From 5dd801bbdaad7ca9fbdbbc71bb9798e1939dea35 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Tue, 7 Jul 2020 13:17:20 +0100 Subject: [PATCH] Add options migration to calico --- charts/kubezero-calico/templates/calico.yaml | 4 + .../templates/migration-job.yaml | 192 ++++++++++++++++++ charts/kubezero-calico/values.yaml | 5 + deploy/templates/values.yaml | 1 + scripts/publish.sh | 11 +- 5 files changed, 205 insertions(+), 8 deletions(-) create mode 100644 charts/kubezero-calico/templates/migration-job.yaml diff --git a/charts/kubezero-calico/templates/calico.yaml b/charts/kubezero-calico/templates/calico.yaml index 45e4994d..08408603 100644 --- a/charts/kubezero-calico/templates/calico.yaml +++ b/charts/kubezero-calico/templates/calico.yaml @@ -322,6 +322,10 @@ spec: spec: nodeSelector: kubernetes.io/os: linux + {{- if .Values.migration }} + # Only run Calico on nodes that have been migrated. + projectcalico.org/node-network-during-migration: calico + {{- end }} hostNetwork: true tolerations: # Make sure calico-node gets scheduled on all nodes. diff --git a/charts/kubezero-calico/templates/migration-job.yaml b/charts/kubezero-calico/templates/migration-job.yaml new file mode 100644 index 00000000..73054a2e --- /dev/null +++ b/charts/kubezero-calico/templates/migration-job.yaml @@ -0,0 +1,192 @@ +{{- if .Values.migration }} +--- +# This ConfigMap is used to store Flannel subnet.env content. +kind: ConfigMap +apiVersion: v1 +metadata: + name: flannel-migration-config + namespace: kube-system +data: + # Do not edit! This field is updated by migration controller. + flannel_subnet_env: "" + +--- +# Include a clusterrole for the kube-controllers component, +# and bind it to the flannel-migration-controller serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: flannel-migration-controller +rules: + # Nodes are watched to monitor for deletions. + - apiGroups: [""] + resources: + - nodes + verbs: + - watch + - list + - get + - patch + - update + # Nodes are watched to monitor for deletions. + - apiGroups: [""] + resources: + - nodes/status + verbs: + - get + - update + # Pods are created/deleted. + - apiGroups: [""] + resources: + - pods + verbs: + - get + - list + - create + - delete + # Pods/exec are created. + - apiGroups: [""] + resources: + - pods/exec + verbs: + - create + # Configmaps are updated. + - apiGroups: [""] + resources: + - configmaps + verbs: + - get + - update + - apiGroups: [""] + resources: + - pods/eviction + verbs: + - create + # Daemonset are watched to monitor for deletions. + - apiGroups: ["apps", "extensions"] + resources: + - daemonsets + verbs: + - get + - delete + - update + # IPAM resources are manipulated when nodes are deleted. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - ipamconfigs + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + # Needs access to update clusterinformations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - clusterinformations + verbs: + - get + - create + - update + # Needs access to update felixconfigurations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - felixconfigurations + verbs: + - get + - create + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: flannel-migration-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flannel-migration-controller +subjects: +- kind: ServiceAccount + name: flannel-migration-controller + namespace: kube-system + +--- +# See https://github.com/projectcalico/kube-controllers +apiVersion: batch/v1 +kind: Job +metadata: + name: flannel-migration + namespace: kube-system + labels: + k8s-app: flannel-migration-controller +spec: + backoffLimit: 10 + template: + metadata: + name: flannel-migration-controller + namespace: kube-system + labels: + k8s-app: flannel-migration-controller + spec: + nodeSelector: + kubernetes.io/os: linux + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + serviceAccountName: flannel-migration-controller + priorityClassName: system-cluster-critical + restartPolicy: OnFailure + containers: + - name: flannel-migration-controller + image: calico/flannel-migration-controller:v3.15.0 + env: + # Choose which controllers to run. + - name: ENABLED_CONTROLLERS + value: flannelmigration + - name: DATASTORE_TYPE + value: kubernetes + - name: FLANNEL_DAEMONSET_NAME + value: canal + - name: FLANNEL_SUBNET_ENV + valueFrom: + configMapKeyRef: + name: flannel-migration-config + key: flannel_subnet_env + - name: POD_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /host/run/flannel/subnet.env + name: flannel-env-file + readinessProbe: + exec: + command: + - /usr/bin/check-status + - -r + volumes: + - name: flannel-env-file + hostPath: + path: /run/flannel/subnet.env + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flannel-migration-controller + namespace: kube-system +{{- end }} diff --git a/charts/kubezero-calico/values.yaml b/charts/kubezero-calico/values.yaml index b78f15a2..30547162 100644 --- a/charts/kubezero-calico/values.yaml +++ b/charts/kubezero-calico/values.yaml @@ -1,4 +1,9 @@ +migration: false + network: vxlan + mtu: 8941 + loglevel: Warning + prometheus: false diff --git a/deploy/templates/values.yaml b/deploy/templates/values.yaml index 8331b5ee..77bb749e 100644 --- a/deploy/templates/values.yaml +++ b/deploy/templates/values.yaml @@ -8,6 +8,7 @@ kubezero: {{- if .Values.calico.network }} network: {{ .Values.calico.network }} {{- end }} + migration: {{ .Values.calico.migration }} prometheus: {{ .Values.prometheus.enabled }} cert-manager: enabled: {{ index .Values "cert-manager" "enabled" }} diff --git a/scripts/publish.sh b/scripts/publish.sh index 42debb80..fd57f2c4 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -14,6 +14,7 @@ helm repo add stable https://kubernetes-charts.storage.googleapis.com helm repo add argoproj https://argoproj.github.io/argo-helm helm repo add jetstack https://charts.jetstack.io helm repo add uswitch https://uswitch.github.io/kiam-helm-charts/charts/ +helm repo update for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); do @@ -21,15 +22,9 @@ do if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ] then - # Bug with Helm subcharts with hyphen on them - # https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684 - if [ "$name" == "argo-cd" ] - then - echo "Restore ArgoCD RedisHA subchart" - git checkout $dir - fi echo "Processing chart dependencies" - helm --debug dep build $dir + rm -rf $dir/tmpcharts + helm dependency update --skip-refresh $dir fi echo "Processing $dir"