From a11b9d28bd1a017afef65482bedea8fca6af3904 Mon Sep 17 00:00:00 2001
From: Brad Beam <brad.beam@b-rad.info>
Date: Tue, 10 Jan 2017 08:47:39 -0600
Subject: [PATCH] Upgrading weave to weave-kube
---
.gitlab-ci.yml | 3 +
roles/download/defaults/main.yml | 29 +++--
.../network_plugin/meta/main.yml | 3 +
.../network_plugin/weave/tasks/main.yml | 24 ++++
roles/network_plugin/weave/defaults/main.yml | 2 +
roles/network_plugin/weave/handlers/main.yml | 36 ------
roles/network_plugin/weave/meta/main.yml | 5 +-
roles/network_plugin/weave/tasks/main.yml | 46 +-------
.../weave/templates/weave-kube.yml.j2 | 104 ++++++++++++++++++
roles/network_plugin/weave/templates/weave.j2 | 7 --
.../weave/templates/weave.service.j2 | 18 ---
.../weave/templates/weaveexpose.service.j2 | 16 ---
.../weave/templates/weaveproxy.service.j2 | 17 ---
13 files changed, 161 insertions(+), 149 deletions(-)
create mode 100644 roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
delete mode 100644 roles/network_plugin/weave/handlers/main.yml
create mode 100644 roles/network_plugin/weave/templates/weave-kube.yml.j2
delete mode 100644 roles/network_plugin/weave/templates/weave.j2
delete mode 100644 roles/network_plugin/weave/templates/weave.service.j2
delete mode 100644 roles/network_plugin/weave/templates/weaveexpose.service.j2
delete mode 100644 roles/network_plugin/weave/templates/weaveproxy.service.j2
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d65be3b7c..2ff17249c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -54,6 +54,7 @@ before_script:
LOG_LEVEL: "-vv"
ETCD_DEPLOYMENT: "docker"
KUBELET_DEPLOYMENT: "docker"
+ WEAVE_CPU_LIMIT: "100m"
MAGIC: "ci check this"
.gce: &gce
@@ -115,6 +116,8 @@ before_script:
-e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
-e local_release_dir=${PWD}/downloads
-e resolvconf_mode=${RESOLVCONF_MODE}
+ -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
+ -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
cluster.yml
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index b249f3aa9..7e06ac574 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -23,16 +23,14 @@ etcd_version: v3.0.6
# after migration to container download
calico_version: "v1.0.0"
calico_cni_version: "v1.5.5"
-weave_version: v1.6.1
+weave_version: 1.8.2
flannel_version: v0.6.2
pod_infra_version: 3.0
# Download URL's
etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
-weave_download_url: "https://storage.googleapis.com/kargo/{{weave_version}}_weave"
# Checksums
-weave_checksum: "9bf9d6e5a839e7bcbb28cc00c7acae9d09284faa3e7a3720ca9c2b9e93c68580"
etcd_checksum: "385afd518f93e3005510b7aaa04d38ee4a39f06f5152cd33bb86d4f0c94c7485"
# Containers
@@ -66,6 +64,10 @@ netcheck_kubectl_tag: v0.18.0-120-gaeb4ac55ad12b1-dirty
netcheck_agent_img_repo: "quay.io/l23network/mcp-netchecker-agent"
netcheck_server_img_repo: "quay.io/l23network/mcp-netchecker-server"
netcheck_kubectl_img_repo: "gcr.io/google_containers/kubectl"
+weave_kube_image_repo: "weaveworks/weave-kube"
+weave_kube_image_tag: "{{ weave_version }}"
+weave_npc_image_repo: "weaveworks/weave-npc"
+weave_npc_image_tag: "{{ weave_version }}"
nginx_image_repo: nginx
nginx_image_tag: 1.11.4-alpine
@@ -100,15 +102,6 @@ downloads:
tag: "{{ netcheck_kubectl_tag }}"
sha256: "{{ netcheck_kubectl_digest_checksum|default(None) }}"
enabled: "{{ deploy_netchecker|bool }}"
- weave:
- dest: weave/bin/weave
- version: "{{weave_version}}"
- source_url: "{{weave_download_url}}"
- url: "{{weave_download_url}}"
- sha256: "{{ weave_checksum }}"
- owner: "root"
- mode: "0755"
