-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cni bin when installing calico #9367
Add cni bin when installing calico #9367
Conversation
There is another PR at the #9368 . I think both PRs are good to solve the issue. |
Please see the proposal I made in #9368 (comment) , it would make more sense to just enable the CNI plugins by default seeing as some distributions have a similar approach. |
@@ -163,3 +163,6 @@ calico_apiserver_enabled: false | |||
# Calico feature detect override, set "ChecksumOffloadBroken=true" to | |||
# solve the https://github.com/projectcalico/calico/issues/3145 | |||
calico_feature_detect_override: "" | |||
|
|||
# CNI plugins support | |||
enable_cni: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
HI @ErikJiang , Should we define it to the 'https://github.com/kubernetes-sigs/kubespray/blob/master/roles/kubespray-defaults/defaults/main.yaml#L175' as a global varable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
CI Flaky: https://github.com/kubernetes-sigs/kubespray/pull/9367/checks?check_run_id=8813987019 It looks like this CI Job will not download CNI-plugins, We should put the task of download cni-plugins into this job. Maybe add the following line to https://github.com/kubernetes-sigs/kubespray/blob/master/tests/files/packet_ubuntu20-calico-aio.yml#L11
|
/lgtm Thanks @ErikJiang |
@@ -69,6 +69,9 @@ credentials_dir: "{{ inventory_dir }}/credentials" | |||
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing | |||
kube_network_plugin: calico | |||
|
|||
# CNI plugins support | |||
enable_cni: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why still mess with this? Just remove any option to disable this and always deploy the standard CNIs, this makes for a more predictable environment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cristicalin 😀 Do you mean that the enable_cni
switch is unnecessary, and the cni-plugins
should be permanently installed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
- role: network_plugin/cni | ||
when: | ||
- enable_cni | ||
- skip_cni is not defined |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure why we need to have 2 options skip_cni
and enable_cni
.
Doesn’t enable_cni: false
mean skipping cni installation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@oomichi When executing calico's check
or reset
task, the dependencies
in meta will be executed first, which is not expected, so I skip by defining the skip_cni
variable, and enable_cni
may be redundant, I plan to delete it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to upte here to
- skip_cni is not defined or not skip_cni
for covering skip_cni: false
case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@oomichi 😊 Thanks, I have updated.
Thanks for updating! /lgtm |
/lgtm Thanks @ErikJiang |
@@ -0,0 +1,5 @@ | |||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this part should be replaced by just removing these lines: https://github.com/kubernetes-sigs/kubespray/blob/master/roles/network_plugin/meta/main.yml#L29-L31
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😀 It does achieve the same effect and is more concise, thank you very much, @cristicalin
@@ -129,6 +129,8 @@ | |||
include_role: | |||
name: network_plugin/calico | |||
tasks_from: check | |||
vars: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you do this, you are essentially disabling the CNI each time since it will override any value passed from ansible group vars. Why do you need to do this?
roles/reset/tasks/main.yml
Outdated
@@ -381,6 +381,8 @@ | |||
include_role: | |||
name: "network_plugin/{{ kube_network_plugin }}" | |||
tasks_from: reset | |||
vars: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Calling the reset task should not concern any dependencies of the called roles. If CNI plugins need to be reset then the call should be made for network_plugin/cni
and network_plugin/{{ kube_network_plugin }}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shoud we change the order to the first, because calico would overwide some CNI.
/lgtm |
😀 Updated and PTAL. @oomichi @cristicalin |
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Thanks for updating. /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ErikJiang, oomichi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks 👍 |
Thanks @ErikJiang /lgtm |
Signed-off-by: bo.jiang <bo.jiang@daocloud.io> Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io> Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io> Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang <bo.jiang@daocloud.io> Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
Signed-off-by: bo.jiang bo.jiang@daocloud.io
What type of PR is this?
/kind feature
What this PR does / why we need it:
When installing calico, install
cni-plugins
along with it.Which issue(s) this PR fixes:
Fixes #9366
Special notes for your reviewer:
Does this PR introduce a user-facing change?: