starlingx
/
config
Code Issues Proposed changes

downgrade calico to v3.1.4 and add IP autodetect 

Calico is being downgraded to v3.1.4 since the latest versions
are causing readiness and liveness failures.  Based on K8S v12.1,
Calico should be on v3.3.x, therefore the underlying issue should
be investigated further and Calico upgraded once resolved.

This update also changes the IP autodetect method to ensure the
proper IP is selected.  This is required for hosts that have
multiple IP addresses and the wrong address is being selected
based on the default find first address method.

Change-Id: I31c3630bde69160786866d0bc1bc29816892943f
Story: 2002843
Task: 22791
Signed-off-by: Matt Peters <matt.peters@windriver.com>
This commit is contained in:
Matt Peters 2018-11-26 15:18:03 -05:00
parent 23c5f83235
commit 9d238984ca
3 changed files with 74 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
puppet-manifests/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="src"
TIS_PATCH_VER=72
TIS_PATCH_VER=73

173
puppet-manifests/src/modules/platform/templates/calico.yaml.erb
View File

@ -1,8 +1,8 @@
# Calico Version v3.2.3
# https://docs.projectcalico.org/v3.2/releases#v3.2.3
# Calico Version v3.1.4
# https://docs.projectcalico.org/v3.1/releases#v3.1.4
# This manifest includes the following component versions:
# calico/node:v3.2.3
# calico/cni:v3.2.3
# calico/node:v3.1.4
# calico/cni:v3.1.4
# This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap
@ -15,14 +15,8 @@ data:
# below. We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is
# essential.
typha_service_name: "none"
# Configure the Calico backend to use.
calico_backend: "bird"
# Configure the MTU to use
veth_mtu: "1440"
# The CNI network configuration to install on each node. The special
# values in this config will be automatically populated.
# The CNI network configuration to install on each node.
cni_network_config: |-
{
"name": "k8s-pod-network",
@ -33,16 +27,16 @@ data:
"log_level": "info",
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": __CNI_MTU__,
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"policy": {
"type": "k8s"
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
},
{
@ -55,7 +49,6 @@ data:
---
# This manifest creates a Service, which will be backed by Calico's Typha daemon.
# Typha sits in between Felix and the API server, reducing Calico's load on the API server.
@ -105,8 +98,6 @@ spec:
# if it ever gets evicted.
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
tolerations:
# Mark the pod as a critical add-on for rescheduling.
@ -116,7 +107,7 @@ spec:
# as a host-networked pod.
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v3.2.3
- image: quay.io/calico/typha:v3.1.4
name: calico-typha
ports:
- containerPort: 5473
@ -146,19 +137,15 @@ spec:
#- name: TYPHA_PROMETHEUSMETRICSPORT
# value: "9093"
livenessProbe:
exec:
command:
- calico-typha
- check
- liveness
httpGet:
path: /liveness
port: 9098
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
exec:
command:
- calico-typha
- check
- readiness
httpGet:
path: /readiness
port: 9098
periodSeconds: 10
---
@ -192,11 +179,9 @@ spec:
# if it ever gets evicted.
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
tolerations:
# Make sure calico-node gets scheduled on all nodes.
# Make sure calico/node gets scheduled on all nodes.
- effect: NoSchedule
operator: Exists
# Mark the pod as a critical add-on for rescheduling.
@ -213,66 +198,59 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.2.3
image: quay.io/calico/node:v3.1.4
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
value: "kubernetes"
# Typha support: controlled by the ConfigMap.
- name: FELIX_TYPHAK8SSERVICENAME
valueFrom:
configMapKeyRef:
name: calico-config
key: typha_service_name
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: "true"
# Set based on the k8s node name.
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Choose the backend to use.
- name: CALICO_NETWORKING_BACKEND
valueFrom:
configMapKeyRef:
name: calico-config
key: calico_backend
# Enable felix info logging.
- name: FELIX_LOGSEVERITYSCREEN
value: "info"
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: "k8s,bgp"
# Auto-detect the BGP IP address.
- name: IP
value: "autodetect"
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
value: "Always"
# Enable IP-in-IP within Felix.
- name: FELIX_IPINIPENABLED
value: "true"
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDR
value: "<%= @pod_network_cidr %>"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT"
# Disable IPv6 on Kubernetes.
# Disable IPV6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"
# Set Felix logging to "info"
- name: FELIX_LOGSEVERITYSCREEN
value: "info"
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
value: "1440"
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: "true"
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDR
value: "<%= @pod_network_cidr %>"
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
value: "Always"
# Enable IP-in-IP within Felix.
- name: FELIX_IPINIPENABLED
value: "true"
# Typha support: controlled by the ConfigMap.
- name: FELIX_TYPHAK8SSERVICENAME
valueFrom:
configMapKeyRef:
name: calico-config
key: typha_service_name
# Set based on the k8s node name.
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Auto-detect the BGP IP address.
- name: IP
value: "autodetect"
- name: IP_AUTODETECTION_METHOD
value: "can-reach=<%= @apiserver_advertise_address %>"
- name: FELIX_HEALTHENABLED
value: "true"
securityContext:
@ -284,16 +262,13 @@ spec:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/calico-node
- -bird-ready
- -felix-ready
httpGet:
path: /readiness
port: 9099
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
@ -308,29 +283,23 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: quay.io/calico/cni:v3.2.3
image: quay.io/calico/cni:v3.1.4
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: "10-calico.conflist"
# Set the hostname based on the k8s node name.
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG
valueFrom:
configMapKeyRef:
name: calico-config
key: cni_network_config
# CNI MTU Config variable
- name: CNI_MTU
# Set the hostname based on the k8s node name.
- name: KUBERNETES_NODE_NAME
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
@ -354,18 +323,10 @@ spec:
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
namespace: kube-system
---
# Create all the CustomResourceDefinitions needed for
# Calico policy and networking mode.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
@ -379,6 +340,7 @@ spec:
kind: FelixConfiguration
plural: felixconfigurations
singular: felixconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
@ -499,3 +461,10 @@ spec:
plural: networkpolicies
singular: networkpolicy
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
namespace: kube-system

5
puppet-manifests/src/modules/platform/templates/rbac-kdd.yaml.erb
View File

@ -1,5 +1,5 @@
# Calico Version v3.2.3
# https://docs.projectcalico.org/v3.2/releases#v3.2.3
# Calico Version v3.1.4
# https://docs.projectcalico.org/v3.1/releases#v3.1.4
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
@ -8,7 +8,6 @@ rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list