calico vxlan vni and port. defaults to calico's documented defaults.

* Check if calico_network_backend is defined prior to checking value

* Removed calico hidden defaults for vxlan port and vni

* Fixed FELIX_VXLANVNI typo
2020-09-22 01:04:48 -07:00
Barry Melbourne
b6b26c710f
Add support for Calico CNI host-local IPAM plugin (#6580) 2020-09-17 02:44:46 -07:00
Florian Ruynat
ae5328c500
Update calico to 3.16.1 (#6644) 2020-09-10 03:45:46 -07:00
Hans Feldt
93698a8f73
Calico: update crds to v1 and cr (#6360)
* Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1
* Align ClusterRole for kube-controllers with upstream (calico)
2020-09-03 00:51:40 -07:00
Maxime Guyot
6245587dc8
Fix E306 in roles/network_plugin (#6516)
Signed-off-by: Miouge1 <maxime@root314.com>
2020-09-02 23:55:40 -07:00
Maxime Guyot
34d88ea6d9
Fix Ansible-lint E303 (#6409) 2020-08-31 03:30:20 -07:00
nic0las
f59d3fc4a3
Deviceroutesourceaddress (#6508)
* add FELIX_DEVICEROUTESOURCEADDRESS calico option

* add calico_use_default_route_src_ipaddr option 

add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option

* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Florian Ruynat
6e2b8a5750
Add timeout to Get current version of calico cluster version, again (#6493) 2020-08-21 00:13:51 -07:00
Maxime Guyot
fe46349786
Fix ansible-lint E301 for commands fetching data (#6465) 2020-07-28 08:39:47 -07:00
Maxime Guyot
e70f27dd79
Add noqa and disable .ansible-lint global exclusions (#6410) 2020-07-27 06:24:17 -07:00
Konstantin Lebedev
4b80a7f6fe
Felix configuration via extraenvs of calico node (#6433) 2020-07-22 00:08:04 -07:00
Minjong Kim
b19f2e2d3d
Update the calico_veth_mtu setting to affect IP-in-IP users (#6419)
* Update calico_veth_mtu to FELIX_IPINIP variable

calico_veth_mtu is specified in the configuration, but since it only works for wireguard, modify it to work for IP-in-IP users.

* Update template with more cleaner expression
2020-07-21 23:58:18 -07:00
chenguoquan1024
e1873ab872
add calico-node selinux (#6359) 2020-07-15 00:22:38 -07:00
nurekage
017df7113d
Patch Calico for V3.14.0 missing CR and CRD (#6276) 2020-07-01 08:44:16 -07:00
Florian Ruynat
16ec5939c2
Update deprecated api (#6245) 2020-06-30 09:00:07 -07:00
Florian Ruynat
8213b1802b
Update calico to 1.15.0 + minor update to kube-ovn/weave (#6306) 2020-06-29 14:39:58 -07:00
Joel Seguillon
4c1e0b188d
Add .editorconfig file (#6307) 2020-06-29 12:39:59 -07:00
Yousong Zhou
a7b8708dfc
calico: use absolute path to docker, crictl binary (#6253)
To avoid the following error (ignored when pipefail is off)

  RUNNING HANDLER [network_plugin/calico : containerd | delete calico-node containers] *******************************************************************************
  changed: [node1] => {"attempts": 1, "changed": true, "cmd": "crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c \"crictl stopp % && crictl rmp %\"", "delta": "0:00:00.004240", "end": "2020-06-10 03:32:41.316955", "rc": 0, "start": "2020-06-10 03:32:41.312715", "stderr": "/bin/sh: crictl: command not found", "stderr_lines": ["/bin/sh: crictl: command not found"], "stdout": "", "stdout_lines": []}
2020-06-10 03:22:08 -07:00
Flavien
7ff8fc259b
Support all taints in network plugins manifests (#6208)
flannel, ovn and multus network plugins did not support all taint keys. This
update changes the tolerations to support them all.

According to the documentation:

```
There are two special cases: An empty key with operator Exists matches all keys,
values and effects which means this will tolerate everything. An empty effect matches
all effects with key key.
```

Usage of the empty `key` and `effect` ensures the network plugin daemonset will
be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
2020-06-02 05:38:15 -07:00
Sergey
cc507d7ace
disable bird-check flag for probes of calico-node pods when calico_network_backend is not 'bird'. (#6217) 2020-06-01 12:44:14 -07:00
Florian Ruynat
3ff6a2e7ff
Update default (erroneous) backend value for calico (#6031) 2020-04-27 00:03:39 -07:00
Florian Ruynat
1ee3ff738e
Add option to enable usage reports to calico servers (#6030) 2020-04-27 00:03:30 -07:00
Florian Ruynat
299e35ebe4
Cleanup unused/erroneous variables (#6003) 2020-04-24 01:54:07 -07:00
Florian Ruynat
ca45d5ffbe
Fix retries keyword missing until instruction (#5989) 2020-04-21 07:20:56 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os (#5964) 2020-04-17 05:51:06 -07:00
Alexander Kross
0d675cdd1a
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. (#5912) 2020-04-09 07:27:43 -07:00
Anshul Sharma
79a6b72a13
Removed deprecated label kubernetes.io/cluster-service (#5372) 2020-03-30 01:19:53 -07:00
hfinucane
158d998ec4
Support configuring the Calico iptables insert mode (#5473)
* Support configuring the insert mode

Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration

so nothing should change for existing deployments.

This allows coexistence with other firewall management technologies.

* Add a note to the sample config
2020-03-14 06:36:35 -07:00
Sergey
e60b9f796e
add calico VXLAN mode, update docs and vars in sample inventory (#5731)
* calico VXLAN mode

* check vars if calico backend defined
2020-03-12 01:20:37 -07:00
Chad Swenson
a15a0b5eb9
Make calico iptables lock timeout configurable (#5658)
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
2020-02-19 02:28:25 -08:00