From 3f5c60886bc9604c827d5deee6663edf1c87d9d8 Mon Sep 17 00:00:00 2001
From: Wong Hoi Sing Edison <hswong3i@gmail.com>
Date: Sat, 24 Mar 2018 10:52:21 +0800
Subject: [PATCH] Upgrade Weave to 2.2.1
- Fix #2414, so namespace isolation should now works
- Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net
- Other minor fixup
---
README.md | 2 +-
roles/download/defaults/main.yml | 2 +-
roles/network_plugin/weave/defaults/main.yml | 4 +-
.../weave/templates/weave-net.yml.j2 | 65 ++++++++++++-------
tests/files/gce_centos-weave-kubeadm.yml | 2 +-
tests/files/gce_coreos-alpha-weave-ha.yml | 2 +-
tests/files/gce_rhel7-weave.yml | 2 +-
tests/files/gce_ubuntu-weave-sep.yml | 2 +-
8 files changed, 50 insertions(+), 31 deletions(-)
diff --git a/README.md b/README.md
index d8cf41a4d..f19af0ae2 100644
--- a/README.md
+++ b/README.md
@@ -83,7 +83,7 @@ Versions of supported components
- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
- [cilium](https://github.com/cilium/cilium) v1.0.0-rc8
- [contiv](https://github.com/contiv/install/releases) v1.1.7
-- [weave](http://weave.works/) v2.2.0
+- [weave](http://weave.works/) v2.2.1
- [docker](https://www.docker.com/) v17.03 (see note)
- [rkt](https://coreos.com/rkt/docs/latest/) v1.21.0 (see Note 2)
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index e97297958..819525d56 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -38,7 +38,7 @@ flannel_version: "v0.10.0"
flannel_cni_version: "v0.3.0"
istio_version: "0.2.6"
vault_version: 0.8.1
-weave_version: 2.2.0
+weave_version: 2.2.1
pod_infra_version: 3.0
contiv_version: 1.1.7
cilium_version: "v1.0.0-rc8"
diff --git a/roles/network_plugin/weave/defaults/main.yml b/roles/network_plugin/weave/defaults/main.yml
index b59f0ab63..eecb06171 100644
--- a/roles/network_plugin/weave/defaults/main.yml
+++ b/roles/network_plugin/weave/defaults/main.yml
@@ -1,7 +1,7 @@
---
# Limits
-weave_memory_limit: 400M
-weave_cpu_limit: 30m
+weave_memory_limits: 400M
+weave_cpu_limits: 30m
weave_memory_requests: 64M
weave_cpu_requests: 10m
diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2
index b292339b5..70b70b3f8 100644
--- a/roles/network_plugin/weave/templates/weave-net.yml.j2
+++ b/roles/network_plugin/weave/templates/weave-net.yml.j2
@@ -9,12 +9,13 @@ items:
labels:
name: weave-net
namespace: {{ system_namespace }}
- - apiVersion: rbac.authorization.k8s.io/v1
+ - apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
+ namespace: {{ system_namespace }}
rules:
- apiGroups:
- ''
@@ -27,35 +28,42 @@ items:
- list
- watch
- apiGroups:
- - extensions
- resources:
- - networkpolicies
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - 'networking.k8s.io'
+ - networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
+ - apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: ClusterRoleBinding
+ metadata:
+ name: weave-net
+ labels:
+ name: weave-net
+ namespace: {{ system_namespace }}
+ roleRef:
+ kind: ClusterRole
+ name: weave-net
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: ServiceAccount
+ name: weave-net
+ namespace: {{ system_namespace }}
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: weave-net
- namespace: kube-system
labels:
name: weave-net
+ namespace: {{ system_namespace }}
rules:
- apiGroups:
- ''
- resources:
- - configmaps
resourceNames:
- weave-net
+ resources:
+ - configmaps
verbs:
- get
- update
@@ -65,29 +73,31 @@ items:
- configmaps
verbs:
- create
- - apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
+ - apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: RoleBinding
metadata:
name: weave-net
labels:
name: weave-net
+ namespace: {{ system_namespace }}
roleRef:
- kind: ClusterRole
+ kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
- namespace: kube-system
+ namespace: {{ system_namespace }}
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
- version: {{ weave_version }}
+ version: v{{ weave_version }}
namespace: {{ system_namespace }}
spec:
+ minReadySeconds: 5
template:
metadata:
labels:
@@ -122,7 +132,7 @@ items:
- name: WEAVE_PASSWORD
value: {{ weave_password }}
image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
- imagePullPolicy: Always
+ imagePullPolicy: {{ k8s_image_pull_policy }}
livenessProbe:
httpGet:
host: 127.0.0.1
@@ -149,19 +159,28 @@ items:
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
- readOnly: false
- name: weave-npc
+ args: []
+ env:
+ - name: HOSTNAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
- imagePullPolicy: Always
+ imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
requests:
cpu: {{ weave_cpu_requests }}
memory: {{ weave_memory_requests }}
limits:
- cpu: {{ weave_cpu_limit }}
- memory: {{ weave_memory_limit }}
+ cpu: {{ weave_cpu_limits }}
+ memory: {{ weave_memory_limits }}
securityContext:
privileged: true
+ volumeMounts:
+ - name: xtables-lock
+ mountPath: /run/xtables.lock
hostNetwork: true
hostPID: true
restartPolicy: Always
diff --git a/tests/files/gce_centos-weave-kubeadm.yml b/tests/files/gce_centos-weave-kubeadm.yml
index b4cd8e17c..a1c88e976 100644
--- a/tests/files/gce_centos-weave-kubeadm.yml
+++ b/tests/files/gce_centos-weave-kubeadm.yml
@@ -7,7 +7,7 @@ startup_script: ""
# Deployment settings
kube_network_plugin: weave
-weave_cpu_limit: "100m"
+weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
kubeadm_enabled: true
deploy_netchecker: true
diff --git a/tests/files/gce_coreos-alpha-weave-ha.yml b/tests/files/gce_coreos-alpha-weave-ha.yml
index dd579c032..1666e0927 100644
--- a/tests/files/gce_coreos-alpha-weave-ha.yml
+++ b/tests/files/gce_coreos-alpha-weave-ha.yml
@@ -7,7 +7,7 @@ startup_script: 'systemctl disable locksmithd && systemctl stop locksmithd'
# Deployment settings
kube_network_plugin: weave
-weave_cpu_limit: "100m"
+weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
bootstrap_os: coreos
resolvconf_mode: host_resolvconf # this is required as long as the coreos stable channel uses docker < 1.12
diff --git a/tests/files/gce_rhel7-weave.yml b/tests/files/gce_rhel7-weave.yml
index df80a556f..e6928b7a2 100644
--- a/tests/files/gce_rhel7-weave.yml
+++ b/tests/files/gce_rhel7-weave.yml
@@ -5,7 +5,7 @@ mode: default
# Deployment settings
kube_network_plugin: weave
-weave_cpu_limit: "100m"
+weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
deploy_netchecker: true
kubedns_min_replicas: 1
diff --git a/tests/files/gce_ubuntu-weave-sep.yml b/tests/files/gce_ubuntu-weave-sep.yml
index 133bd907a..6e701cb23 100644
--- a/tests/files/gce_ubuntu-weave-sep.yml
+++ b/tests/files/gce_ubuntu-weave-sep.yml
@@ -6,7 +6,7 @@ mode: separate
# Deployment settings
bootstrap_os: ubuntu
kube_network_plugin: weave
-weave_cpu_limit: "100m"
+weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
deploy_netchecker: true
kubedns_min_replicas: 1
--
GitLab