diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index dc96c2908f6c64d9c997d8169a710f72950200c7..396498ad1624d61d6d00c3ca51fafed24370189c 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -53,6 +53,8 @@ calico_rr_version: "v0.6.1"
flannel_version: "v0.10.0"
flannel_cni_version: "v0.3.0"
+cni_version: "v0.6.0"
+
weave_version: 2.5.0
pod_infra_version: 3.1
contiv_version: 1.2.1
@@ -62,8 +64,9 @@ multus_version: "v3.1.autoconf"
# Download URLs
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm"
-etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
hyperkube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64/hyperkube"
+etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
+cni_download_url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
# Checksums
hyperkube_checksums:
@@ -104,6 +107,7 @@ kubeadm_checksums:
v1.10.0: ebbac985834289037b544523c3e2f39bb44bea938aca9d9e88ef7e880fb8472f
etcd_binary_checksum: 947849dbcfa13927c81236fb76a7c01d587bbab42ab1e807184cd91b026ebed7
+cni_binary_checksum: f04339a21b8edf76d415e7f17b620e63b8f37a76b2f706671587ab6464411f2d
hyperkube_binary_checksum: "{{ hyperkube_checksums[kube_version] }}"
kubeadm_binary_checksum: "{{ kubeadm_checksums[kubeadm_version] }}"
@@ -251,6 +255,19 @@ downloads:
groups:
- etcd
+ cni:
+ enabled: true
+ file: true
+ version: "{{ cni_version }}"
+ dest: "{{local_release_dir}}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ sha256: "{{ cni_binary_checksum }}"
+ url: "{{ cni_download_url }}"
+ unarchive: false
+ owner: "root"
+ mode: "0755"
+ groups:
+ - k8s-cluster
+
kubeadm:
enabled: "{{ kubeadm_enabled }}"
file: true
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 9de50c05dc6c45de8b1382ca8a6a5d6223d682ec..583ac0eb307bfd8e3316f3b3f09222346fd58a98 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -33,16 +33,20 @@
group: root
changed_when: false
-- name: Calico | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: Calico | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Calico | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Calico | Copy cni plugins from calico/cni container
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
@@ -57,14 +61,6 @@
- hyperkube
- upgrade
-- name: Calico | Set cni directory permissions
- file:
- path: /opt/cni/bin
- state: directory
- owner: kube
- recurse: true
- mode: 0755
-
- name: Calico | wait for etcd
uri:
url: "{{ etcd_access_addresses.split(',') | first }}/health"
diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml
index aedb47070ed164d686ca8d8a9237fecbe20794b9..d59c818fe35e52f00d59e3c5bd4a57636f3e7366 100644
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -54,16 +54,20 @@
when:
- inventory_hostname in groups['kube-master']
-- name: Canal | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: Canal | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Canal | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Canal | Copy cni plugins from calico/cni
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
diff --git a/roles/network_plugin/cloud/tasks/main.yml b/roles/network_plugin/cloud/tasks/main.yml
index 59750770be496ca5a164839177c8ce2e8736acee..b634479783db45c173587357fb8c84519f144b1d 100644
--- a/roles/network_plugin/cloud/tasks/main.yml
+++ b/roles/network_plugin/cloud/tasks/main.yml
@@ -1,12 +1,4 @@
---
-- name: Cloud | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
-
- name: Cloud | Set cni directory permissions
file:
path: /opt/cni/bin
@@ -14,3 +6,10 @@
owner: kube
recurse: true
mode: "u=rwX,g-rwx,o-rwx"
+
+- name: Canal | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
diff --git a/roles/network_plugin/contiv/tasks/main.yml b/roles/network_plugin/contiv/tasks/main.yml
index b6163a22b37e834eaa6225bfa739462bd05d25aa..a5be03facf1fb557f80cfd6ede4e1add42a9ac54 100644
--- a/roles/network_plugin/contiv/tasks/main.yml
+++ b/roles/network_plugin/contiv/tasks/main.yml
@@ -143,14 +143,20 @@
- contiv_enable_api_proxy
- contiv_generate_certificate
-- name: Contiv | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/bash -c '/bin/cp -fa /opt/cni/bin/* /cnibindir/'"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags: [hyperkube, upgrade]
+- name: Contiv | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Contiv | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Contiv | Copy netctl binary from docker container
command: sh -c "{{ docker_bin_dir }}/docker rm -f netctl-binarycopy;
diff --git a/roles/network_plugin/flannel/tasks/pre-upgrade.yml b/roles/network_plugin/flannel/tasks/pre-upgrade.yml
index 6b6fcd54f371ebd0fe320c50d3b7b506ceec9d01..ef50ceb09495808d7ffa36b90c4458e65a89f0db 100644
--- a/roles/network_plugin/flannel/tasks/pre-upgrade.yml
+++ b/roles/network_plugin/flannel/tasks/pre-upgrade.yml
@@ -16,4 +16,4 @@
- name: Flannel pre-upgrade | Remove Flannel's certificate directory not required by CNI
file:
dest: "{{ flannel_cert_dir }}"
- state: absent
\ No newline at end of file
+ state: absent
diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml
index f1996313dc6d41e5ab9ae09ff6e6dd089f3ca22c..4f0ba8e795a2fc75a81951cd6439aace3253633f 100644
--- a/roles/network_plugin/kube-router/tasks/main.yml
+++ b/roles/network_plugin/kube-router/tasks/main.yml
@@ -3,18 +3,22 @@
include: annotate.yml
tags: annotate
-- name: kube-router | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -prf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: kube-roter | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: kube-router | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: kube-router | Create manifest
template:
src: kube-router.yml.j2
- dest: "{{ kube_config_dir }}/kube-router.yml"
\ No newline at end of file
+ dest: "{{ kube_config_dir }}/kube-router.yml"
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index a9922cf3f862ef97fc77d7217edf02fca5c64d21..f4560568fde93947ea381b4340ca909167d82202 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -1,15 +1,19 @@
---
-- name: Weave | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: Weave | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Weave | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Weave | Create manifest
template: