From e0781483faddd68bc90eaf56adb785758af34223 Mon Sep 17 00:00:00 2001
From: Rong Zhang <rongzhang@alauda.io>
Date: Mon, 3 Dec 2018 18:22:17 +0800
Subject: [PATCH] Use download binary instead of copying from the container
(#3786)
---
roles/download/defaults/main.yml | 19 ++++++++++-
roles/network_plugin/calico/tasks/install.yml | 32 ++++++++-----------
roles/network_plugin/canal/tasks/main.yml | 24 ++++++++------
roles/network_plugin/cloud/tasks/main.yml | 15 ++++-----
roles/network_plugin/contiv/tasks/main.yml | 22 ++++++++-----
.../flannel/tasks/pre-upgrade.yml | 2 +-
.../network_plugin/kube-router/tasks/main.yml | 26 ++++++++-------
roles/network_plugin/weave/tasks/main.yml | 24 ++++++++------
8 files changed, 97 insertions(+), 67 deletions(-)
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index dc96c2908..396498ad1 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -53,6 +53,8 @@ calico_rr_version: "v0.6.1"
flannel_version: "v0.10.0"
flannel_cni_version: "v0.3.0"
+cni_version: "v0.6.0"
+
weave_version: 2.5.0
pod_infra_version: 3.1
contiv_version: 1.2.1
@@ -62,8 +64,9 @@ multus_version: "v3.1.autoconf"
# Download URLs
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm"
-etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
hyperkube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64/hyperkube"
+etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
+cni_download_url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
# Checksums
hyperkube_checksums:
@@ -104,6 +107,7 @@ kubeadm_checksums:
v1.10.0: ebbac985834289037b544523c3e2f39bb44bea938aca9d9e88ef7e880fb8472f
etcd_binary_checksum: 947849dbcfa13927c81236fb76a7c01d587bbab42ab1e807184cd91b026ebed7
+cni_binary_checksum: f04339a21b8edf76d415e7f17b620e63b8f37a76b2f706671587ab6464411f2d
hyperkube_binary_checksum: "{{ hyperkube_checksums[kube_version] }}"
kubeadm_binary_checksum: "{{ kubeadm_checksums[kubeadm_version] }}"
@@ -251,6 +255,19 @@ downloads:
groups:
- etcd
+ cni:
+ enabled: true
+ file: true
+ version: "{{ cni_version }}"
+ dest: "{{local_release_dir}}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ sha256: "{{ cni_binary_checksum }}"
+ url: "{{ cni_download_url }}"
+ unarchive: false
+ owner: "root"
+ mode: "0755"
+ groups:
+ - k8s-cluster
+
kubeadm:
enabled: "{{ kubeadm_enabled }}"
file: true
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 9de50c05d..583ac0eb3 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -33,16 +33,20 @@
group: root
changed_when: false
-- name: Calico | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: Calico | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Calico | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Calico | Copy cni plugins from calico/cni container
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
@@ -57,14 +61,6 @@
- hyperkube
- upgrade
-- name: Calico | Set cni directory permissions
- file:
- path: /opt/cni/bin
- state: directory
- owner: kube
- recurse: true
- mode: 0755
-
- name: Calico | wait for etcd
uri:
url: "{{ etcd_access_addresses.split(',') | first }}/health"
diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml
index aedb47070..d59c818fe 100644
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -54,16 +54,20 @@
when:
- inventory_hostname in groups['kube-master']
-- name: Canal | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: Canal | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Canal | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Canal | Copy cni plugins from calico/cni
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
diff --git a/roles/network_plugin/cloud/tasks/main.yml b/roles/network_plugin/cloud/tasks/main.yml
index 59750770b..b63447978 100644
--- a/roles/network_plugin/cloud/tasks/main.yml
+++ b/roles/network_plugin/cloud/tasks/main.yml
@@ -1,12 +1,4 @@
---
-- name: Cloud | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
-
- name: Cloud | Set cni directory permissions
file:
path: /opt/cni/bin
@@ -14,3 +6,10 @@
owner: kube
recurse: true
mode: "u=rwX,g-rwx,o-rwx"
+
+- name: Canal | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
diff --git a/roles/network_plugin/contiv/tasks/main.yml b/roles/network_plugin/contiv/tasks/main.yml
index b6163a22b..a5be03fac 100644
--- a/roles/network_plugin/contiv/tasks/main.yml
+++ b/roles/network_plugin/contiv/tasks/main.yml
@@ -143,14 +143,20 @@
- contiv_enable_api_proxy
- contiv_generate_certificate
-- name: Contiv | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/bash -c '/bin/cp -fa /opt/cni/bin/* /cnibindir/'"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags: [hyperkube, upgrade]
+- name: Contiv | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Contiv | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Contiv | Copy netctl binary from docker container
command: sh -c "{{ docker_bin_dir }}/docker rm -f netctl-binarycopy;
diff --git a/roles/network_plugin/flannel/tasks/pre-upgrade.yml b/roles/network_plugin/flannel/tasks/pre-upgrade.yml
index 6b6fcd54f..ef50ceb09 100644
--- a/roles/network_plugin/flannel/tasks/pre-upgrade.yml
+++ b/roles/network_plugin/flannel/tasks/pre-upgrade.yml
@@ -16,4 +16,4 @@
- name: Flannel pre-upgrade | Remove Flannel's certificate directory not required by CNI
file:
dest: "{{ flannel_cert_dir }}"
- state: absent
\ No newline at end of file
+ state: absent
diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml
index f1996313d..4f0ba8e79 100644
--- a/roles/network_plugin/kube-router/tasks/main.yml
+++ b/roles/network_plugin/kube-router/tasks/main.yml
@@ -3,18 +3,22 @@
include: annotate.yml
tags: annotate
-- name: kube-router | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -prf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: kube-roter | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: kube-router | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: kube-router | Create manifest
template:
src: kube-router.yml.j2
- dest: "{{ kube_config_dir }}/kube-router.yml"
\ No newline at end of file
+ dest: "{{ kube_config_dir }}/kube-router.yml"
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index a9922cf3f..f4560568f 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -1,15 +1,19 @@
---
-- name: Weave | Copy cni plugins from hyperkube
- command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/"
- register: cni_task_result
- until: cni_task_result.rc == 0
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- tags:
- - hyperkube
- - upgrade
+- name: Weave | Set cni directory permissions
+ file:
+ path: /opt/cni/bin
+ state: directory
+ owner: kube
+ recurse: true
+ mode: 0755
+
+- name: Weave | Copy cni plugins
+ unarchive:
+ src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+ dest: "/opt/cni/bin"
+ mode: 0755
+ remote_src: yes
- name: Weave | Create manifest
template:
--
GitLab