diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index d5b139e2b66937b3714def9ee3499d1606c6dd60..8ebf6fc8b690103d816c18a993fd6bd088a702b3 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -137,6 +137,14 @@
- cloud-provider
- facts
+- name: Ensure minimum calico version
+ assert:
+ that: calico_version is version('v3.0.0', '>=')
+ msg: "calico_version is too low. Minimum version v3.0.0"
+ run_once: yes
+ when:
+ - kube_network_plugin == 'calico'
+
- name: "Get current version of calico cluster version"
shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'"
register: calico_version_on_server
diff --git a/roles/network_plugin/calico/rr/tasks/main.yml b/roles/network_plugin/calico/rr/tasks/main.yml
index 2d9ba6ba077b56a8c9c69a1fdfab0b788566386b..2b023a2aa8eb08d5bebc20b6faa4c2bcab03232a 100644
--- a/roles/network_plugin/calico/rr/tasks/main.yml
+++ b/roles/network_plugin/calico/rr/tasks/main.yml
@@ -72,26 +72,6 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
delegate_to: "{{ groups['etcd'][0] }}"
- when:
- - calico_version is version("v3.0.0", ">=")
-
-- name: Calico-rr | Configure route reflector (legacy)
- command: |-
- {{ bin_dir }}/etcdctl \
- --peers={{ etcd_access_addresses }} \
- set /calico/bgp/v1/rr_v4/{{ rr_ip }} \
- '{
- "ip": "{{ rr_ip }}",
- "cluster_id": "{{ cluster_id }}"
- }'
- environment:
- ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
- ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- delegate_to: "{{ groups['etcd'][0] }}"
- when:
- - calico_version is version("v3.0.0", "<")
- meta: flush_handlers
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 543fa5e37a48fccbff78fdcf3da6a07a4528ad17..7ee560095fbc62f416a21d44d577e3aa469d620a 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -102,7 +102,7 @@
loop_control:
label: "{{ item.item.file }}"
-- name: Calico | Configure calico network pool (v3.0.0 <= version < v3.3.0)
+- name: Calico | Configure calico network pool (version < v3.3.0)
shell: >
echo "
{ "kind": "IPPool",
@@ -117,7 +117,6 @@
when:
- inventory_hostname == groups['kube-master'][0]
- 'calico_conf.stdout == "0"'
- - calico_version is version("v3.0.0", ">=")
- calico_version is version("v3.3.0", "<")
- name: Calico | Configure calico network pool (version >= v3.3.0)
@@ -138,22 +137,6 @@
- 'calico_conf.stdout == "0"'
- calico_version is version("v3.3.0", ">=")
-- name: Calico | Configure calico network pool (legacy)
- shell: >
- echo '
- { "kind": "ipPool",
- "spec": {"disabled": false, "ipip": {"enabled": {{ ipip }}, "mode": "{{ ipip_mode|lower }}"},
- "nat-outgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}},
- "apiVersion": "v1",
- "metadata": {"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}"}
- }' | {{ bin_dir }}/calicoctl.sh apply -f -
- environment:
- NO_DEFAULT_POOLS: true
- when:
- - inventory_hostname == groups['kube-master'][0]
- - 'calico_conf.stdout == "0"'
- - calico_version is version("v3.0.0", "<")
-
- name: "Determine nodeToNodeMesh needed state"
set_fact:
nodeToNodeMeshEnabled: "false"
@@ -177,20 +160,6 @@
changed_when: false
when:
- inventory_hostname == groups['kube-master'][0]
- - calico_version is version('v3.0.0', '>=')
-
-- name: Calico | Set global as_num (legacy)
- command: "{{ bin_dir }}/calicoctl.sh config set asNumber {{ global_as_num }}"
- when:
- - inventory_hostname == groups['kube-master'][0]
- - calico_version is version('v3.0.0', '<')
-
-- name: Calico | Disable node mesh (legacy)
- command: "{{ bin_dir }}/calicoctl.sh config set nodeToNodeMesh off"
- when:
- - inventory_hostname == groups['kube-master'][0]
- - calico_version is version('v3.0.0', '<')
- - nodeToMeshEnabled|default(True)
- name: Calico | Configure peering with router(s) at global scope
shell: >
@@ -210,24 +179,6 @@
- "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|list|default([]) }}"
when:
- inventory_hostname == groups['kube-master'][0]
- - calico_version | version_compare('v3.0.0', '>=')
- - peer_with_router|default(false)
-
-- name: Calico | Configure peering with router(s) at global scope (legacy)
- shell: >
- echo '{
- "kind": "bgpPeer",
- "spec": {"asNumber": "{{ item.as }}"},
- "apiVersion": "v1",
- "metadata": {"scope": "global", "peerIP": "{{ item.router_id }}"}
- }'
- | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- with_items: "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|default([]) }}"
- when:
- - inventory_hostname == groups['kube-master'][0]
- - calico_version is version('v3.0.0', '<')
- peer_with_router|default(false)
- name: Calico | Create calico manifests
@@ -298,30 +249,6 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when:
- - calico_version is version('v3.0.0', '>=')
- - peer_with_router|default(false)
- - inventory_hostname in groups['k8s-cluster']
- - local_as is defined
- - groups['calico-rr'] | default([]) | length == 0
-
-- name: Calico | Configure node asNumber for per node peering (legacy)
- shell: >
- echo '{
- "apiVersion": "v1",
- "kind": "node",
- "metadata": {
- "name": "{{ inventory_hostname }}"
- },
- "spec": {
- "bgp": {
- "asNumber": "{{ local_as }}"
- },
- "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}]
- }}' | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- when:
- - calico_version is version('v3.0.0', '<')
- peer_with_router|default(false)
- inventory_hostname in groups['k8s-cluster']
- local_as is defined
@@ -345,28 +272,9 @@
with_items:
- "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
when:
- - calico_version is version('v3.0.0', '>=')
- - peer_with_router|default(false)
- - inventory_hostname in groups['k8s-cluster']
-
-- name: Calico | Configure peering with router(s) at node scope (legacy)
- shell: >
- echo '{
- "kind": "bgpPeer",
- "spec": {"asNumber": "{{ item.as }}"},
- "apiVersion": "v1",
- "metadata": {"node": "{{ inventory_hostname }}", "scope": "node", "peerIP": "{{ item.router_id }}"}
- }'
- | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- with_items: "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
- when:
- - calico_version | version_compare('v3.0.0', '<')
- peer_with_router|default(false)
- inventory_hostname in groups['k8s-cluster']
-
- name: Calico | Configure peering with route reflectors
shell: >
echo '{
@@ -385,27 +293,6 @@
with_items:
- "{{ groups['calico-rr'] | default([]) }}"
when:
- - calico_version is version('v3.0.0', '>=')
- peer_with_calico_rr|default(false)
- inventory_hostname in groups['k8s-cluster']
- hostvars[item]['cluster_id'] == cluster_id
-
-- name: Calico | Configure peering with route reflectors (legacy)
- shell: >
- echo '{
- "kind": "bgpPeer",
- "spec": {"asNumber": "{{ local_as | default(global_as_num) }}"},
- "apiVersion": "v1",
- "metadata": {"node": "{{ inventory_hostname }}",
- "scope": "node",
- "peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"}
- }'
- | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- with_items: "{{ groups['calico-rr'] | default([]) }}"
- when:
- - calico_version is version('v3.0.0', '<')
- - not calico_upgrade_enabled
- - peer_with_calico_rr|default(false)
- - hostvars[item]['cluster_id'] == cluster_id
diff --git a/roles/network_plugin/calico/tasks/pre.yml b/roles/network_plugin/calico/tasks/pre.yml
index b843a92ad4dc21e4448e31f0665c087611aac6c6..e798142f315fc3f17452bb2748c4d22539cd6efe 100644
--- a/roles/network_plugin/calico/tasks/pre.yml
+++ b/roles/network_plugin/calico/tasks/pre.yml
@@ -1,11 +1,4 @@
---
-- name: Calico | Disable calico-node service if it exists
- service:
- name: calico-node
- state: stopped
- enabled: no
- failed_when: false
-
- name: Calico | Get kubelet hostname
shell: >-
{{ bin_dir }}/kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address'
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index f201bfec0da1477c2df607ea16d87a065fa2cd0e..75c5bbe73a4e3353a78310025596f7b1259e7522 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -25,9 +25,7 @@ spec:
prometheus.io/port: "{{ calico_felix_prometheusmetricsport }}"
{% endif %}
spec:
-{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-node-critical
-{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
serviceAccountName: calico-node
diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2
index e6bb4d36413b26262a3f0188e9ac3427d2691460..354cd0b94c4110d27a104fe4c63c28f898dffaf7 100644
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@@ -15,9 +15,7 @@ spec:
labels:
k8s-app: canal-node
spec:
-{% if kube_version is version('v1.11.1', '>=') %}
priorityClassName: system-node-critical
-{% endif %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
serviceAccountName: canal