Add options migration to calico

charts/kubezero-calico/templates/calico.yaml

@@ -322,6 +322,10 @@ spec:
     spec:
       nodeSelector:
         kubernetes.io/os: linux
+        {{- if .Values.migration }}
+        # Only run Calico on nodes that have been migrated.
+        projectcalico.org/node-network-during-migration: calico
+        {{- end }}
       hostNetwork: true
       tolerations:
         # Make sure calico-node gets scheduled on all nodes.

charts/kubezero-calico/templates/migration-job.yaml

@@ -0,0 +1,192 @@
+{{- if .Values.migration }}
+---
+# This ConfigMap is used to store Flannel subnet.env content.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: flannel-migration-config
+  namespace: kube-system
+data:
+  # Do not edit! This field is updated by migration controller.
+  flannel_subnet_env: ""
+
+---
+# Include a clusterrole for the kube-controllers component,
+# and bind it to the flannel-migration-controller serviceaccount.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: flannel-migration-controller
+rules:
+  # Nodes are watched to monitor for deletions.
+  - apiGroups: [""]
+    resources:
+      - nodes
+    verbs:
+      - watch
+      - list
+      - get
+      - patch
+      - update
+  # Nodes are watched to monitor for deletions.
+  - apiGroups: [""]
+    resources:
+      - nodes/status
+    verbs:
+      - get
+      - update
+  # Pods are created/deleted.
+  - apiGroups: [""]
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+  # Pods/exec are created.
+  - apiGroups: [""]
+    resources:
+      - pods/exec
+    verbs:
+      - create
+  # Configmaps are updated.
+  - apiGroups: [""]
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups: [""]
+    resources:
+      - pods/eviction
+    verbs:
+      - create
+  # Daemonset are watched to monitor for deletions.
+  - apiGroups: ["apps", "extensions"]
+    resources:
+      - daemonsets
+    verbs:
+      - get
+      - delete
+      - update
+  # IPAM resources are manipulated when nodes are deleted.
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - ippools
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - ipamconfigs
+      - blockaffinities
+      - ipamblocks
+      - ipamhandles
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+  # Needs access to update clusterinformations.
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - clusterinformations
+    verbs:
+      - get
+      - create
+      - update
+  # Needs access to update felixconfigurations.
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - felixconfigurations
+    verbs:
+      - get
+      - create
+      - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: flannel-migration-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flannel-migration-controller
+subjects:
+- kind: ServiceAccount
+  name: flannel-migration-controller
+  namespace: kube-system
+
+---
+# See https://github.com/projectcalico/kube-controllers
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: flannel-migration
+  namespace: kube-system
+  labels:
+    k8s-app: flannel-migration-controller
+spec:
+  backoffLimit: 10
+  template:
+    metadata:
+      name: flannel-migration-controller
+      namespace: kube-system
+      labels:
+        k8s-app: flannel-migration-controller
+    spec:
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+        # Mark the pod as a critical add-on for rescheduling.
+        - key: CriticalAddonsOnly
+          operator: Exists
+      serviceAccountName: flannel-migration-controller
+      priorityClassName: system-cluster-critical
+      restartPolicy: OnFailure
+      containers:
+        - name: flannel-migration-controller
+          image: calico/flannel-migration-controller:v3.15.0
+          env:
+            # Choose which controllers to run.
+            - name: ENABLED_CONTROLLERS
+              value: flannelmigration
+            - name: DATASTORE_TYPE
+              value: kubernetes
+            - name: FLANNEL_DAEMONSET_NAME
+              value: canal
+            - name: FLANNEL_SUBNET_ENV
+              valueFrom:
+                configMapKeyRef:
+                  name: flannel-migration-config
+                  key: flannel_subnet_env
+            - name: POD_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - mountPath: /host/run/flannel/subnet.env
+              name: flannel-env-file
+          readinessProbe:
+            exec:
+              command:
+              - /usr/bin/check-status
+              - -r
+      volumes:
+        - name: flannel-env-file
+          hostPath:
+            path: /run/flannel/subnet.env
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flannel-migration-controller
+  namespace: kube-system
+{{- end }}

charts/kubezero-calico/values.yaml

@@ -1,4 +1,9 @@
+migration: false
+
 network: vxlan
+
 mtu: 8941
+
 loglevel: Warning
+
 prometheus: false

deploy/templates/values.yaml

@@ -8,6 +8,7 @@ kubezero:
     {{- if .Values.calico.network }}
     network: {{ .Values.calico.network }}
     {{- end }}
+    migration: {{ .Values.calico.migration }}
     prometheus: {{ .Values.prometheus.enabled }}
   cert-manager:
     enabled: {{ index .Values "cert-manager" "enabled" }}

scripts/publish.sh

@@ -14,6 +14,7 @@ helm repo add stable https://kubernetes-charts.storage.googleapis.com
 helm repo add argoproj https://argoproj.github.io/argo-helm
 helm repo add jetstack https://charts.jetstack.io
 helm repo add uswitch https://uswitch.github.io/kiam-helm-charts/charts/
+helm repo update
 
 for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
 do
@@ -21,15 +22,9 @@ do
 
     if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ]
     then
-        # Bug with Helm subcharts with hyphen on them
-        # https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684
-        if [ "$name" == "argo-cd" ]
-        then
-            echo "Restore ArgoCD RedisHA subchart"
-            git checkout $dir
-        fi
         echo "Processing chart dependencies"
-        helm --debug dep build $dir
+        rm -rf $dir/tmpcharts
+        helm dependency update --skip-refresh $dir
     fi
 
     echo "Processing $dir"