From 60bfc56e8e7e554f5d40b1e1d1bb6a09dd9a5fb7 Mon Sep 17 00:00:00 2001
From: Erik Stidham <erik@tigera.io>
Date: Mon, 5 Feb 2018 13:34:59 -0600
Subject: [PATCH] Update Calico and Canal
- Updating to use calico-node v2.6.7
- A few updates to their manifests too
---
roles/download/defaults/main.yml | 4 ++--
.../calico/templates/calico-node.yml.j2 | 8 +++++++
.../canal/templates/canal-node.yaml.j2 | 23 +++++++++++++++++--
3 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index e97297958..02b11cf64 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -29,9 +29,9 @@ kubeadm_version: "{{ kube_version }}"
etcd_version: v3.2.4
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download
-calico_version: "v2.6.2"
+calico_version: "v2.6.7"
calico_ctl_version: "v1.6.1"
-calico_cni_version: "v1.11.0"
+calico_cni_version: "v1.11.2"
calico_policy_version: "v1.0.0"
calico_rr_version: "v0.4.0"
flannel_version: "v0.10.0"
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 3a01648f7..3ba3e75d8 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -28,6 +28,9 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
+ # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
+ # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
+ terminationGracePeriodSeconds: 0
containers:
# Runs calico/node container on each Kubernetes node. This
# container programs network policy and routes on each
@@ -53,6 +56,11 @@ spec:
configMapKeyRef:
name: calico-config
key: cluster_type
+ # Set noderef for node controller.
+ - name: CALICO_K8S_NODE_REF
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2
index 07754c089..d63bf99b0 100644
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@@ -148,14 +148,21 @@ spec:
name: canal-config
key: etcd_endpoints
# Disable Calico BGP. Calico is simply enforcing policy.
- - name: CALICO_NETWORKING
- value: "false"
+ - name: CALICO_NETWORKING_BACKEND
+ value: "none"
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: "kubespray,canal"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
+ # Set noderef for node controller.
+ - name: CALICO_K8S_NODE_REF
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: FELIX_HEALTHENABLED
+ value: "true"
# Etcd SSL vars
- name: ETCD_CA_CERT_FILE
valueFrom:
@@ -178,6 +185,18 @@ spec:
fieldPath: spec.nodeName
securityContext:
privileged: true
+ livenessProbe:
+ httpGet:
+ path: /liveness
+ port: 9099
+ periodSeconds: 10
+ initialDelaySeconds: 10
+ failureThreshold: 6
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: 9099
+ periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
--
GitLab