- enabled: "{{ kube_network_plugin == 'weave' }}"
etcd:
version: "{{etcd_version}}"
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
@@ -163,6 +156,18 @@ downloads:
tag: "{{ calico_rr_image_tag }}"
sha256: "{{ calico_rr_digest_checksum|default(None) }}"
enabled: "{{ peer_with_calico_rr is defined and peer_with_calico_rr}} and kube_network_plugin == 'calico'"
+ weave_kube:
+ container: true
+ repo: "{{ weave_kube_image_repo }}"
+ tag: "{{ weave_kube_image_tag }}"
+ sha256: "{{ weave_kube_digest_checksum|default(None) }}"
+ enabled: "{{ kube_network_plugin == 'weave' }}"
+ weave_npc:
+ container: true
+ repo: "{{ weave_npc_image_repo }}"
+ tag: "{{ weave_npc_image_tag }}"
+ sha256: "{{ weave_npc_digest_checksum|default(None) }}"
+ enabled: "{{ kube_network_plugin == 'weave' }}"
pod_infra:
container: true
repo: "{{ pod_infra_image_repo }}"
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index 1024e63a8..43382f2ae 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -3,3 +3,6 @@ dependencies:
- role: kubernetes-apps/network_plugin/canal
when: kube_network_plugin == 'canal'
tags: canal
+ - role: kubernetes-apps/network_plugin/weave
+ when: kube_network_plugin == 'weave'
+ tags: weave
diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
new file mode 100644
index 000000000..b2ee3a6c3
--- /dev/null
+++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
@@ -0,0 +1,24 @@
+- name: Weave | Start Resources
+ run_once: true
+ kube:
+ name: "weave-kube"
+ kubectl: "{{ bin_dir }}/kubectl"
+ filename: "{{ kube_config_dir }}/weave-kube.yml"
+ resource: "ds"
+ namespace: "{{system_namespace}}"
+ state: "{{ item | ternary('latest','present') }}"
+ with_items: "{{ weave_manifest.changed }}"
+
+
+- name: "Weave | wait for weave to become available"
+ uri:
+ url: http://127.0.0.1:6784/status
+ return_content: yes
+ register: weave_status
+ retries: 10
+ delay: "{{ retry_stagger | random + 3 }}"
+ until: weave_status.status == 200
+
+- name: "Weave | check if weave is ready"
+ fail:
+ when: "'Status: ready' not in weave_status.content"
diff --git a/roles/network_plugin/weave/defaults/main.yml b/roles/network_plugin/weave/defaults/main.yml
index 4aabcac6f..91933ecf4 100644
--- a/roles/network_plugin/weave/defaults/main.yml
+++ b/roles/network_plugin/weave/defaults/main.yml
@@ -2,3 +2,5 @@
# Limits
weave_memory_limit: 500M
weave_cpu_limit: 300m
+weave_memory_requests: 300M
+weave_cpu_requests: 200m
diff --git a/roles/network_plugin/weave/handlers/main.yml b/roles/network_plugin/weave/handlers/main.yml
deleted file mode 100644
index b9c3e31d8..000000000
--- a/roles/network_plugin/weave/handlers/main.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-- name: restart weave
- command: /bin/true
- notify:
- - Weave | reload systemd
- - reload weave
-
-- name : Weave | reload systemd
- shell: systemctl daemon-reload
-
-- name: restart weaveproxy
- command: /bin/true
- notify:
- - Weave | reload systemd
- - reload weaveproxy
-
-- name: restart weaveexpose
- command: /bin/true
- notify:
- - Weave | reload systemd
- - reload weaveexpose
-
-- name: reload weave
- service:
- name: weave
- state: restarted
-
-- name: reload weaveproxy
- service:
- name: weaveproxy
- state: restarted
-
-- name: reload weaveexpose
- service:
- name: weaveexpose
- state: restarted
diff --git a/roles/network_plugin/weave/meta/main.yml b/roles/network_plugin/weave/meta/main.yml
index a4e7c6fb7..37bcd9404 100644
--- a/roles/network_plugin/weave/meta/main.yml
+++ b/roles/network_plugin/weave/meta/main.yml
@@ -1,5 +1,8 @@
---
dependencies:
- role: download
- file: "{{ downloads.weave }}"
+ file: "{{ downloads.weave_kube }}"
+ tags: download
+ - role: download
+ file: "{{ downloads.weave_npc }}"
tags: download
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index ea226572b..fb9dae80f 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -8,46 +8,8 @@
changed_when: false
tags: [hyperkube, upgrade]
-- name: Weave | Install weave
- command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave"
- changed_when: false
-
-- name: Weave | pull weave images
- shell: "{{ bin_dir }}/weave setup"
- changed_when: false
-
-- name: Weave | set perms
- file: path="{{ bin_dir }}/weave" mode=0755 state=file
-
-- name: Weave | Set options
+- name: Weave | Create weave-kube manifest
template:
- src: weave.j2
- dest: "/etc/weave.env"
- owner: root
- group: root
- mode: 0644
- notify:
- - restart weave
-
-- name: Weave | Write weave systemd init file
- template: src=weave.service.j2 dest=/etc/systemd/system/weave.service
- notify: restart weave
-
-- name: Weave | Write weaveproxy systemd init file
- template: src=weaveproxy.service.j2 dest=/etc/systemd/system/weaveproxy.service
- notify: restart weaveproxy
-
-- name: Weave | Write weaveexpose systemd init file
- template: src=weaveexpose.service.j2 dest=/etc/systemd/system/weaveexpose.service
- notify: restart weaveexpose
-
-- meta: flush_handlers
-
-- name: Weave | Enable weave
- service: name=weave enabled=yes state=started
-
-- name: Weave | Enable weaveproxy
- service: name=weaveproxy enabled=yes state=started
-
-- name: Weave | Enable weaveexpose
- service: name=weaveexpose enabled=yes state=started
+ src: weave-kube.yml.j2
+ dest: "{{ kube_config_dir }}/weave-kube.yml"
+ register: weave_manifest
diff --git a/roles/network_plugin/weave/templates/weave-kube.yml.j2 b/roles/network_plugin/weave/templates/weave-kube.yml.j2
new file mode 100644
index 000000000..38f23c359
--- /dev/null
+++ b/roles/network_plugin/weave/templates/weave-kube.yml.j2
@@ -0,0 +1,104 @@
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+ name: weave-net
+ namespace: {{ system_namespace }}
+ labels:
+ version: {{ weave_version }}
+spec:
+ template:
+ metadata:
+ labels:
+ name: weave-net
+ annotations:
+ scheduler.alpha.kubernetes.io/tolerations: |
+ [
+ {
+ "key": "dedicated",
+ "operator": "Equal",
+ "value": "master",
+ "effect": "NoSchedule"
+ }
+ ]
+ spec:
+ hostNetwork: true
+ hostPID: true
+ containers:
+ - name: weave
+ image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
+ imagePullPolicy: Always
+ command:
+ - /home/weave/launch.sh
+ env:
+ - name: IPALLOC_RANGE
+ value: {{ kube_pods_subnet }}
+{% if weave_checkpoint_disable is defined %}
+ - name: CHECKPOINT_DISABLE
+ value: {{ weave_checkpoint_disable }}
+{% endif %}
+{% if weave_expect_npc is defined %}
+ - name: EXPECT_NPC
+ value: {{ weave_expect_npc }}
+{% endif %}
+{% if weave_kube_peers is defined %}
+ - name: KUBE_PEERS
+ value: {{ weave_kube_peers }}
+{% endif %}
+{% if weave_ipalloc_init is defined %}
+ - name: IPALLOC_INIT
+ value: {{ weave_ipalloc_init }}
+{% endif %}
+{% if weave_expose_ip is defined %}
+ - name: WEAVE_EXPOSE_IP
+ value: {{ weave_expose_ip }}
+{% endif %}
+ livenessProbe:
+ initialDelaySeconds: 30
+ httpGet:
+ host: 127.0.0.1
+ path: /status
+ port: 6784
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: weavedb
+ mountPath: /weavedb
+ - name: cni-bin
+ mountPath: /opt
+ - name: cni-bin2
+ mountPath: /host_home
+ - name: cni-conf
+ mountPath: /etc
+ resources:
+ requests:
+ cpu: {{ weave_cpu_requests }}
+ memory: {{ weave_memory_requests }}
+ limits:
+ cpu: {{ weave_cpu_limit }}
+ memory: {{ weave_memory_limit }}
+ - name: weave-npc
+ image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
+ imagePullPolicy: Always
+ resources:
+ requests:
+ cpu: {{ weave_cpu_requests }}
+ memory: {{ weave_memory_requests }}
+ limits:
+ cpu: {{ weave_cpu_limit }}
+ memory: {{ weave_memory_limit }}
+ securityContext:
+ privileged: true
+ restartPolicy: Always
+ volumes:
+ - name: weavedb
+ emptyDir: {}
+ - name: cni-bin
+ hostPath:
+ path: /opt
+ - name: cni-bin2
+ hostPath:
+ path: /home
+ - name: cni-conf
+ hostPath:
+ path: /etc
diff --git a/roles/network_plugin/weave/templates/weave.j2 b/roles/network_plugin/weave/templates/weave.j2
deleted file mode 100644
index f1e92c25c..000000000
--- a/roles/network_plugin/weave/templates/weave.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-WEAVE_DOCKER_ARGS="--memory={{ weave_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ weave_cpu_limit|regex_replace('m', '') }}"
-WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}{% if not loop.last %} {% endif %}{% endfor %}"
-WEAVEPROXY_ARGS="--rewrite-inspect --without-dns"
-WEAVE_SUBNET="--ipalloc-range {{ kube_pods_subnet }}"
-{% if weave_password is defined %}
-WEAVE_PASSWORD="{{ weave_password }}"
-{% endif %}
diff --git a/roles/network_plugin/weave/templates/weave.service.j2 b/roles/network_plugin/weave/templates/weave.service.j2
deleted file mode 100644
index 6c2aad249..000000000
--- a/roles/network_plugin/weave/templates/weave.service.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-[Unit]
-Description=Weave Network
-Documentation=http://docs.weave.works/weave/latest_release/
-Wants=docker.socket
-After=docker.service docker.socket
-
-[Service]
-EnvironmentFile=-/etc/weave.env
-ExecStartPre=-{{ docker_bin_dir }}/docker rm -f weave
-ExecStartPre={{ bin_dir }}/weave launch-router \
- $WEAVE_SUBNET \
- $WEAVE_PEERS
-ExecStart={{ docker_bin_dir }}/docker attach weave
-ExecStop={{ bin_dir }}/weave stop
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/network_plugin/weave/templates/weaveexpose.service.j2 b/roles/network_plugin/weave/templates/weaveexpose.service.j2
deleted file mode 100644
index f9931696e..000000000
--- a/roles/network_plugin/weave/templates/weaveexpose.service.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Documentation=http://docs.weave.works/
-Wants=docker.socket weave.service
-After=docker.service docker.socket weave.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-TimeoutStartSec=0
-EnvironmentFile=-/etc/weave.%H.env
-EnvironmentFile=-/etc/weave.env
-ExecStart={{ bin_dir }}/weave expose
-ExecStop={{ bin_dir }}/weave hide
-
-[Install]
-WantedBy=weave-network.target
diff --git a/roles/network_plugin/weave/templates/weaveproxy.service.j2 b/roles/network_plugin/weave/templates/weaveproxy.service.j2
deleted file mode 100644
index 5b3f4f86d..000000000
--- a/roles/network_plugin/weave/templates/weaveproxy.service.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-[Unit]
-Description=Weave proxy for Docker API
-Documentation=http://docs.weave.works/
-Wants=docker.socket
-After=docker.service docker.socket
-
-[Service]
-EnvironmentFile=-/etc/weave.%H.env
-EnvironmentFile=-/etc/weave.env
-ExecStartPre=-{{ docker_bin_dir }}/docker rm -f weaveproxy
-ExecStartPre={{ bin_dir }}/weave launch-proxy $WEAVEPROXY_ARGS
-ExecStart={{ docker_bin_dir }}/docker attach weaveproxy
-Restart=on-failure
-ExecStop={{ bin_dir }}/weave stop-proxy
-
-[Install]
-WantedBy=weave-network.target
--
GitLab